Cannot import LDAP user groups from CA Directory
search cancel

Cannot import LDAP user groups from CA Directory


Article ID: 6505


Updated On:


CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)


After configuring integration with CA Directory on the Config > 3rd Party page, we can launch the LDAP Browser from the Users > Manage Groups page. In the explorer tree on the left we can see the user groups we want to import, but we cannot select specific groups as there are no checkboxes to the left of the group names. All we can select is the parent folder, but that is not a user group and importing it will not import any of the groups it contains.


Release: PAMDKT99500-2.8-Privileged Access Manager-NSX API PROXY


The LDAP configuration on the Config > 3rd Party page was incomplete. Specifically the "User Group ObjectClass" and "Group Member Attr." attributes were not configured. The group details in the LDAP browser show that the object class is "groupOfUniqueNames" and the group member attribute is "uniqueMember", see the screenshot in the problem description. After adding these attributes in the LDAP configuration and launching the LDAP browser again, the user groups can be selected for import.



If you are using a different schema on the DSA than x500 then these values might be adjusted accordingly