Symantec Identity Manager - How to reset directory.xml authentication user password
search cancel

Symantec Identity Manager - How to reset directory.xml authentication user password

book

Article ID: 280894

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

This KB is designed to assist clients in resetting the directory.xml authentication user password when export/import functionality does not work as intended.

The password being updated will be for the user in the below location:

https://IPAddress:Port/iam/immanage

Home › Directories › UserStore

Username = UserDN

Resolution

Step 1: Stop The Identity Manager Application Server

Step 2: Update the Administrator user password on the source

Navigate to your directory where the Administrator is stored and update their password to the new password value

Step 3: Configure pwdtools.bat

Go to: CA\Identity Manager\IAM Suite\Identity Manager\tools\PasswordTool
Right click on the bat file and configure the %JAVA_EXE% Attribute.
Example: SET JAVA_EXE=C:\Java\jdk1.8.0_245\jre\bin\java.exe

 

Next, open up CMD and cd to the location of pwdtools.bat, and run the pwdtools.bat. 

Screen output:
To create a FIPS key file  pwdtools -FIPSKEY -k <FIPS key file location>  [-f <param_file>]
To add a FIPS key  pwdtools -FIPSKEY -add  [-f <param_file>]
To encrypt a plain text value using non FIPS (PBES) algorithm  pwdTools -JSAFE -p <plain text>  [-f <param_file>]
To encrypt a shared secret using PBES algorithm and save it  pwdTools -JSAFEKEY -p <shared_secret>  [-f <param_file>]
To encrypt a plain text using FIPS key file  pwdTools -FIPS -p <plain text> -k <FIPS key file path> [-f <param_file>]
To encrypt a plain text value using non FIPS (RC2) algorithm pwdTools -RC2 -p <plain text> [-f <param_file>]

In this example, we are going to compare our current password values.

Execute the below command:
pwdTools -RC2 -p password1

Results:
     Plain Text: password1
     Encrypted value: {RC2}:vDZXXXXXXXXAXYzSw==

 

Step 4: Update The Object Store:

Navigate to the following table [imdb].[dbo].[IM_DIR_CONNECTION]

Execute a Select * FROM [imdb].[dbo].[IM_DIR_CONNECTION]

Under Column Connection_Name find your provisioning repository 

 

Navigate to the Password column

Replace previous encrypted {RC2} value with new {RC2}:vDZXXXXXXXXAXYzSw==

Step 5: Start The Identity Manager Application Server

 

Powered by Wolken Software