A self password reset on RACF V2 account, coming from a self password reset on AD with Password Synchronization Agent, is performed as an administrative password change.
Article ID: 32929
Updated On:
Products
Issue/Introduction
A self password reset on RACF V2 account, coming from a self password reset on AD with Password Synchronization Agent, is performed as an administrative password change. And so the RACF user ID will have to change it at next login.
Environment:
Password Synchronization Agent is installed on Active Directory to launch a provisioning server.
AD accounts deal with global users with PSYNC enable which include RACF V2 user IDs.
Environment
Component: IDMGR
Cause
eTSelfChange=1 is properly passed to the Java connector for RACF V2 but not processed because eTSelfChange attribute definition is missing from RACF V2 Dynamic metadata.
Resolution
Add the eTSelfChange attribute definition into the RACF V2 Dynamic metadata as following:
1. Open CA IAM Connector Xpress;
2. From right part frame, expand the Endpoint Types and put the cursor on "RACF v2" endpoint type.
3. Click on "Create Project" from Action button or from contextual menu.
4. Edit the metadata and expand the Data Model tree: Classes -> eTDYNAccount -> Properties
5. Click Add, and define the new property as below:
5.1 Name: eTSelfChange, Type: Integer
5.2 Metadata:
isHidden, Type: Boolean, Value: true
beanPropertyName, Type: String, Value: eTSelfChange
connectorMapTo, Type: String, Value: eTSelfChange
6. Save and update the metadata then save the project.
Additional Information
http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec553834.aspx
Feedback
