PAM LDAP Refresh Reports Successful, But the User Remains

book

Article ID: 198580

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM) CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

A user was recently moved to a different LDAP group, but when the LDAP refresh runs, the user is not removed in PAM. The LDAP refresh reports as successful, but the user still remains in the GUI.

When trying to manually update the user in the PAM GUI, the following error occurs.

PAM-CMN-0155: User ____ was not updated.

Cause

This can occur if the user is defined in specific roles like a PVP (password view policy) or if there was an issue removing the user name from some tables in the database.

Environment

PAM 3.3.x, 3.4.x

Resolution

Remove the user from the other defined location (PVP, email on login, etc.) and rerun the LDAP refresh. In some cases you may need to open a support ticket to have a support engineer manually update the database.

Attachments