When a LDAP client is used to change user password, user can no longer login to CA Embedded Entitlements Manager (EEM)

book

Article ID: 37653

calendar_today

Updated On:

Products

SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service KNOWLEDGE TOOLS CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction

Problem

Users use a LDAP client to change their user password.

Once that is done, users are no longer able to login to CA Embedded Entitlements Manager (EEM) until an administrator resets their password within EEM.

Environment

CA Embedded Entitlements Manager (EEM) 12.x

CA Service Desk Manager (CA SDM) 12.7, 12.9 and 14.1

Windows

Resolution

It is not recommended to modify the user's data and passwords externally to the EEM application.

EEM maintains other attributes, like passwordchange date.  When the user changes their password externally, for example using a LDAP client, EEM is not aware of the change, so it still has the old password digest.

Initially when the user tries to login with the new password, the login is successful.  However, when the permissions are changed for the user, or any other information is changed for that user through the EEM UI, EEM will rewrite all the information present in the Global User details page for that particular user. 

Password digest is one of the items overwritten and will be set back to the old value. The password is reset to the value which EEM is aware of - the old password. Hence the user authentication fails because users are trying to login with the new password.

Since EEM will not be aware of modifications done externally to EEM, we do not recommend these kind of changes. 

Environment

Release: SDMU0M99000-14.1-Service Desk Manager-Full License
Component: