Password De-sync between LDAP and Policy Server

book

Article ID: 192733

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We're running a Policy Server and we've faced a password de-sync
between the Policy Server and LDAP server. So suddenly, the Policy
Server was not able to connect to the LDAP User Store as the Admin
password in the LDAP User Store has changed. We'd like to know the
possible causes that may lead to the password de-sync.

Is there a way to prevent this ?

 

Environment

 

  Policy Server 12.7SP0 on RedHat 6;
  Policy Store on CA Directory 12.6;

 

Resolution

 

If the password of the Admin LDAP User Store changes in the LDAP
Server, there's unfortunatly no way in the Policy Server to
"automatically" update it.

So when there's a password change scheduled in the LDAP Server, the
team updating it should share with the Policy Server administrator the
new password and the time of this change in order to avoid to have the
Policy Server to be in position to not being able to make new
connections with the LDAP Server.

We don't think that this could be automatized in any way neither,
Policy Server being the Client of the LDAP Server.