PAM-CM-0759 When Verifying LDAP Target Accounts
search cancel

PAM-CM-0759 When Verifying LDAP Target Accounts

book

Article ID: 280110

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

When attempting to verify an LDAP target account, the following error occurs.


PAM-CM-0759: Failed to verify password with target. {0}

With the Tomcat Log Level set to Info, the following is observed at the time the error occurred.

2024-03-01T22:42:51.180+0000 INFO [com.cloakware.cspm.server.plugin.targetmanager.LDAPTargetManager] com.cloakware.cspm.server.security.CSPMTrustManager.checkServerTrusted CSPMTrustManager.checkServerTrusted certificate:
-----BEGIN CERTIFICATE-----
MIIET.....eZhUE
-----END CERTIFICATE-----
2024-03-01T22:42:51.239+0000 WARNING [TP8] com.cloakware.cspm.server.app.impl.VerifyAccountPasswordCmd.invoke **** ACCOUNT VERIFICATION FAILED: targetAccount ID: 8675309' due to 'Error Code: 1651
Error Details: null
Error Message: No trusted certificate found
Exception: com.cloakware.cspm.server.app.ApplicationException: No trusted certificate found
Stack Trace: com.cloakware.cspm.server.app.ApplicationException: No trusted certificate found
.....
at com.cloakware.cspm.server.app.TargetManager.run(TargetManager.java:784)
Caused by: javax.net.ssl.SSLHandshakeException: No trusted certificate found
.....
at com.cloakware.cspm.server.plugin.targetmanager.LDAPTargetManager.getLdapContext(LDAPTargetManager.java:250)
... 2 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
.....
at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1340)
... 28 more
 
Is success: false
Warning Message: null
Result Details: null
'
2024-03-01T22:42:51.273+0000 WARNING [TP8] com.cloakware.cspm.server.app.impl.VerifyAccountPasswordCmd.invoke VerifyAccountPasswordCmd.invoke, end: result=false, accounts=1, duration=248.02742ms

Environment

Privileged Access Manager, all versions

Cause

The LDAP server's certificate was updated, but the target application was using the expired certificate.

Resolution

When an LDAP certificate is updated, all target applications must be updated with the new certificate. The value is stored within the target application itself in the PAM database, so if there are multiple LDAP target applications for one LDAP server, all target applications must be updated individually.

Powered by Wolken Software