[PAM] "addTargetServer" CLI command ignore "Attribute.descriptor2" parameter
Article ID: 198086
Updated On:
Products
CA Privileged Access Manager (PAM)
Issue/Introduction
[Use case]
Customer has existing PAM environment with devices that do not have Attribute.descriptor1 value but only Attribute.descriptor2.
Customer is using this Attribute.descriptor2 for filtering purpose so it is required.
These devices are being migrated to new PAM environment programmatically.
RemoteCLI(addTargetServer) is being used for this purpose.
Sample command:
https://<CAPAM>/cspm/servlet/adminCLI?
adminUserID=super&
adminPassword=****&
cmdName=addTargetServer&
Attribute.descriptor2=desc2&
TargetServer.hostName=test&
TargetServer.deviceName=test
This creates a device but Attribute.descriptor2 is missing in the device so customer is unable to filter these devices as before.
And there will be too many devices to update manually.
Environment
Release : 3.x
Component : PRIVILEGED ACCESS MANAGEMENT
Cause
There is dependency of Attribute.descriptor1 on Attribute.descriptor2 when you use "addTargetServer" command.
As a result, you need to have both Attribute.descriptor1 and Attribute.descriptor2 with value when adding Attribute.descriptor2 in the "addTargetServer" command.
Resolution
You can use Device Import/Export using csv.
If you export the devices from existing PAM environment and modify (populate Attribute.descriptor2) to import, the imported devices will include the Attribute.descriptor2 value even if Attribute.descriptor1 was empty.
Another way is to use "updateTargetServer" with Attribute.descriptor2 after using "addTargetServer".
Feedback
Yes
No
Powered by
