After configuring an LDAP device (such as Red Hat Directory Server - RHDS) on a new CA Privileged Access Manager (PAM) 4.3 virtual appliance, the initial target account verification succeeds. However, attempting to import LDAP groups via the LDAP browser fails and returns the pop-up error: "Unable to establish connection to LDAP Domain dc=<domain>".

The issue is linked to an inability to establish a secure connection using a required cipher suite.

PAM 4.3 GA

This issue is caused by a product defect in PAM 4.3 where it does not natively support the required LDAP cipher suite:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) 

This problem will be resolved in PAM 4.3.1. A solution created by Engineering is also expected to be included in an upcoming published hotfix, most likely 4.3.0.04. If a customer runs into this problem and neither 4.3.1 nor a published hotfix on top of 4.3.0 is available yet, they should open a case with PAM Support.