- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- Issue with distribution of users using CUA
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Issue with distribution of users using CUA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-16-2010 3:16 PM
Dear Friends,
We have implemented CUA in our landscape and we are facing issue wih distribution of Users. When we distribute the user id from Sys A(CUA) to Sys B(Child), the user id is not getting created in the child and when we checked the idoc(Message tye - USERCLONE) the status is '51' and the error message is "Please enter an initial password". Please advice what could be the issue.
Note : The same config is working fine with the ECC systems but we are facing this issue in 4.7 systems.
The RFC connection and other settings are fine.
Regards
Asif
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-17-2010 1:25 AM
Hi,
have you searched for OSS notes? For example note 1306019 might be a solution for you. There are some toher notes as well.
Cheers
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-16-2010 3:56 PM
Hi Asif,
I guess the issue is because of the parameter login/password_downwards_compatibility. Becuase of which the password is not getting distributed to the child system. Can you check out the value of this parameter in CUA and child systems.
Ideally it should be 1 or 3 for a CUA landscape, but it depends on your requirment. You can refer to the documentation of it.
Hope this might solve your issue.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-16-2010 7:26 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-17-2010 1:25 AM
Hi,
have you searched for OSS notes? For example note 1306019 might be a solution for you. There are some toher notes as well.
Cheers
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-23-2010 5:54 AM
Hi,
I have got the solution with this Note 1306019 - CUA: Downward-compatible passwords in old child systems, but unfortunately my system is not supporting to apply this note. Msg: This note cannot be implemented.
Reason: we are on BASIS Support Pack 41 and SAP is asking us to apply Support pack 46.
We had asked them provide correction per our support pack level but seems "Unfortunately a correction instruction is not available and cannot be provided.
Regards,
Asif
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-23-2010 7:30 AM
...well, sapkb46c041 is from beginning of 2003.... So it would be a very good idea to raise the basis SP level.... (currently available: SP 60 for 46C)
Edited by: Bernhard Hochreiter on Jun 23, 2010 8:30 AM
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-23-2010 10:19 PM
This involves kernel changes. These are downwardly compatible not to cause ABAP program errors, but the ABAP levels must be there to use them.
7 years behind on ABAP patches is a long time, so I think that even you kernel levels will reach their limits of compatibility as well, or fall out of maintenance...
As a workaround you can try an LDAP sync and set a local password.
Cheers,
Julius
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-24-2010 2:59 PM
Thanks for the response.
Appreciate if you could pls let me know how to setup LDAP sync and set a local password after that. It would be a great help for me.
Kind Regards,
Asif
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-25-2010 9:32 PM
Change the setting in SCUM to proposal for initial password setting. I had the same problem in our 46C system. It wasn't at the correct Basis support package to allow the everywhere setting. We had to wait until we got to ECC6 before we could change the password to everywhere in order to reset passwords from the parent system.
See note 862937
Hope this helps,
Mary Gee
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2010 10:47 AM
Thanks.
Now, I am able to distribute new user-ids along with their initial password from CUA system to child systems of 4.7 landscapes...However for this i have changed SCUM initial password setting to Proposal.
I have noted one thing here, with the option of Global & Everywhere new user distribution is not possible for 4.7 child systems because of Downward-compatible issue.
Regards,
Asif
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2010 10:42 PM
You can use a user directory service (Active Directory) as an intermediary to "bounce" the users to lower release systems, but yes.... you need to take care of the password locally.
CUA sends the hash of the initial password and not the password itself.
From a security perspective, applying the support packs or checking the release upgrade plan for the system is a better solution than a "quick fix".
Cheers,
Julius
- SAP Managed Tags:
- Security
