Can the uses imported from LDAP, be deleted from CA PAM directly?
When attempting to delete the imported user the following error message appears in the CA PAM UI.
Error: PAM-UI-2401: Error deleting user. Users provisioned from LDAP may not be deleted directly, only by deleting their LDAP group.
Users imported into LDAP can't be deleted since the user is actually created in LDAP and it's merely imported in CA PAM.
After the users are imported into CA PAM only certain fields can be modified for the LDAP users.
Release : 3.3.x
Component : PRIVILEGED ACCESS MANAGEMENT
If an LDAP user is to be deleted from CA PAM or from a group to which the user belongs, the action of removing/deleting the user needs to be done on the LDAP where the user is actually existing.
After the user is deleted from the LDAP, the action required in CA PAM is the refresh the LDAP group to which the user belongs.
A refresh of the LDAP group will reflect the changes in CA PAM UI.