LDAP device/user group import fails
search cancel

LDAP device/user group import fails


Article ID: 8066


Updated On:


CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)


PAM custom administrators are not able to import LDAP users or devices. 

While trying the following error is shown: 
9013 = Unauthorized attempt to retrieve the configuration for LDAP domains. 



CA PAM 2.5.6
CA PAM 2.6.x
CA PAM 2.8
CA PAM 2.8.1


In CA PAM release 2.8.2, two new privileges were introduced in PAM: userGroupAdd and userGroupDevice. Not having them may lead to issues like the one reported when adding a group or a user if the user doing it does not have them.


Ensure that these two privileges are added to the custom Role the administrator belongs to.

Go to Users>>Manage Roles. 

Ensure that the custom role created has been extended by the following privileges:

userGroupAdd: to import Users

userGroupDevice: to import Devices

Additional Information

Please see: https://docops.ca.com/ca-privileged-access-manager/2-8-3/EN/release-information/resolved-issues-in-2-8-2