Sometimes, running an LDAP synchronization in CA PAM ends up in error
PAM-CMN-1176: A potential tampering attempt has been detected, the end-user's local system may be compromised. Session will be terminated.
and the PAM Client (if the synchronization is launched from a PAM Client) is terminated
Following this error, subsequent synchronizations end up with the same error
CA PAM all releases
Error is due to the presence of a malformed attribute in one of the users being imported, which causes a false tampering alert
If this is the root cause of the problem, a sequence of messages similar to the following will be present just before the one causing the end of the synchronization and disconnection of the CA PAM Client:
2023/02/07 15:27:12,super,admin, --,TAP Administrators, --, --, --,10.XXX.198.129,10.XXX.198.129, --, --, --, --, --,"PAM-CMN-1176: A potential tampering attempt has been detected, the end-user''s local system may be compromised. Session will be terminated.",0, --,,0
2023/02/07 15:27:11,super,admin, --,TAP Administrators, --, --, --,10.XXX.198.129,10.XXX.198.129, --, --, --, --, --,"PAM-CMN-0622: Import Error For LDAP Group CN=XXX,OU=XXX,DC=XXX,DC=XX: PAM-LDAP-0035: Binding to domain DC=XXX,DC=lXX failed. Invalid LDAP admin password configured.",0, --,,0
2023/02/07 15:27:11,super,admin, --,TAP Administrators, --, --, --,10.XXX.198.129,10.XXX.198.129, --, --, --, --, --,"PAM-CMN-0622: Import Error For LDAP Group CN=XXX,OU=XXX,DC=XXX,DC=XX: PAM-LDAP-0037: Exception occurred while processing a search on entity DC=XXX,DC=XX: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 532, v3839 ]",0, --,,0
Or
2023/02/07 15:27:11,super,admin, --,TAP Administrators, --, --, --,10.XXX.198.129,10.XXX.198.129, --, --, --, --, --,"PAM-CMN-0622: Import Error For LDAP User CN=XXX,OU=XXX,DC=XXX,DC=XX: PAM-LDAP-0037: Invalid e-mail address
The problem is that one attribute of one of the users being onboarded contains a character which cannot be correctly processed. For isntance, let's imagine an e- mail of the type myemain@@mydomain.com, where the @ appears twice
Many times the error messages give information about what attribute is failing. For instance the double @ may cause the product to believe we are trying to pass to it a spoofed domain.