search cancel

How to Change The Primary LDAP Server in PAM


Article ID: 242851


Updated On:


CA Privileged Access Manager (PAM)


The PAM integration with LDAP was configured to use a generic LDAP FQDN, but PAM can only communicate with certain DCs within the environment due to a firewall. When trying to change the server name, the following error occurs. How can PAM be configured to use a different primary server?


Privileged Access Manager, all versions


First, go to Configuration > 3rd Party > LDAP and open the domain which needs to be reconfigured.

Next, add the DCs which PAM can communicate with. This example uses IP addresses, but the FQDNs can be used as well.

Once the list is populated with good DCs, drag the generic FQDN to the bottom so PAM will communicate with it last. In this example, is now the primary server for the LDAP refresh.