How do you set the password change method to use root on PAM by using an API?

Document ID : KB000098397
Last Modified Date : 09/07/2018
Show Technical Document Details
Issue:
Devices imported to PAM via LDAP are being deleted when connected to Local groups assigned with tags.

Reproduction steps
1. Devices are part of LDAP group are imported from LDAP.
2. Devices are members of that LDAP group.
3. Pick one of device and add new TAG to it.
4. Create a LOCAL group and same tag from step3.
5. Now, this device are part of local group + LDAP group.
6. Remove tag from LOCAL group.
7. Remove tag from device
8. Delete LOCAL group.
9. That device are GONE!!!!

The root cause of the problem is that when the user added the tag to the device, the device group records for that device were deleted and re-added. The re-added records no longer had the LDAP domain id associated with the device.  This meant that they were considered 'orphan' devices by the query that checks for them (ManageDeviceGroupServiceImpl.deleteGroupsInvisibleDevices) and so when the user deleted the tag based device groups the LDAP devices were deleted.

Environment:
PAM 3.2
 
Resolution:
Applying  CAPAM_3.2.0.02 hotfix resolves this issue. 
Patch can be downloaded by clicking link below:
https://support.ca.com/us/product-content/recommended-reading/technical-document-index/ca-privileged-access-manager-solutions-patches.html