PAM LDAP sync replication determination.
search cancel

PAM LDAP sync replication determination.


Article ID: 367560


Updated On:


CA Privileged Access Manager (PAM)


How can you determine which node is completing the LDAP replication without checking each node of the cluster?

Why isn’t the LDAP replication running from the Group Replication Leader?


Applies to all PAM release as of May 2024.


The LDAP sync role can move between nodes in the primary site and the PAM admin does not have full control over which node does the LDAP sync. It should not matter which one does it.

It might be that it runs not on the replication leader, but the CSPM leader. These are not necessarily the same node.

Please check the session logs on each primary node and search for messages containing the word "PAM-LDAP". Only the node doing the LDAP refresh will show these messages. 

If you cannot find any messages and if there is a problem with LDAP refresh, please open a Support case.