An Active Directory or LDAP has been configured in PAM which has the form

name1_name2.example.com

However when trying to rotate the password of a target account there, there is the following error message

"2024-02-23T10:51:29.404+0000 SEVERE [com.cloakware.cspm.server.plugin.targetmanager.WindowsDomainServiceTargetManager] com.cloakware.cspm.server.plugin.targetmanager.WindowsDomainServiceTargetManager.loginToActiveDirectoryServer Failed authentication to Active Directory using account 'RT27147'

com.cloakware.cspm.server.app.ApplicationException: Cannot parse url: ldaps:// name1_name2.example.com:636

and password is not rotated

CA PAM versions 4.1.X and later

This is caused by a limitation in the characters used in AD or LDAP naming, according to

https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/naming-conventions-for-computer-domain-site-ou

This is corrected in the java versions shipped with the latest CA PAM versions. Prior to this, this type of naming convention was being accepted, even though it might have posed a security risk

Domain name must be changed to conform the standard for characters and name as outlined in the document mentioned above