When trying to update an endpoint LDAP url connection, we are seeing this error in Provisioning Manager:

eTDynDirectoryName=Test,eTNamespaceName=Sample, dc=im, dc=etasa:
JCC@ConnectorServerName: JNDI: simple bind failed:
EndpointSampleLDAP.test.net:636 Caused by:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException"
Unable to find valid certification path to requested target
(ldaps://connectorserver.test.net:20411)

When changing an endpoint configuration to point to new or different servers, the error occurs because the IAM CS java connector server cannot find the certificate for the new server.

You can import the (new) certificates to the connector server via the UI:

Log In to CA IAM CS
Use the following URL to log into CA IAM CS:

http://hostname:port

hostname
Specifies the name of the computer which runs CA IAM CS, as a qualified domain name.

port
Specifies the HTTP or HTTPS port set during installation.
Use the credentials that you specified during installation.

Example URLs for CA IAM CS
SSL: https://myserver.mycompany.org:20443
Non-SSL: http://myserver.mycompany.org:20080

The default user is admin, with the password you use for accessing the Provisioning Manager

In the UI, locate the option to import the certs.

A restart of the connector server(s) may be required for the change to take effect.