000027670 - Error message in RSA Authentication Manager 8.x Security Console or Self-Service Console when logging in with LDAP password

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000027670
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.0 patch 5 and earlier, 8.1
IssueWhen logging in to either the RSA Authentication Manager Security Console or Self-Service Console with an LDAP password, the following error displays:
Administrator cannot authenticate to Security Console using LDAP password

The Authentication Activity monitor or report indicates:

ERROR,13002,Principal authentication,User "<userID>" attempted to authenticate using authenticator "LDAP_Password". The user belongs to security domain "SystemDomain",Failure,AUTHN_METHOD_FAILED,Authentication method failed

ResolutionTo enable LDAP password updates during console login, a secure LDAPS connection between the Authentication Manager and the LDAP server must be established.  Reference Chapter 5 of the Authentication Manager Administrators Guide, which discusses integrating LDAP directories and securing the communications path.

Alternatively, disable password expiration:

  1. Login to the Security Console with an account in the internal database (not an AD or SunOne account) that has full super admin privileges.
  2. Navigate to Authentication > Policies > Password Policies > Manage Existing and click on the policy being used for the affected Security Domain and click Edit
  3. In the Lifetime section, uncheck Require periodic password changes.
  4. Click Save.
NotesAuthentication Manager 8.0 Patch 6 and Authentication Manager 8.1 Patch1 include fixes for this issue
Legacy Article IDa62142