This tech doc will instruct you on how to reset the provisioning manager administrator account password (i.e. ETAADMIN )
IMPORTANT: This article contains information about modifying DN values within your directory. Before you modify the directory, make sure you have the appropriate knowledge of any or all functionality. If you have any concerns please open up a case with support and reference this tech doc:
This article is offered "as is".
Release : 14.X
Component : IdentitySuite(Identity Suite)
Component : IdentityManager(Identity Manager)
Step 1: Connect to Provisioning Directories via Provisioning Router (port 20391)
Example Settings:
Hostname = PROVISIONING_SERVER_ROUTER_HOST
Port = 20391
Level = User + Password
User DN = eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=etadb
Password = Provisioning Repository Password (Configured During Installation)
Change the eTPassword attribute on your Administrator Account:
Example:
eTGlobalUserName=etaadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta
Set eTPassword = password01
Note: You will be able to connect with clear text however, do not leave your password clear text as it is a security risk.
Step 2: Use Provisioning Manager to encrypt your password:
Log into Provisioning Manager using your new password (i.e. password01)
Click on User, then Search for your user, then Change Password (Note You can use same password that you set with clear test), then click Apply
This will set the user's password again but this time it will be stored as an encrypted value
If you have used etaadmin to establish your connection between IDM and Provisioning Server (i.e. IM ProvDir XML) then continue reading:
Navigate to:
https://IPAddress:Port/iam/immanage
Home › Directories and confirm successful connectivity
Note:
If you receive a connection error to your provisioning directory database you may not be able to export your environment and would need to follow different steps mentioned further below.
If you can export your environment please follow these steps:
Export out your IM Provisioning Directory XML.
Find: <Credentials user="eTGlobalUserName=etadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta">{PBES}:WQf3wza4JfYe3zPI8zcveQ==</Credentials> within your directory xml.
Step 3: Configure pwdtools.bat
Go to: CA\Identity Manager\IAM Suite\Identity Manager\tools\PasswordTool
Right click on the bat file and configure the %JAVA_EXE% Attribute.
Example: SET JAVA_EXE=C:\Java\jdk1.8.0_245\jre\bin\java.exe
Next, open up CMD and cd to the location of pwdtools.bat, and run the pwdtools.bat.
Screen output:
To create a FIPS key file pwdtools -FIPSKEY -k <FIPS key file location> [-f <param_file>]
To add a FIPS key pwdtools -FIPSKEY -add [-f <param_file>]
To encrypt a plain text value using non FIPS (PBES) algorithm pwdTools -JSAFE -p <plain text> [-f <param_file>]
To encrypt a shared secret using PBES algorithm and save it pwdTools -JSAFEKEY -p <shared_secret> [-f <param_file>]
To encrypt a plain text using FIPS key file pwdTools -FIPS -p <plain text> -k <FIPS key file path> [-f <param_file>]
To encrypt a plain text value using non FIPS (RC2) algorithm pwdTools -RC2 -p <plain text> [-f <param_file>]
In this example, we are going to compare our current password values.
Execute the below command:
pwdTools -RC2 -p password1
Results:
Plain Text: password1
Encrypted value: {RC2}:vDZXXXXXXXXAXYzSw==
In this example, we are going to compare our current password values.
execute the following command:
pwdTools -JSAFE -p password1
Results:
Plain Text: password1
Encrypted value: {PBES}:WQf3wza4JfYe3zPI8zcveQ==
Step 4:
Replace PBES Key within xml with new PBES key and upload xml file
Step 5:
Restart the IM Application Server
If you are not able to export your environment please follow these steps:
Step 1: Stop The Identity Manager Application Server
Step 2: Update the Administrator user password on the source
Navigate to your directory where the Administrator is stored and update their password to the new password value
Step 3: Configure pwdtools.bat
Go to: CA\Identity Manager\IAM Suite\Identity Manager\tools\PasswordTool
Right click on the bat file and configure the %JAVA_EXE% Attribute.
Example: SET JAVA_EXE=C:\Java\jdk1.8.0_245\jre\bin\java.exe
Next, open up CMD and cd to the location of pwdtools.bat, and run the pwdtools.bat.
Screen output:
To create a FIPS key file pwdtools -FIPSKEY -k <FIPS key file location> [-f <param_file>]
To add a FIPS key pwdtools -FIPSKEY -add [-f <param_file>]
To encrypt a plain text value using non FIPS (PBES) algorithm pwdTools -JSAFE -p <plain text> [-f <param_file>]
To encrypt a shared secret using PBES algorithm and save it pwdTools -JSAFEKEY -p <shared_secret> [-f <param_file>]
To encrypt a plain text using FIPS key file pwdTools -FIPS -p <plain text> -k <FIPS key file path> [-f <param_file>]
To encrypt a plain text value using non FIPS (RC2) algorithm pwdTools -RC2 -p <plain text> [-f <param_file>]
In this example, we are going to compare our current password values.
Execute the below command:
pwdTools -RC2 -p password1
Results:
Plain Text: password1
Encrypted value: {RC2}:vDZXXXXXXXXAXYzSw==
Step 4: Update The Object Store:
Navigate to the following table [imdb].[dbo].[IM_DIR_CONNECTION]
Execute a Select * FROM [imdb].[dbo].[IM_DIR_CONNECTION]
Under Column Connection_Name find your provisioning repository
Navigate to the Password column
Replace previous encrypted {RC2} value with new {RC2}:vDZXXXXXXXXAXYzSw==
Step 5: Start The Identity Manager Application Server