Once you configure a device, target application and target account for LDAP integration and define an LDAP domain on the Configuration > 3rd Party > LDAP page you cannot change the address of the device using the PAM UI. The only option would be to delete the LDAP domain and create it new, but that would remove imported user and device groups, and any policies for them.

An alternative is to manually change the device address in the PAM database.

A use case is the configuration of a new AD load balancer that only connects to AD controllers in the same datacenter as the PAM servers, while the originally configured address was a global load balancer or traffic manager.

PAM blocks the address change to prevent administrators from inadvertently breaking the LDAP integration.

If your environment allows PAM Support to access your PAM servers using SSH Remote Debugging Services, open a case with PAM Support to have the team look into assisting you with the address change w/o losing what you have configured already in PAM.