cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unabling user password change for Portal connected to Active Directory

Go to solution
Former Member

on ‎04-01-2009 5:50 PM

0 Kudos

How can you enable a user to change their AD password in EP when their password expires?

We have configured EP 7.0 SP14 with a read/write connection to AD according to the following instructions. The connection works and we are able to write to AD. However, when we expire the user's password in AD, EP does not ask the user to change it. Instead, it just gives an authentication error.

[LDAP Configuration Help|http://help.sap.com/saphelp_nw04s/helpdata/en/7d/77fa735e5f47a2a50b5336fd1b5a61/frameset.htm]

Is there some additional settings that I need to do to enable this?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎04-01-2009 7:00 PM
0 Kudos

This is as expected. The portal's job is not to be a password manager for other UME sources. When you logon to the portal, it basically says to the UME source "is this a valid username/password?". If the answer is "yes", then the user is valid. I

When you first create the user using the UME tools, it sets a flag in the UME, not, the underlying source, that the user needs to change their password.

Show replies
Show replies
Former Member
‎04-23-2009 5:34 PM
0 Kudos

Hi Michael,

Can you tell me what the flag is? And maybe what kind of development I would need to do to set this flag? We have a process that creates users in the LDAP and I am thinking of triggering some other code that will update this UME flag that you are talking about.

Any help is much appreciated.

Thanks,

Zarine.

Former Member
‎04-23-2009 8:52 PM
0 Kudos

You could look at using IUserAccount.setPasswordChangeRequired. I haven't tried it myself.

Former Member
‎04-24-2009 11:28 AM
0 Kudos

Thanks Michael - that hint was very helpful. I'm slowly getting towards a solution. Now I need to learn about manipulating UME for which I found a useful document in SDN.

The link is:

[https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/3641e490-0201-0010-c68f-e51221925714]

for anyone that is interested.

Thanks,

Zarine.

Answers (1)

Answers (1)

former_member206159
Active Contributor
‎04-01-2009 5:54 PM
0 Kudos

since the users are coming from external directory using LDAP, you cannot modify them in portal user admin.

You will be having only read-only mode.

Raghu

Show replies
Show replies
Former Member
‎04-01-2009 6:03 PM
0 Kudos

We have the LDAP setup for read/write, and we are able to change them in portal user admin.

former_member206159
Active Contributor
‎04-01-2009 6:20 PM
0 Kudos

Hi,

Ok.

I think it is not possible unless you use any external facing portal using reverse proxy or Access Manager.

We used Apache reverse proxy as external facing portal. This will ask password change when expires.

Raghu

Former Member
‎04-01-2009 6:45 PM
0 Kudos

Thank you for your responses, Raghu.

Our Portal is being used as our company intranet. There is no reverse proxy or Access Manager. We can change a user's password in EP now. The only thing it does not do is force the user to change their password when it expires in AD.

The strange this is that when you set a user's initial password in Identity Management in EP, it changes the password in AD, and the next time the user logs into EP, it asks them to change their password. But when you set the initial password in AD and checks that the user must change it the first time they log in, EP gives an authentication error when the user tries to log in. It appears that maybe EP is not aware of the flag in AD that specifies a user must change their password.

Ask a Question