Cannot import LDAP user groups from CA Directory

book

Article ID: 6505

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

After configuring integration with CA Directory on the Config > 3rd Party page, we can launch the LDAP Browser from the Users > Manage Groups page. In the explorer tree on the left we can see the user groups we want to import, but we cannot select specific groups as there are no checkboxes to the left of the group names. All we can select is the parent folder, but that is not a user group and importing it will not import any of the groups it contains.

Environment

Release: PAMDKT99500-2.8-Privileged Access Manager-NSX API PROXY
Component:

Resolution

The LDAP configuration on the Config > 3rd Party page was incomplete. Specifically the "User Group ObjectClass" and "Group Member Attr." attributes were not configured. The group details in the LDAP browser show that the object class is "groupOfUniqueNames" and the group member attribute is "uniqueMember", see the screenshot in the problem description. After adding these attributes in the LDAP configuration and launching the LDAP browser again, the user groups can be selected for import.

 

 

Note:
If you are using a different schema on the DSA than x500 then these values might be adjusted accordingly

Attachments