[PAM] "addTargetServer" CLI command ignore "Attribute.descriptor2" parameter

book

Article ID: 198086

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

[Use case]
Customer has existing PAM environment with devices that do not have Attribute.descriptor1 value but only Attribute.descriptor2.
Customer is using this Attribute.descriptor2 for filtering purpose so it is required.
 
These devices are being migrated to new PAM environment programmatically.
RemoteCLI(addTargetServer) is being used for this purpose.
 
Sample command:
https://<CAPAM>/cspm/servlet/adminCLI?
adminUserID=super&
adminPassword=****&
cmdName=addTargetServer&
Attribute.descriptor2=desc2&
TargetServer.hostName=test&
TargetServer.deviceName=test
 
This creates a device but Attribute.descriptor2 is missing in the device so customer is unable to filter these devices as before.
And there will be too many devices to update manually.
 
 

Cause

There is dependency of Attribute.descriptor1 on Attribute.descriptor2 when you use "addTargetServer" command.

As a result, you need to have both Attribute.descriptor1 and Attribute.descriptor2 with value when adding Attribute.descriptor2 in the "addTargetServer" command.

 

Environment

Release : 3.x

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

You can use Device Import/Export using csv.

If you export the devices from existing PAM environment and modify (populate Attribute.descriptor2) to import, the imported devices will include the Attribute.descriptor2 value even if Attribute.descriptor1 was empty.

Another way is to use "updateTargetServer" with Attribute.descriptor2 after using "addTargetServer".