While importing an LDAP Device group, we are getting the below error in PAM in the LDAP importer, and the group import fails:

PAM-CMN-0020- Error occurred while trying to complete request. (76)

Release : 3.3.0

Component : PRIVILEGED ACCESS MANAGEMENT

The device group included a description that exceeded the limit of 100 characters allowed in the PAM 3.3.0 database.

Note that this also applies to devices within the group, i.e. if the device group itself has a short description, but some devices within the group have a description exceeding 100 characters, those devices would be missing from the group in PAM.

Other limits potentially of interest are 255 characters for the device (group) name, typically the DN, and 60 characters for location.

The problem with the description field limitation is fixed in 3.3.1 and 3.3.2. The corresponding item in the PAM 3.3.1 release notes on page https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-3-2/release-information/resolve-issues-in-earlier-3-x-releases/resolved-issues-in-3-3_1.html is as follows:

20070160 DE433046    Intermittent errors occur when importing device groups.

In the 3.3.1 and 3.3.2 maintenance releases the database schema is not changed and the descriptions simply will be truncated to 100 characters. In future PAM releases this may be addressed differently.