We have migrated standalone 14.4 user store to vApp 14.4, after the migration, some users are not able to login to the IM user console.
The user is able to login, after resetting the password from IM user console using imadmin user.
But when we use the JXplorer tool, the users are still not able to login.
Release : 14.4
Component : CA Identity Suite
The problem is with the JXplorer tool itself and this specific build which allows some Hash Algorithms which do not seem to work. This is purely related to the way JXplorer tool hashes the password.
Try resetting the password for the user using any of the hash algorithms highlighted in green.
We tried resetting the password on a couple of users using the SHA algorithm with JXplorer. It worked without any issues.
Alternatively, use an older JXplorer version or Apache directory studio tool for resetting the passwords.
JXplorer with eTrust Directory
If you use JXplorer with eTrust Directory, the following happens when you
create a new user password:
1. JXplorer binds to an eTrust Directory DSA. You should use SSL or another
secure connection for this binding.
2. In JXplorer, you create a user password, using plain encryption, MD5 or
3. JXplorer sends the password to the DSA, using the SSL connection.
4. The eTrust Directory DSA hashes the password, then stores it.
This means that if you use eTrust Directory and bind to it using SSL, JXplorer
does not need to hash the password. The password is kept secure during
transmission because the connection to the DSA uses SSL, and the password
is stored securely because eTrust Directory hashes it.
However, if you do choose to hash the password, an eTrust Directory DSA will
recognize the hash format, and can compare hashes to check that the
password is correct. Make sure you use the same hash algorithm for the
password in both JXplorer and the DSA.