Description:
This Document shows how to reset the user account and password of the AD listener login ID to the SSO server as well as to the Active Directory server.
Moreover it provides tips how to troubleshoot if such reset might become necessary.
Solution:
Moving or deleting users within AD is addressed by the SSO AD Listener component (ADSL) by adjusting the user objects reference to its SSO LOGININFOS stored in the SSO Server.
To accomplish this task the SSO AD Listener needs to authenticate against the AD Server (DC) as well as to the SSO Server.
It might happen that e.g. due to password policies the password of the AD user ID utilized by the SSO AD Listener expired or changed anyway without notice to the CA SSO Administrator hence the SSO AD Listener is failing to login.
In this case the AD Listener logs will give indication of this issue.
You will find the log by default in the ADSL log directory, e.g. C:\Program Files\CA\Single Sign-On\AD Listener\Log\
Please see screen shot:
<Please see attached file for image>
Example when the ADSL user account on AD has been moved to another OU; deleted; or password has changed the ADSL will fail to authenticate.
Note: LDAP Listener = ADS Listener
To set the credentials used by the ADSL against the SSO Server:
To reset the credentials used by the ADSL against the AD Server (DC):
Restart the CA Single Sign-On Active Directory Listener Service to make the changes effective.
To verify if all is working as expected perform a typical use-case (move AD user object between OUs in AD, let this user logoff and logon to SSO and then use some SSO applications without problems.
Monitor the ADListenerLog.log file for issues.