search cancel

How to Change The Primary LDAP Server in PAM

book

Article ID: 242851

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

The PAM integration with LDAP was configured to use a generic LDAP FQDN, but PAM can only communicate with certain DCs within the environment due to a firewall. When trying to change the server name, the following error occurs. How can PAM be configured to use a different primary server?

Environment

Privileged Access Manager, all versions

Resolution

First, go to Configuration > 3rd Party > LDAP and open the domain which needs to be reconfigured.

Next, add the DCs which PAM can communicate with. This example uses IP addresses, but the FQDNs can be used as well.

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=NZRCCqazSgKw6RtuqsNkWg==

Once the list is populated with good DCs, drag the generic FQDN to the bottom so PAM will communicate with it last. In this example, 10.20.30.40 is now the primary server for the LDAP refresh.

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=zmYTG9GhI8ndShzvbMhdBQ==

Attachments