Symantec Identity Manager - IBM RACF Password attribute limited to 8 Characters
Article ID: 204386
Updated On:
Products
Issue/Introduction
There is a requirement to change the acceptable password (passphrase) length on the RACF endpoint from Min 8 to Max 15.
However, when using a new password of 15 characters in length the below error is returned:
Error:
ERROR MESSAGE: RACF Userid 'TestUser01' on 'RACF' modification failed: The length for attribute 'Password' is greater than the maximum of 8.
Environment
Release : 14.X
Component :
IdentityMinder(Identity Manager)
IdentitySuite(Identity Suite)
Cause
Both the RACF and RACF V2 endpoints are coded out of the box with an 8 character limit as originally IBM limited the length to 8 characters on their end.
Resolution
If you are using the RACF endpoint then there is nothing further you can do as this is a limitation.
If you are using the RACF V2 then you can modify the metadata using Connector Xpress.
Reference:
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-3/configuring/Replace-OOTB-Provisioning-Certificates-with-Custom-Certificates/Connector-Xpress.html
However, this leaves you in customization territory and you will be responsible for maintaining this change through future deployments. As when you upgrade the jar files will change and the default value will be set back to 8 and you will have to change it back to 15 or your desired value. Support will not be responsible for any issues that arise and will suggest you revert your changes.
See the screenshot below for the change required for RACF V2.
You will change the max length from 8 to 15 in your case (See Highlight)
Steps:
Open Connector Xpress > Connect to your provisioning server > Navigate to RACF V2 > Right Click 'Edit Metadata' > Change 'maxLength' from '8' to desired length > Save and Deploy > Cycle IMPS and Connector Servers
Feedback
