Problem

Users use a LDAP client to change their user password.

Once that is done, users are no longer able to login to CA Embedded Entitlements Manager (EEM) until an administrator resets their password within EEM.

Environment

CA Embedded Entitlements Manager (EEM) 12.x

CA Service Desk Manager (CA SDM) 12.7, 12.9 and 14.1

Windows

Resolution

It is not recommended to modify the user's data and passwords externally to the EEM application.

EEM maintains other attributes, like passwordchange date.  When the user changes their password externally, for example using a LDAP client, EEM is not aware of the change, so it still has the old password digest.

Initially when the user tries to login with the new password, the login is successful.  However, when the permissions are changed for the user, or any other information is changed for that user through the EEM UI, EEM will rewrite all the information present in the Global User details page for that particular user. 

Password digest is one of the items overwritten and will be set back to the old value. The password is reset to the value which EEM is aware of - the old password. Hence the user authentication fails because users are trying to login with the new password.

Since EEM will not be aware of modifications done externally to EEM, we do not recommend these kind of changes.