LDAP device/user group import fails

Document ID : KB000008066
Last Modified Date : 22/06/2018
Show Technical Document Details

PAM custom administrators are not able to import LDAP users or devices. 

While trying the following error is shown: 
9013 = Unauthorized attempt to retrieve the configuration for LDAP domains. 


CA PAM 2.5.6
CA PAM 2.6.x
CA PAM 2.8
CA PAM 2.8.1

In CA PAM release 2.8.2, two new privileges were introduced in PAM: userGroupAdd and userGroupDevice. Not having them may lead to issues like the one reported when adding a group or a user if the user doing it does not have them.


Ensure that these two privileges are added to the custom Role the administrator belongs to.

Go to Users>>Manage Roles. 

Ensure that the custom role created has been extended by the following privileges:

userGroupAdd: to import Users

userGroupDevice: to import Devices

Additional Information:

Please see: https://docops.ca.com/ca-privileged-access-manager/2-8-3/EN/release-information/resolved-issues-in-2-8-2