search cancel

PAM-CM-0762 Authentication failed trying to manage credentials for the LDAP binding account.


Article ID: 216745


Updated On:


CA Privileged Access Manager (PAM)


The customer is getting "PAM-CM-0762 Authentication failed" when trying to manage credential for the LDAP binding account. The binding account can be verified but the password can't be changed. 

The account is configured to update its own password.


Tomcat logs message:

javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002035: LdapErr: DSID-0C090F91, comment: Operation not allowed through GC port, data 0, v4563]; remaining name 'CN=CAPAMBindUsr,OU=Users,OU=SysMgt,DC=tus,DC=AMS1907,DC=com'


Release: 3.4.x

Component: CA LDAP Server


The customer is using port 3269 to manage the credential for the LDAP binding account instead of port 636.


3269 port is used for queries specifically targeted for the Global Catalog. LDAP requests sent to port 3269 can be used to search for objects in the entire forest. 

On the Target Application/Active Directory changed the port for the Domain Controller Port (SSL) to  636