Saviynt Forums

Sankhadeep · ‎03/10/2023

Hi,

need help for PAM bootstrapping the AD domain accounts

steps done so far:

1. AD master connector setup complete with a domain admin account. template used is AD PAM for on-prem AD.

2. AD domain accounts are imported successfully and are listed in the Accounts tab in the EndPoint

3. Enabled PAM Config in the master connector

4. PAM bootstrapping is successful and Firefighter IDs are generated

5. Password change failed for the domain accounts with the error : (Error while change password operation for account-testuser3 in AD - [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A124C, problem 5003 (WILL_NOT_PERFORM), data 0 ])

Note: AD connection is done on port 389 as SSL is not configured.

sk · ‎03/10/2023

I don't think password change actions can be done on non SSL port. You need to configure SSL configuration

Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

arpit_b · ‎03/10/2023

Hi @Sankhadeep ,

What @sk has mentioned is correct, Active Directory does not allow password operations over non SSL connection.

You can follow the documentation for how to configure AD connection to use SSL https://docs.saviyntcloud.com/bundle/AD-v2020x/page/Content/Configuring-the-Integration-for-Importin...

Thanks

suresh_ravuri · ‎03/27/2023

We face the similar issue when we use non-secure LDAP port :389. This issue had fixed after updating the port 636 and attaching LDAPS certificate in AD master connection.

Saviynt Forums

PAM bootstrapping failed for Domain Accounts