How to Change the Active Directory port for Privileged Identity Manager
Article ID: 190536
Updated On:
Products
CA Privileged Identity Management Endpoint (PIM)
Issue/Introduction
If it is required to change the port that PIM Enterprise Management uses to bind and search Active Directory, follow these steps.
Resolution
- If it is disabled, enable the Management Console.
- Open the Management Console, click Directories, then click ac-dir.
- At the bottom of the page, click Export... to export the XML file.
- Open the XML file for editing and search for the following line. Replace 389 with the necessary port (636 for LDAPS, 3268 for the LDAP global catalog, or 3269 for LDAPS global catalog).
<Connection host="AD_host_name" port="389"/> - In the file, search for the following line and verify that value="" exists. When the ac-dir.xml file is exported, that part can disappear and uploading the file will error out if it is not there.
<Container objectclass="top,organizationalUnit" attribute="ou" value=""/> - Save the file and go back to the Management Console ac-dir page.
- Click Update... then choose the updated XML file and click Finish to update the configuration. It should complete with a warning that can be ignored as it is the following warning.
Warning: Warning: Updating the Identity Manager directory "ac-dir" - It is best practice to disable the Identity Minder Management Console after finishing work with it.
- Restart JBoss for the port change to take effect.
Additional Information
Disable the Management Console:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-identity-manager/12-9-02/implementing/using-the-ca-identity-manager-management-console/disable-the-ca-identity-manager-management-console.html
Feedback
Yes
No
Powered by
