User Password is not updating from Endpoint to Provisioning store
Article ID: 129689
Updated On:
Products
CA Identity Manager
CA Identity Governance
CA Identity Portal
Issue/Introduction
The CA Identity Management (IM) password sync agent is installed on a Windows Domain Controller (DC) but changes not getting propagated at the provisioning server even though the changed password data gets reflected in sync_agent log file.
The eta_pwdsync.log file has the following error
20190301.14:08:57. TID=006c. ! Warning: eTrust Admin user account 'AS139' has not been found. LDAP error: No such object.
Administrator DN: 'eTGlobalUserName=pwdsync,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta'.
Search from DN: 'eTADSDirectoryName=AD_EXCHANGE_ENDPOINT,eTNamespaceName=ActiveDirectory,dc=im,dc=eta'.
Scope: 'LDAP_SCOPE_SUBTREE'.
Filter: '(&(eTADSsAMAccountName=AS139)(objectClass=eTADSAccount))'.
Attribute: 'objectClass'.
Attr. only: 'false'.
Timeout: '20'.
The eta_pwdsync.log file has the following error
20190301.14:08:57. TID=006c. ! Warning: eTrust Admin user account 'AS139' has not been found. LDAP error: No such object.
Administrator DN: 'eTGlobalUserName=pwdsync,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta'.
Search from DN: 'eTADSDirectoryName=AD_EXCHANGE_ENDPOINT,eTNamespaceName=ActiveDirectory,dc=im,dc=eta'.
Scope: 'LDAP_SCOPE_SUBTREE'.
Filter: '(&(eTADSsAMAccountName=AS139)(objectClass=eTADSAccount))'.
Attribute: 'objectClass'.
Attr. only: 'false'.
Timeout: '20'.
Cause
This can be seen when there is a flag on the AD Account (ie account locked or password expired).
Environment
CA Identity Manager 14.x
CA Identity Suite 14.x
CA Identity Suite 14.x
Resolution
If this issue is encountered again please check the Active Directory (AD) account status.
Feedback
Powered by
