PAM-CM-0758 When Generating ACF2 Password in PAM
search cancel

PAM-CM-0758 When Generating ACF2 Password in PAM

book

Article ID: 235983

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

A new target account for an ACF2 server was created and can verify its password successfully, but the following error occurs when trying to generate a new password.

PAM-CM-0758: Failed to synchronize password with target. If this problem persists then please ask your Administrator to investigate.

In the Tomcat logs, the following error occurs.

Feb 11, 2022 12:12:12 PM com.cloakware.cspm.server.app.impl.UpdateTargetAccountCmd invoke
SEVERE: UpdateTargetAccountCmd.invoke 1600: [LDAP: error code 80 - LDP0403E Modify unknown error for(userPassword), value(#####)]
javax.naming.NamingException: [LDAP: error code 80 - LDP0403E Modify unknown error for(userPassword), value(#####)]; remaining name 'acf2lid=lidname,acf2admingrp=grpname,host=hostname,o=oname,c=cname'

Cause

On the ACF2 server, there was a setting called PSWDSIM enabled. This setting is a password similarity check and when it is enabled, ACF2 will ask for the old password before the new password. Since PAM only sends the new password, it was failing.

Resolution

When PSWDSIM was removed on the ACF2 server, PAM was able to rotate the password successfully.