When PAM administrators logon to PAM, they often see message "Warning: PAM-CMN-0628: An LDAP operation is in progress." near the top of the dashboard.
Does the PAM-CMN-0638 message suggest that there is a problem with PAM or the LDAP synchronization?
This applies to all PAM 3.X releases.
In most cases this message is not a problem but correctly reporting an LDAP refresh operation in progress. The refresh interval for imported LDAP user groups is configured by the PAM Administrator in the LDAP configuration on the Configuration > 3rd Party > LDAP page. The refresh interval should be significantly larger than the duration of the refresh operation. To check how long the refresh operations take and whether they are performed and completed at the configured refresh interval, review the session logs:
- Go to page Sessions > Logs
- In the Column field, select "Details"
- In the Value field enter "LDAP"
- Click on the Filter button.
- Look for messages containing "LDAP connection made". This denotes the start of the LDAP refresh and should be followed by multiple messages containing "LDAP Group", one per imported LDAP user group.
The time interval between the "connection" message and the last "LDAP Group" message provides a rough estimate of the refresh task duration. There is some overhead at the beginning and end. If there is only a small time interval between the last "LDAP Group" message and the next LDAP connection, consider increasing the refresh time interval.
If you find no recent LDAP messages for more than the configured refresh interval, and you keep getting the PAM-CMN-0628 message on the dashboard, it would suggest a real refresh problem such as a hung process on the PAM appliance. In that case, please open a ticket with PAM support.