During LDAP User Group Refresh, the connection to the LDAP fails with the following error message

PAM-LDAP-0037: Exception occurred while processing a search on entity DC=amorg,DC=group: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090510, comment: AcceptSecurityContext error, data 52e, v4563

PAM-LDAP-0035: Binding to domain DC=,DC= failed. Invalid LDAP admin password configured.

CA PAM 4.x versions.

The cause for this problem is not an invalid password for the bind account, but an change in the OU where the bind account exists in the actual LDAP.

To fix this problem, verify if the Distinguished Name (DN) is modified either in CA PAM or in the LDAP, this DN must be same in CA PAM and in the LDAP. Once the DN is same, the LDAP user group refresh works fine. 

In the tomcat logs, the following message appears.

SEVERE [TP9] com.cloakware.cspm.server.app.impl.UpdateTargetServerCmd.invoke AnsiSQLTargetServerDAO.updateTargetServer - Cannot change host name. Device in use by LDAP Domain Configuration.

SEVERE [TP9] com.cloakware.cspm.server.app.impl.UpdateTargetServerCmd.invoke UpdateTargetServerCmd.invoke Application exception
    com.cloakware.cspm.server.app.ApplicationException: AnsiSQLTargetServerDAO.updateTargetServer - Cannot change host name. Device in use by LDAP Domain Configuration.