000036469 - How to change password for LDAP service account in RSA Adaptive Authentication (OnPrem) 7.x

Document created by RSA Customer Support Employee on Aug 16, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036469
Applies ToRSA Product Set: Adaptive Authentication (OnPrem)
RSA Product/Service Type: Adaptive Authentication (OnPrem)
RSA Version/Condition: 7.x
IssueCustomer needs to change password for the service account in the Active Directory (LDAP) and set it up in the AA configuration.
ResolutionIn order to access Active Directory, you must set the parameters in the file AA-ExternalIdentityProvider.xml.

You must set the location of the Active Directory server and define the credentials of a user who has permission to logon to Active Directory and navigate through the users and user properties. This user cannot have permissions to write to Active Directory.  As a result of this limitation, the change password feature is not supported in this connector since it requires to write permission to Active Directory.

The steps to change it manually are:
  1. Change the password for the service account in LDAP
  2. Set the LDAP-password-BASE64 parameter. For example, UEBzc3cwcmQ.  The password of the user is translated into BASE64. In the example above, the original password is actually P@ssw0rd.
  3. Put the encoded password in the AA-ExternalIdentityProvider.xml, in the section where the Service account is setup.
AAOP documentation, Operations guide Section 14: Using an External Identity Store