The password for the LDAP bind user needs to be updated, but the procedure must be performed in a certain order to allow the idmmanage console to update properly. This KB article will outline the exact order of steps to update the bind user's password successfully.

PAM Server Control Enterprise Management 14.1

Prior to updating the bind user's password in Active Directory or another LDAP program, first Enable the Identity Manager Management Console. This must be done first because the restart of Wildfly as part of enabling the Identity Manager Management Console will require Wildfly to perform an LDAP bind. If the bind user's password was already changed in AD/LDAP, then the start up would not be complete and the rest of the instructions will not be successful.

Once the console has been enabled, access it by opening an internet browser and going to https://<ENTM_FQDN_OR_IP>/idmmanage, select Directories, then click on ac-dir. On the bottom right, click Export... to download the ac-dir.xml file to be used later.

After downloading the file, the password can now be changed in Active Directory or the LDAP program used in the environment. Take that password and encrypt it in PAMSC using one of the two pwdtools commands below.

For Windows: ...\PAMSCServer\IAM Suite\Access Control\tools\PasswordTool\pwdtools.bat -FIPS -p <NewBindPassword> -k <WildflyDirectory>\standalone\deployments\IdentityMinder.ear\config\com\netegrity\config\keys\FIPSkey.dat

For Linux: .../PAMSCServer/IAMSuite/PAMSC/tools/PasswordTool/pwdtools.sh -FIPS -p <NewBindPassword> -k <WildflyDirectory>/standalone/deployments/IdentityMinder.ear/config/com/netegrity/config/keys/FIPSkey.dat

With the encrypted password in hand, open ac-dir.xml in a text editor and search for the following line. Replace the original encrypted password string with the one generated in the previous step.

 <Credentials user="CN=ExampleBindUser,OU=.....,DC=.....,DC=.....">{AES}:EncryptedPasswordString=</Credentials>

With ac-dir.xml still open, search for this line as well.

<Container objectclass="top,organizationalUnit" attribute="ou"/>

Replace that line with the following one. The ac-dir.xml file can now be saved.

<Container objectclass="top,organizationalUnit" attribute="ou" value=""/>

Back in the idmmanage console, click Update... in the bottom right corner of the page. Click Choose File and select the updated ac-dir.xml file. Click Next, then click Finish to update the ac-dir settings. After it finishes updating, click Continue, then click Restart Environments for the change to take effect.