cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Checking user password status with SAP JCO

Go to solution
Former Member

on ‎03-01-2010 7:00 PM

0 Kudos

I am using Jco 2.1. Is it possible to get the status of the user's password (expired or not) using Jco, or is there any BAPI which can do this task. I get an exception in Jco when the user is locked or does not have any access to the respective function groups, but no exceptions in this case. It allows the user to conenct to SAP even when the password has expried.

In the code, I am using JCo Client connect and disconnect. It connects sucessfully, even when the password has expired in SAP.

Many thanks in advance. Any pointers to this issue is appreciated.

Regards,

Siva

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎03-01-2010 8:35 PM
0 Kudos

This is not a JCo or Java issue, this is a general RFC and configuration issue.

You might reject such RFC logons with profile parameters or at least limit the validity time of initial passwords.

Please see the notes [161146|http://service.sap.com/sap/support/notes/161146] and [862989|http://service.sap.com/sap/support/notes/862989] (Rel. 7.00) / [450452|http://service.sap.com/sap/support/notes/450452] (Rel. 6.20).

But be careful, these profile parameters of course affect all users on your system.

Show replies
Show replies
Former Member
‎03-01-2010 9:23 PM
0 Kudos

Stefan,

Cool, thanks a bunch. Your reply almost cleared the issue what I had. I just have one another question. OSS 161146, mentions that it applies for the initial password set for a new user. In my case all these user's are long term production SAP user's. Does this notes apply in general for all connections made via RFC or just for the new users connections? If that's the case, is there any other OSS notes which I can look upon.

Thanks again for spending your valuable time.

Regards,

Siva

Former Member
‎03-02-2010 1:15 PM
0 Kudos

Note [161146|http://service.sap.com/sap/support/notes/161146] says:

As of Release 46C, you can prevent the RFC logon with an expired or initial password by setting the profile parameter rfc/reject_expired_passwd (that is, rfc/reject_expired_passwd = 1).
After you added the profile parameter, you must restart the server.

So this is a general behavior for all RFC connections and not only for new users. That's why I told you to be careful.

And furthermore Harald is right. It should be clear what an initial password is. And when the password is regarded as expired can be configured with the profile parameters described in note [862989|http://service.sap.com/sap/support/notes/862989].

Former Member
‎03-02-2010 3:20 PM
0 Kudos

Thanks again Stefan and Harald. Both your anwsers perfectly fits and I will get with BASIS team to check which one can be used.

I am marking both these anwsers as the solution for this question.

Cheers!!!

Regards,

Siva

Answers (1)

Answers (1)

Former Member
‎03-01-2010 9:34 PM
0 Kudos

Hi Siva,

I think Stefan's answer provides you with the necessary details. Should you for some reason still be interested in figuring out the password status, you can use RFC function module SUSR_USER_PASSWORD_STATUS_GET and check exporting parameter PWDSTATE, which has the following values:


-2 : Password cannot (generally) be changed
-1 : Password cannot be changed today (only allowed once a day)
 0 : Password can be changed, but does not have to be changed
 1 : Password is initial and must be changed
 2 : Password has expired and must be changed
 3 : Password must be changed because it no longer meets the new rules

Cheers, harald

p.s.: Posted my message before seeing your follow-up post...

Edited by: Harald Boeing on Mar 1, 2010 1:35 PM

Show replies
Show replies
Former Member
‎03-01-2010 10:04 PM
0 Kudos

Harald,

Wonderful. I tried the RFC provided and it worked like a charm. Definitely this solution will make the BASIS team's life much easier (no changes in the parameters).

By any chance, do you have any answer to my previous question to Stephen, related to the OCC notes?

Thanks a lot.

Regards,

Siva

Former Member
‎03-01-2010 10:27 PM
0 Kudos

Not sure if I understand your question, so please excuse if I'm going in the wrong direction and let me know...

It is my understanding that the profile parameter <b>rfc/reject_expired_passwd</b> mentioned in OSS note [161146|https://service.sap.com/sap/support/notes/161146] pertains to all user connections via RFC. So expiration should in general have several possible causes, like user hasn't changed the password or hasn't logged on for long (as defined by the profile parameters mentioned in OSS note [862989|https://service.sap.com/sap/support/notes/862989].

Stefan and others, please correct me if I'm wrong.

Ask a Question