A self password reset on RACF V2 account, coming from a self password reset on AD with Password Synchronization Agent, is performed as an administrative password change.

Document ID : KB000032929
Last Modified Date : 14/02/2018
Show Technical Document Details

Problem:

A self password reset on RACF V2 account, coming from a self password reset on AD with Password Synchronization Agent, is performed as an administrative password change. And so the RACF user ID will have to change it at next login.

Environment:

Password Synchronization Agent is installed on Active Directory to launch a provisioning server.

AD accounts deal with global users with PSYNC enable which include RACF V2 user IDs.

Cause:

eTSelfChange=1 is properly passed to the Java connector for RACF V2 but not processed because eTSelfChange attribute definition is missing from RACF V2 Dynamic metadata.

Solution: 

Add the eTSelfChange attribute definition into the RACF V2 Dynamic metadata as following:

1. Open CA IAM Connector Xpress;

2. From right part frame, expand the Endpoint Types and put the cursor on "RACF v2" endpoint type.

3. Click on "Create Project" from Action button or from contextual menu.

4. Edit the metadata and expand the Data Model tree: Classes -> eTDYNAccount -> Properties

5. Click Add, and define the new property as below: 

5.1 Name: eTSelfChange, Type: Integer

5.2 Metadata:

isHidden, Type: Boolean, Value: true

beanPropertyName, Type: String, Value: eTSelfChange

connectorMapTo, Type: String, Value: eTSelfChange

6. Save and update the metadata then save the project.

 

Additional Information:  

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec553834.aspx