search cancel

When a LDAP client is used to change user password, user can no longer login to CA Embedded Entitlements Manager (EEM)


Article ID: 37653


Updated On:


SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service CA Service Desk Manager CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager



Users use a LDAP client to change their user password.

Once that is done, users are no longer able to login to CA Embedded Entitlements Manager (EEM) until an administrator resets their password within EEM.


CA Embedded Entitlements Manager (EEM) 12.x

CA Service Desk Manager (CA SDM) 12.7, 12.9 and 14.1



It is not recommended to modify the user's data and passwords externally to the EEM application.

EEM maintains other attributes, like passwordchange date.  When the user changes their password externally, for example using a LDAP client, EEM is not aware of the change, so it still has the old password digest.

Initially when the user tries to login with the new password, the login is successful.  However, when the permissions are changed for the user, or any other information is changed for that user through the EEM UI, EEM will rewrite all the information present in the Global User details page for that particular user. 

Password digest is one of the items overwritten and will be set back to the old value. The password is reset to the value which EEM is aware of - the old password. Hence the user authentication fails because users are trying to login with the new password.

Since EEM will not be aware of modifications done externally to EEM, we do not recommend these kind of changes. 


Release: SDMU0M99000-14.1-Service Desk Manager-Full License