After configuring integration with CA Directory on the Config > 3rd Party page, we can launch the LDAP Browser from the Users > Manage Groups page. In the explorer tree on the left we can see the user groups we want to import, but we cannot select specific groups as there are no checkboxes to the left of the group names. All we can select is the parent folder, but that is not a user group and importing it will not import any of the groups it contains.
<Please see attached file for image>
Release: PAMDKT99500-2.8-Privileged Access Manager-NSX API PROXY
The LDAP configuration on the Config > 3rd Party page was incomplete. Specifically the "User Group ObjectClass" and "Group Member Attr." attributes were not configured. The group details in the LDAP browser show that the object class is "groupOfUniqueNames" and the group member attribute is "uniqueMember", see the screenshot in the problem description. After adding these attributes in the LDAP configuration and launching the LDAP browser again, the user groups can be selected for import.
<Please see attached file for image>src="/servlet/servlet.FileDownload?file=0150c000004AK3QAAW" alt="LDAP_config.jpg" width="699" height="114">
If you are using a different schema on the DSA than x500 then these values might be adjusted accordingly