API error on updating User Group from LDAP+RADIUS to LDAP+RSA
search cancel

API error on updating User Group from LDAP+RADIUS to LDAP+RSA


Article ID: 249337


Updated On:


CA Privileged Access Manager (PAM)


When using PUT /api.php/v1/userGroups.json it only allows us to change authentication type to LDAP, LOCAL, RSA or RADIUS.  It does not allow LDAP+RSA or LDAP+RADIUS.   We need a method to edit over 1000 user groups but get the error below.   Can this be done by support at the OS level if needed?   We are planning to make the change in several weeks and need it to be quickly flipped to ensure users aren't impacted.   Thank you!

curl -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ \      "authType":"ldap+radius", \      "groupId":<group ID> \  }' 'https://<pam server>/api.php/v1/userGroups.json'

{   "error": {     "code": 400,     "message": "Bad Request: Invalid value specified for `data.authType`. Expected one of (local,radius,tacacs+,saml,ldap)."   } }


Privileged Access Manager, versions 4.0.0-4.0.3 and 4.1.0


A check for authentication types allowed in the Rest API call was missing the MFA authentication options.


A code change was made to resolve the issue, it is fixed as DE543170 in the 4.0.4 and 4.1.1 releases.

Additional Information

Resolved Issues in 4.0.4: https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-1-5/release-information/resolved-issues-in-earlier-4-x-releases/Resolved-Issues-in-4-0-4.html 

Resolved Issues in 4.1.1: https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-1-5/release-information/resolved-issues-in-earlier-4-x-releases/Resolved-Issues-in-4-1-1.html