XP DYN connector against Sybase calling native sp_password stored procedure.
Article ID: 30986
Updated On:
Products
CA Identity Manager
CA Identity Governance
CA Identity Portal
CA Identity Suite
Issue/Introduction
A custom XPress Dynamic connector is built using jdbc against Sybase.
An operation binding is defined when an account is modified to call the Sybase "dbo.sp_password" stored procedure, passing "caller_passwd", "new_passwd" and "loginame".
This operation binding fails with: SQL state [ZZZZZ]; error code [10315]; “Invalid caller's password specified, password left unchanged.”
Explanation: You do not have the permission to execute this command. Have the object owner or a user with the needed role run this command.
This is not a self-password change. The data source is setup using a proxy admin user (e.g.: "caim"), the password reset is being done for another user (e.g.: "catest").
No attribute on the endpoint (sybase) does hold the caller's password (e.g.: "caim" user password), and we cannot set free text for the "Caller's Password" field into the "sp_password" procedure in the operation binding configuration.
Resolution
A workaround is to create a stored procedure (e.g. caim_sp_password) that you call from the XP connector passing only "new_passwd" and "username".
This new stored procedure takes in charge to execute sp_password passing the hard coded caller_password ("caim" proxy admin user password) and forwarding the "new_passwd" and "username" fields.
Feedback
Yes
No
Powered by
