LDAP group refresh error

Document ID : KB000005030
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

While refreshing an LDAP group, the error is shown for some users:

"Message 2089: Duplicate Password Authority username %s".

Environment:
PAM 2.7PAM 2.8
Cause:

Typically this means that the related user object is not properly defined or synchronized in the various PAM internal databases for whatever reason.

 

Resolution:

Contact CA Support which will provide you a patch XS_USR_SYNC.a.bin

Please apply it to the PAM appliance using the upload feature in the Upgrade menu of the CA PAM UI.

Once applied its scripts launch immediately and sync the databases. Should there be the need to rerun this script the patch has to be reapplied.

A Cluster needs to be stopped first, then apply the fix on the Primary node only. Once done restart the Cluster which copies over the fixed databases to all the other nodes.

It is recommended to perform the operation at off hours.

Note, there is not any rollback mechanism built into the patch and no guarantee can be given that it is fully resolving the issue.

Please take a backup of the CA PAM database or a snapshot of the entire VM in case necessary.