This Knowledge Base article provides guidance on managing LDAP (Lightweight Directory Access Protocol) password changes and their potential impact on organization configurations. The customer have LDAP configured on organizational domains with "Administrator Authentication Mechanism = Webfort Password".
This article outlines best practices for planning and executing LDAP password changes to minimize disruptions.
Release : CA Advanced Authentication 9.1
LDAP (Lightweight Directory Access Protocol) is a protocol used for accessing and managing directory services, such as user accounts, within an organization. It is commonly used for user authentication, authorization, and storing user-related information.
While creating an organization in the CA Risk Authentication repository or in your existing LDAP-based directory server, select the mechanism that is used to authenticate administrators who belong to this organization. "Administrator Authentication Mechanism = Webfort Password" Specifies the CA Strong Authentication user name-password authentication method. If you select this option, then the administrator credentials are issued and authenticated by the CA Strong Authentication Server.
Changing the LDAP password can impact the configuration of organizations that rely on LDAP for user authentication and authorization. Therefore, it is crucial to plan and execute password changes carefully to avoid disruptions and maintain system functionality. Please follow the best practices for planning and executing LDAP password changes to minimize disruptions as below:
When creating an organization in the LDAP repository. Then map the CA Risk Authentication database attributes to the LDAP attributes. The user details for the new organization is stored in the LDAP repository that you specified. When modifying LDAP configurations, collect the LDAP repository details and update them as described in below techdoc: https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/advanced-authentication/9-0/administrating/administrating-ca-risk-authentication/organizations/creating-and-activating-organizations.html