Unable to create Office365 accounts with password above 16 characters

book

Article ID: 143972

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

We have created an endpoint for Office365 and we are unable to create accounts for users that have more than 16 characters in the password.

Cause

The maximum length for Azure AD / Office365 passwords was 16 characters. Now it's been expanded to 256 characters. Microsoft made the change in response to popular requests, also known as "user voice" requests around June/July of 2019. This change has not yet made its way into the IDM connector.

Environment

Release : 14.X

Component : CA Identity Suite (VIRTUAL APPLIANCE)

Component : CA Identity Manager 

Resolution

There are two ways that you can modify the MaxLength of the password field:
1)
Open Connector Xpress, Add Your Provisioning Server on the top right > Drilldown on the Provisioning Server Connection > IM > Endpoint Types > Office 365

Right Click on Office 365 then select Edit MetaData

Drilldown on Office 365 > Classes > eTDYNAccount > Properties > eTPassword > Metadata

Locate and double click on 'maxLength' 

Modify the value from 16 to your desired length according to your business use case. (Note: Max length on the endpoint is 256)

2) 
Connect to your Provisioning LDAP directory via ldap browser:

Host: Provisioning Server Host Name

Port: 20389

UserDN: eTGlobalUserName=YOURADMIN,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta

Password: YourPassword


Navigate to:

eTNamespaceName=Office 365,dc=im,dc=eta

Under eTMetaData:

Modify:
From:
<metadata name="maxLength">
    <value>
        <intValue>16</intValue>
    </value>
</metadata> 
    
To:
<metadata name="maxLength">
   <value>
        <intValue>256</intValue>
   </value>
</metadata>

Please note that any upgrades in the future WILL overwrite these configurations and you WILL need to reconfigure your metadata if our development team doesn't update the maxLength value in a future release.

These changes will be the responsibility of the system administrator to maintain through patches.