Users not able to login to IM user console after userstore migration
search cancel

Users not able to login to IM user console after userstore migration


Article ID: 271368


Updated On:


CA Identity Suite


We have migrated standalone 14.4 user store to vApp 14.4, after the migration, some users are not able to login to the IM user console.

The user is able to login, after resetting the password from IM user console using imadmin user.

But when we use the JXplorer tool, the users are still not able to login.


Release : 14.4

Component : CA Identity Suite


The problem is with the JXplorer tool itself and this specific build which allows some Hash Algorithms which do not seem to work. This is purely related to the way JXplorer tool hashes the password.


Try resetting the password for the user using any of the hash algorithms highlighted in green.

We tried resetting the password on a couple of users using the SHA algorithm with JXplorer. It worked without any issues.

Additional Information

Alternatively, use an older JXplorer version or Apache directory studio tool for resetting the passwords.

JXplorer with eTrust Directory 
If you use JXplorer with eTrust Directory, the following happens when you 
create a new user password: 
1. JXplorer binds to an eTrust Directory DSA. You should use SSL or another 
secure connection for this binding. 
2. In JXplorer, you create a user password, using plain encryption, MD5 or 
3. JXplorer sends the password to the DSA, using the SSL connection. 
4. The eTrust Directory DSA hashes the password, then stores it. 
This means that if you use eTrust Directory and bind to it using SSL, JXplorer 
does not need to hash the password. The password is kept secure during 
transmission because the connection to the DSA uses SSL, and the password 
is stored securely because eTrust Directory hashes it. 
However, if you do choose to hash the password, an eTrust Directory DSA will 
recognize the hash format, and can compare hashes to check that the 
password is correct. Make sure you use the same hash algorithm for the 
password in both JXplorer and the DSA.