000025474 - How to disable Show Password option in LDAP synchronization job when using RSA ACE/Server or RSA Authentication Manager

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025474
Applies ToRSA ACE/Server 5.2
RSA Authentication Manager 6.0
Lightweight Directory Access Protocol (LDAP)
IssueHow to disable Show Password option in LDAP synchronization job when using RSA ACE/Server or RSA Authentication Manager
Configuring LDAP synchronization job requires Administrative login and password of the LDAP server (e.g. Active Directory, iPlanet). The LDAP synchronization job has an option "Show Password" that, if enabled, the password of the LDAP server administrator can be seen. There is no easy way to prevent the RSA ACE/Server realm administrators to prevent from doing this. The domain administrator's password can be misused by other administrators.
Resolution
This issue is corrected in hot fix tst00040660 for RSA ACE/Server 5.2, and hot fix ID # B16641 for RSA Authentication Manager 6.0. Contact RSA Security Customer Support to obtain this fix.

The hot fix contains the ldapjobe.r file, and it must be replaced in the /ace/prog/progui directory on primary and replica servers. The file should also be replaced on remote administration machines.
Legacy Article IDa22044

Attachments

    Outcomes