LDAP device/user group import fails

book

Article ID: 8066

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

PAM custom administrators are not able to import LDAP users or devices. 

While trying the following error is shown: 
9013 = Unauthorized attempt to retrieve the configuration for LDAP domains. 

 

Cause

In CA PAM release 2.8.2, two new privileges were introduced in PAM: userGroupAdd and userGroupDevice. Not having them may lead to issues like the one reported when adding a group or a user if the user doing it does not have them.

Environment

CA PAM 2.5.6
CA PAM 2.6.x
CA PAM 2.8
CA PAM 2.8.1

Resolution

Ensure that these two privileges are added to the custom Role the administrator belongs to.

Go to Users>>Manage Roles. 

Ensure that the custom role created has been extended by the following privileges:

userGroupAdd: to import Users

userGroupDevice: to import Devices

Additional Information

Please see: https://docops.ca.com/ca-privileged-access-manager/2-8-3/EN/release-information/resolved-issues-in-2-8-2