Symantec Privileged Access Management

 View Only
  • 1.  LDAP from login page

    Posted Apr 03, 2020 03:25 PM
    Hi, I have Ldap configured in 3rd party to support all ldap connections. Is there a way to hide Ldap option from login page so users cannot authenticate against LDAP?

    ------------------------------
    Security Analyst
    DXC Technology
    ------------------------------


  • 2.  RE: LDAP from login page

    Broadcom Employee
    Posted Apr 06, 2020 05:32 PM
    Hello Higor, No, we don't have a configuration for this in current PAM releases. The list of authentication options in PAM is based on what options are configured, even when there are options that are not used by any user. There may be an open idea already to give the PAM admin more control over this menu. If you don't find it, feel free to add a new idea on the ideation page for PAM.


  • 3.  RE: LDAP from login page

    Posted Apr 07, 2020 10:11 AM
    Thanks Ralf, any ideia what would happen if I change my user authentication from ldap do SAML and user still try to logon using ldap?

    ------------------------------
    Security Analyst
    DXC Technology
    ------------------------------



  • 4.  RE: LDAP from login page
    Best Answer

    Broadcom Employee
    Posted Apr 07, 2020 10:43 AM
    Hi Higor, It will fail with  "PAM-CMN-0900" error: Bad User ID or Password. It should not count as a failed login for the SAML user, if that is what you are concerned about, and should not cause that user to get disabled. PAM will just not find a user with this name and the selected authentication method.