How to change the password of the AD user for the ENTM System Manager or how to sync the AD user's password change in ENTM

search cancel

book

calendar_today

CA Privileged Access Manager - Server Control (PAMSC) CA Privileged Identity Management Endpoint (PIM)

If you have to change the password of the Active Directory user account mapped to the ENTM System Manager please follow these steps.

Click the "Directories" link
Click the "ac-dir" link
Scroll down the page and click the "Export..." button
Save and then edit the "ac-dir.xml" file in e.g. notepad / vi
On the ENTM Server open a cmd / sh and set JAVA_HOME

Windows: set JAVA_HOME=C:\jdk1.7.0

Linux: export JAVA_HOME=/usr/java/jdk1.7.0_21
Encrypt the new password from clear text to AES cypher text
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-identity-manager/12-9-02/implementing/how-ca-controlminder-service-accounts-interact-with-ca-privileged-identity-manager-components/password-change-procedures.html#concept.dita_654bd6f61f2eb65e2c1146b129ae37c6fb952a35_EncryptaClearTextPassword
e.g.
# ./pwdtools.sh -FIPS -p "newPassword" -key /opt/jboss-4.2.3.GA/server/default/deploy/IdentityMinder.ear/config/com/netegrity/config /keys/FIPSkey.dat
In the "ac-dir.xml" file put the new password (and new user)
...
<Credentials user="CN= ... >{AES}: ... ==</Credentials>
...
Amend the line in the "ac-dir.xml" file so that it is exactly like this:
...
<Container objectclass="top,organizationalUnit" attribute="ou" value=""/>
...
Save the modified "ac-dir.xml" file and return to your

CA Identity Minder Management Console
Home : Directories : ac-dir
Scroll down the page and click the "Update..." button
Select and load the "ac-dir.xml" file

You should now be able to logon to ENTM with the new user / password.

thumb_up Yes

thumb_down No