search cancel

PAM-LDAP-0025 error is obtained trying to import an LDAP group in CA PAM

book

Article ID: 241859

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Trying to import an LDAP group into CA PAM there is an error message, PAM-LDAP-0025 about group not found in the Domain:

Group is imported but no user is in it. All parameters in AD look right, however

Environment

CA PAM 4.0 

Cause

One of the reasons why this may be happening is if we are connecting to an Active Directory server but the type of Target Application used to bind in 3rd Party --> LDAP is of type OpenLDAP

There seems to be some differences in the formats used by AD and OpenLDAP which result in this error 

Resolution

Change the target application used to connect to Active Directory in Configuration/3rd Party/LDAP so that it is of type Active Directory, using port 636 and LDAPS as protocol

Attachments