search cancel

Fail to reset password using Active Directory authentication

book

Article ID: 216372

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

When trying to reset a user password via either CA Identity manager (IM) IM or CA Identity Portal (IP) where the Active Directory Authentication module is used, the task fails and a User not found or Unique error is logged by the application server.

Sample log messages

2021-06-02 00:05:48,637 DEBUG [ims.llsdk.directory.jndi.createUserQAHang] (Thread-154 (HornetQ-client-global-threads-2125408835)) JNDIBase.getObject didn't work as a unique name, trying again as a friendly name find - looking for a USER named tuser216
2021-06-02 00:05:48,638 DEBUG [ims.llsdk.dirandenvcache.moAttrCache] (Thread-154 (HornetQ-client-global-threads-2125408835)) findManagedObjectAttr: Found mo definition key for [3] in cache.
2021-06-02 00:05:48,638 DEBUG [ims.llsdk.directory.jndi] (Thread-154 (HornetQ-client-global-threads-2125408835)) findObjectByFriendlyName using filter: (&(uid=tuser216)(objectclass=imUser)) and base DN ou=im,ou=ca,o=com
2021-06-02 00:05:48,638 DEBUG [ims.llsdk.dirandenvcache.moAttrCache] (Thread-154 (HornetQ-client-global-threads-2125408835)) findManagedObjectAttr: Found mo definition key for [3] in cache.
2021-06-02 00:05:48,638 DEBUG [ims.llsdk.directory.jndi] (Thread-154 (HornetQ-client-global-threads-2125408835)) Acquiring new LDAP connection
2021-06-02 00:05:48,638 DEBUG [ims.llsdk.directory.jndi] (Thread-154 (HornetQ-client-global-threads-2125408835)) Acquired LDAP connection ([email protected])
2021-06-02 00:05:48,639 DEBUG [ims.llsdk.typeregistry] (Thread-154 (HornetQ-client-global-threads-2125408835)) Did not find definition for type USER
2021-06-02 00:05:48,647 ERROR [ActiveDirectoryPasswordSynchListener] (Thread-154 (HornetQ-client-global-threads-2125408835)) User not found or not unique
2021-06-02 00:05:48,648 ERROR [ims.tmt.IMSMessageListener] (Thread-154 (HornetQ-client-global-threads-2125408835)) processToEndState: Exception occured during event processing: [facility=4 severity=3 reason=0 status=6 message=Unrecognized command]
 at com.netegrity.webapp.authentication.ad.ActiveDirectoryConnection.getDnForUser(ActiveDirectoryConnection.java:209) [user_console.jar:]
 at com.netegrity.webapp.authentication.ad.ActiveDirectoryConnection.resetPassword(ActiveDirectoryConnection.java:395) [user_console.jar:]

View Submitted Task page shows the following FwAuthenticationException message.

 

Environment

Release : 14.3

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

Cause

Configuration issue.  SSL is a prerequisite.

Resolution

If you configure the Active Directory authentication model, user password sets from the Forgotten Password or Reset Password tasks automatically propagate to both the Identity Manager User Store and the Active Directory server. Password status changes are detected during authentication. This requires an LDAPS connection between the Identity Manager Server and the Active Directory server. Specifically, the  SSL property must be set to TRUE.

If SSL has been set to TRUE but the problem is persisted, please make sure the User object that password is being reset exists in Active Directory.

Additional Information

Please refer to the product documentation for more information.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-4/configuring/advanced-settings/manage-authentication-module-properties.html

Attachments