After changing EEM from single LDAP Domain to Multiple LDAP Domain, users can't login to PAM

book

Article ID: 15436

calendar_today

Updated On:

Products

CA Process Automation Base

Issue/Introduction

Having EEM configured with single LDAP domain, login to PAM works, but after changing EEM to be connected to Multiple LDAP Domain, the login to current users fails.



After changing EEM from single LDAP Domain to Multiple LDAP Domain, users can't login to PAM

Environment

Any

Resolution

When multiple LDAP domian is selected, the permissions are lost for current PAM users, even if the same domain is still being used.


In order to enable the login to users, PAM administrator needs to login to EEM and go to "Manage Identities > Users > Global User" and give the users again the permissions with button "Add Application User Details" and adding them to groups PAMAdmins, PAMUsers and Designers accordingly.


When the change is made in EEM, from single domain to multiple LDAP domain, the users appear as "orphaned" until the permissions are given again.