For Community knowledge: An issue related to this topic was raised by a colleague (Dan Wilkinson) and he and Kenny followed a technical note to prove that changing the administrative password on a Provisioning Connector credential could be done.
Here is a summary of what they did:
Use an ldapbrowser to connect to the Provisioning Repository router which is running on the Provisioning Server machine and listening on port 20391 using the Bind DN of "eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=etadb" with the installation password and then navigate to the object "eTDYNDirectoryName=My_Endpoint_Name,eTNamespaceName=UNIX v2,dc=im,dc=etadb". Enter the clear-text new password into the attribute eTDYNPassword. Note that JXplorer will now show the eTDYNPassword attribute in clear text. From Provisioning Manager, show the properties of the endpoint and enter the new password there. Apply it. Now the eTDYNPassword will be re-encrypted. Validate by logging off and logging back on the Provisioning Manager and displaying the properties of the modified endpoint.
Original Message:
Sent: 11-07-2019 03:22 PM
From: Kenneth Verrastro
Subject: Periodic L7 IDM Endpoint Credential Refresh
I don't believe PAM would help you as you would need to enter the password on each acquired endpoint and then the password would be encrypted and stored within the Provisioning Repository. I also believe updating each endpoint type may vary from one type to another. I don't believe there is any technical note on this.
Original Message:
Sent: 11-06-2019 03:47 PM
From: Christopher Lavagnino
Subject: Periodic L7 IDM Endpoint Credential Refresh
A current L7 Identity Manager deployment has the requirement to refresh credentials (specifically the password) of the managed endpoint directories at periodic intervals. Can this be done and if so does a technical note exist to accomplish it? Can a PAM solution be leveraged to provide the latest credential to be used during the refresh?