Default attribute mappings to the certificate for the imported LDAP object into PAM are:
Subject Name: distinguishedName
Subject Alternative Name: userPrincipalName
This works fine for Active Directory and MS Certificate Authority which is integrated in AD.
How to modify these mappings?
Release : All supported CA PAM versions as of October 2023
Component : PRIVILEGED ACCESS MANAGEMENT
Do modifications in Config / ... / LDAP / ... / Custom Field Mapping according to your needs.
For the changes to become effective it is required to best delete the previously imported LDAP group, alternatively it might be sufficient to refresh the LDAP group.
You should see various warnings (confirmations) "PAM-LDAP-022 User was moved ..." indicating the new mappings have become effective.