LDAP device/user group import fails

Document ID : KB000008066
Last Modified Date : 22/06/2018
Show Technical Document Details
Issue:

PAM custom administrators are not able to import LDAP users or devices. 

While trying the following error is shown: 
9013 = Unauthorized attempt to retrieve the configuration for LDAP domains. 

 

Environment:
CA PAM 2.5.6
CA PAM 2.6.x
CA PAM 2.8
CA PAM 2.8.1
Cause:

In CA PAM release 2.8.2, two new privileges were introduced in PAM: userGroupAdd and userGroupDevice. Not having them may lead to issues like the one reported when adding a group or a user if the user doing it does not have them.

Resolution:

Ensure that these two privileges are added to the custom Role the administrator belongs to.

Go to Users>>Manage Roles. 

Ensure that the custom role created has been extended by the following privileges:

userGroupAdd: to import Users

userGroupDevice: to import Devices

Additional Information:

Please see: https://docops.ca.com/ca-privileged-access-manager/2-8-3/EN/release-information/resolved-issues-in-2-8-2