Password De-sync between LDAP and Policy Server
search cancel

Password De-sync between LDAP and Policy Server


Article ID: 192733


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER



We're running a Policy Server and we've faced a password de-sync
between the Policy Server and LDAP server. So suddenly, the Policy
Server was not able to connect to the LDAP User Store as the Admin
password in the LDAP User Store has changed. We'd like to know the
possible causes that may lead to the password de-sync.

Is there a way to prevent this ?




  Policy Server 12.7SP0 on RedHat 6;
  Policy Store on CA Directory 12.6;




If the password of the Admin LDAP User Store changes in the LDAP
Server, there's unfortunatly no way in the Policy Server to
"automatically" update it.

So when there's a password change scheduled in the LDAP Server, the
team updating it should share with the Policy Server administrator the
new password and the time of this change in order to avoid to have the
Policy Server to be in position to not being able to make new
connections with the LDAP Server.

We don't think that this could be automatized in any way neither,
Policy Server being the Client of the LDAP Server.