After changing EEM from single LDAP Domain to Multiple LDAP Domain, users can't login to PAM

Document ID : KB000015436
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

Having EEM configured with single LDAP domain, login to PAM works, but after changing EEM to be connected to Multiple LDAP Domain, the login to current users fails.

Question:

After changing EEM from single LDAP Domain to Multiple LDAP Domain, users can't login to PAM

Environment:
Any
Answer:

When multiple LDAP domian is selected, the permissions are lost for current PAM users, even if the same domain is still being used.


In order to enable the login to users, PAM administrator needs to login to EEM and go to "Manage Identities > Users > Global User" and give the users again the permissions with button "Add Application User Details" and adding them to groups PAMAdmins, PAMUsers and Designers accordingly.


When the change is made in EEM, from single domain to multiple LDAP domain, the users appear as "orphaned" until the permissions are given again.