ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
How to change the password of the AD user for the ENTM System Manager or how to sync the AD user's password change in ENTM
Article ID: 17478
Updated On:
Products
CA Privileged Access Manager - Server Control (PAMSC)
CA Privileged Identity Management Endpoint (PIM)
Issue/Introduction
If you have to change the password of the Active Directory user account mapped to the ENTM System Manager please follow these steps.
Resolution
- Enable the CA Identity Minder Management Console
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-identity-manager/12-9-02/implementing/using-the-ca-identity-manager-management-console/enable-the-ca-identity-manager-management-console.html
- Open the CA Identity Minder Management Console
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-identity-manager/12-9-02/implementing/using-the-ca-identity-manager-management-console/open-the-ca-identity-manager-management-console.html
- Click the "Directories" link
- Click the "ac-dir" link
- Scroll down the page and click the "Export..." button
- Save and then edit the "ac-dir.xml" file in e.g. notepad / vi
- On the ENTM Server open a cmd / sh and set JAVA_HOME
Windows: set JAVA_HOME=C:\jdk1.7.0
Linux: export JAVA_HOME=/usr/java/jdk1.7.0_21 - Encrypt the new password from clear text to AES cypher text
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-identity-manager/12-9-02/implementing/how-ca-controlminder-service-accounts-interact-with-ca-privileged-identity-manager-components/password-change-procedures.html#concept.dita_654bd6f61f2eb65e2c1146b129ae37c6fb952a35_EncryptaClearTextPassword
e.g.
# ./pwdtools.sh -FIPS -p "newPassword" -key /opt/jboss-4.2.3.GA/server/default/deploy/IdentityMinder.ear/config/com/netegrity/config /keys/FIPSkey.dat - In the "ac-dir.xml" file put the new password (and new user)
...
<Credentials user="CN= ... >{AES}: ... ==</Credentials>
... - Amend the line in the "ac-dir.xml" file so that it is exactly like this:
...
<Container objectclass="top,organizationalUnit" attribute="ou" value=""/>
... - Save the modified "ac-dir.xml" file and return to your
CA Identity Minder Management Console
Home : Directories : ac-dir - Scroll down the page and click the "Update..." button
- Select and load the "ac-dir.xml" file
You should now be able to logon to ENTM with the new user / password.
Feedback
Yes
No
Powered by
