How to change the password of the AD user for the ENTM System Manager or how to sync the AD user's password change in ENTM

Article Id: 17478

Status: Published

Updated On: 06-05-2020 12:43

Legacy Id: TEC617027

Products:

CA Privileged Access Manager - Server Control (PAMSC) , CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction:

If you have to change the password of the Active Directory user account mapped to the ENTM System Manager please follow these steps.

Resolution:

Click the "Directories" link
Click the "ac-dir" link
Scroll down the page and click the "Export..." button
Save and then edit the "ac-dir.xml" file in e.g. notepad / vi
On the ENTM Server open a cmd / sh and set JAVA_HOME

Windows: set JAVA_HOME=C:\jdk1.7.0

Linux: export JAVA_HOME=/usr/java/jdk1.7.0_21
Encrypt the new password from clear text to AES cypher text
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-identity-manager/12-9-02/implementing/how-ca-controlminder-service-accounts-interact-with-ca-privileged-identity-manager-components/password-change-procedures.html#concept.dita_654bd6f61f2eb65e2c1146b129ae37c6fb952a35_EncryptaClearTextPassword
e.g.
# ./pwdtools.sh -FIPS -p "newPassword" -key /opt/jboss-4.2.3.GA/server/default/deploy/IdentityMinder.ear/config/com/netegrity/config /keys/FIPSkey.dat
In the "ac-dir.xml" file put the new password (and new user)
...
<Credentials user="CN= ... >{AES}: ... ==</Credentials>
...
Amend the line in the "ac-dir.xml" file so that it is exactly like this:
...
<Container objectclass="top,organizationalUnit" attribute="ou" value=""/>
...
Save the modified "ac-dir.xml" file and return to your

CA Identity Minder Management Console
Home : Directories : ac-dir
Scroll down the page and click the "Update..." button
Select and load the "ac-dir.xml" file

You should now be able to logon to ENTM with the new user / password.