CA Identity Manager Release Notes › Known Issues › General › Password Policy Issue When Using a Combined User Store and Provisioning Directory

Password Policy Issue When Using a Combined User Store and Provisioning Directory

Symptom:

CA Identity Manager does not apply certain password policies in deployments that use a combined user store and provisioning directory. This issue occurs with password policies that include the following rules and restrictions:

• Password expiration:
  • Track failed logins or successful logins.
  • Authenticate a login.
  • Password expiration if not changed
  • Password inactivity
  • Incorrect password
  • Multiple regular expressions
• Password restrictions:
  • Minimum days before reuse
  • Minimum number of passwords before reuse
  • Percent different from last password
  • Ignore sequence when checking for differences.

This issue occurs because %PASSWORD_DATA% is mapped to a binary attribute instead of a string attribute by default.

Solution:

In the Management Console, map %PASSWORD_DATA% to any eTCustomField attribute that is not mapped to another attribute. For example, eTCustomField99.

After you update the mapping, restart the environment.

Note: For more information about updating an existing CA Identity Manager directory, see the Configuration Guide.