Using the DN Change Tool

Prerequisites:  

If you run this tool on the ActivID CMS server, be sure to use the Java™ version delivered with ActivID CMS in C:\Program Files\HID Global\Credential Management System\jvm; otherwise, you need to install Java Runtime Environment (JRE) version 11.

You can now enable ActivID CMS to customize a Distinguished Name (DN) for a user.

Important: You must configure Entrust XAP as described in Enabling Entrust XML Administration Protocol (XAP) .

To customize Distinguished Name (DN) for a user in the ActivID CMS, perform the following tasks:

  1. Issue a device for the user. (Assume the user already has a card.)

  2. Change the DN of the user in the LDAP Lightweight Directory Access Protocol Directory.

  3. Copy the Tools\UpdateDn\ac-cms-dnrename directory from the ActivID CMS distribution.

  4. The scripts require the CCM-API, which is found in the SDK Software Development Kit folder of the disk. The classpath used in the scripts expects the SDK folder to be copied alongside the Tools folder.

    Note: : Be sure to keep the original folder structure: the SDK and Tools directories must be put side-by-side (keep the whole Tools\UpdateDn\ac-cms-dnrename path).

  5. In the cms.properties file found in the ac-cms-dnrename directory, update the host (localhost), the clientCertificate (client.pfx), and trustCertificate (root.cer) information, as well as the port and password if necessary.

    Note: Even if the DN Change Tool runs on the ActivID CMS server, “localhost” must be replaced with the name of the ActivID CMS server. The “clientCertificate” and “trustCertificate” must provide the complete path to the respective certificate (client.pfx) and (root.cer) files.

  6. Update runUpdateDn.bat to replace the user ID parameter.

  7. Run runUpdateDn.bat – this informs the Entrust CA to change the user’s DN. You can see that the user has an additional entry in SMA with the DN change state.

    Note: You can notify using the CCM Card and Credential ManagementAPI In the context of ActivID CMS, an Application Programming Interface (API) is an external interface (for example, the CCM API) that makes it possible for applications not supported by HID Global to incorporate ActivID functionality. through the UserManager.updateDn method or by using the Update DN tool in the Tools folder.

  8. Create a re-issuance request or device replacement request for the user.

  9. Update or replace the device for the user.

    10. Note: Once the process starts, only a permanent card replacement is performed. A temporary card replacement during the DN Change process is not supported.