Starting with Vantage version 17.20, configured LDAP service passwords that are non-FIPS-compliant are no longer supported, and must be regenerated to a FIPS-compliant password. The LDAP authentication is disabled until a FIPS-compliant password is configured.
The tdspasswd-reencrypt utility regenerates an existing non-FIPS-compliant LDAP service password that is configured in the TdgssUserConfigFile.xml file to a FIPS-compliant encrypted LDAP service password.
To use the utility, you must have the following:
- The LdapServicePassword value in the configuration file must be present and be a non-FIPS-compliant encrypted password.
- The LdapServicePasswordProtected value in the configuration file must be set to "yes," indicating that the LdapServicePassword value is encrypted.
To convert the service password, do the following:
- Run the tdspasswd-reencrypt utility at the command line to regenerate the password to stdout.
- Update the LdapServicePassword value in configuration file with the new password.
- Run run_tdgssconfig for the new password to take effect. A TPA reset is not required.