I can reproduce the problem following below steps
Notes:
- pamadmin3 user has been imported from Active Directory (AD) "PAM Admins" group
1. Delete pamadmin3 user on AD
2. Run REFRESH LDAP GROUPS from PAM Admins group and I got the following error
PAM-LDAP-0013: Error occurred while removing deleted import data OU=PAM Admins,OU=PAMS,DC=pamidlab,DC=local
JSONObject["responseData"] is not a JSONObject.
[com.ca.xsuite.common.json.JSONObject.getJSONObject(JSONObject.java:503), com.xceedium.gatekeeper.ldapSink.ServiceLDAPDataSink.removeDeletedMembers(ServiceLDAPDataSink.java:428), com.xceedium.gatekeeper.ldapSink.DatabaseLDAPDataSink.run(DatabaseLDAPDataSink.java:335), com.xceedium.gatekeeper.ldapSink.ServiceLDAPDataSink.run(ServiceLDAPDataSink.java:27), java.lang.Thread.run(Thread.java:748)] PAM-LDAP-0013: Error occurred while removing deleted import data OU=PAM Admins,OU=PAMS,DC=pamidlab,DC=local
JSONObject["responseData"] is not a JSONObject.
[com.ca.xsuite.common.json.JSONObject.getJSONObject(JSONObject.java:503), com.xceedium.gatekeeper.ldapSink.ServiceLDAPDataSink.removeDeletedMembers(ServiceLDAPDataSink.java:428), com.xceedium.gatekeeper.ldapSink.DatabaseLDAPDataSink.run(DatabaseLDAPDataSink.java:335), com.xceedium.gatekeeper.ldapSink.ServiceLDAPDataSink.run(ServiceLDAPDataSink.java:27), java.lang.Thread.run(Thread.java:748)]
3. I recreate pamadmin3 user in AD and make sure it belongs to PAM Admins group
4. Run the REFRESH LDAP GROUP again for PAM Admins group and now I got the following error.
PAM-LDAP-0000: Error updating member CN=pamadmin3 admin,OU=PAM Admins,OU=PAMS,DC=pamidlab,DC=local
PAM-CMN-0155: User CN=pamadmin3 admin,OU=PAM Admins,OU=PAMS,DC=pamidlab,DC=local was not updated.
The pamadmin3 user should have been deleted from PAM during the 1st REFRESH LDAP GROUP attempt, however PAM failed to delete due to Custom Report belongs to pamadmin3 exists. Please refer to Getting PAM-UI-2404 When Trying to Delete LDAP Group article for more other causes.
Release : 3.x
Please raise a case with PAM Support as we need to SSH to PAM node and repair cspm.admin table for affected user(s). Please inform this KB article too, so PAM Support can look at this article internally.