search cancel

PAM LDAP Refresh Reports Successful, But the User Remains


Article ID: 198580


Updated On:


CA Privileged Access Manager (PAM) CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager - Server Control (PAMSC)


A user was recently moved to a different LDAP group, but when the LDAP refresh runs, the user is not removed in PAM. The LDAP refresh reports as successful, but the user still remains in the GUI.

When trying to manually update the user in the PAM GUI, the following error occurs.

PAM-CMN-0155: User ____ was not updated.


This can occur if the user is defined in specific roles like a PVP (password view policy) or if there was an issue removing the user name from some tables in the database.


Privileged Access Manager, all versions


Remove the user from the other defined location (PVP, email on login, etc.) and rerun the LDAP refresh. In some cases you may need to open a support ticket to have a support engineer manually update the database.