IT Process Automation

I´m creating a PAM process to get information of ldap users.

I´m using and default operator that consults LDAP server.

Because my PAM server has no access to LDAP, I installed a PAM agent in the machine that hosts EEM(that is configured to use AD)

When I try to run my PAM process pointing to the agent machine, I receive the following error:

Authentication with the LDAP server failed. [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1]

But my user/password are correct because I´m able to login to other CA Apps, like USS that is pointing to EEM server.

Hi, does your EEM server has two network cards?

How can EEM connect do AD and pam cannot?

Have you tried to replicate the eem configuration that is used to connect to ldap in your operator?

No, my EEM has only one network card

For Q2 I dont know why

Yes, I tryed to use the same EEM configuration in operator.

This knowledge document may help

How to translate your LDAP URL to the CA Process A - CA Knowledge 

I followed this document and it worked

Paulo - fantastic, glad this resolved it for you!

One more question about pam ldap operator.

Now that I can search in ldap, I want to search only users where the LDAP mail field is not null.

Where can I do that?

I tryed this in operator search field:

"(!mail=" + "null" + ")"

But returned The Search Filter: (!mail=null) is invalid. Unbalanced parenthesis

(&(objectCategory=person)(objectClass=user)(mail=*))