on 08-18-2011 4:56 PM
Hi,
i want to create AS ABAP users trough the IdM Webinterface.
When I assign a privilege of the target system to a user in the Identity store,
the user should be created in the target system, am I right?
The job log of CreateABAPUser from SAP Provisioning Framework shows the following:
Error putNextEntry failed storing
Exception from Add operation:com.sap.idm.ic.ToPassException: Must specify user password for MX_13080
Exception from Modify operation:com.sap.idm.ic.ToPassException: No matching user found
MSKEY 13080
MSKEYVALUE MX_13080
Warning Constant CREATE_TECHUSER was not defined in the repository (6)
Warning MX_ENCRYPTED_PASSWORD not set:
Help would be much appreciated
Hello,
you need to set the password before the user is provisioned. When you set the privilege (in the add MX_PERSON event task or whereever you do this) to the user also add MX_PASSWORD and MX_ENCRYPTED attributes.
How this works can you copy from the SAP Provisioning Framework -> Web Enabled Tasks -> Identity Management -> Create Identity.
Best regards
Dominik Trui
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Dominik,
I'm not sure where exactly to do this.
What I do is:
- at Manage tab of IdM UI choose the task "Assign/Unassign Identity to Business Role" and assign to the identity a role of the target system
- this sould start the CreateABAPUser task (SAP Provisioning Framework --> Systemtype specific tasks --> AS ABAP Tasks --> CreateABAPUser)
Is this the right way to create a user on a AS ABAP system?
I'm not sure where to add MX_PASSWORD and MX_ENCRYPTED attributes?
Would be nice to get this working for my bachelor thesis
Thanks for your help.
Time to do some basic work, you need this:
- If not already existing, create your own Provisioning Folder, parallel to the SAP Provisioning Framework
- Add an Ordered Task group, name could be "Add Event MX_PERSON". A good idea is: Put it in some subfolder if you want to create more own tasks/processes
- Link in this task: SAP Provisioning Framework -> Web Enabled Tasks -> Identity Management -> Create Identity -> Verify Identity and add password -> Add password
Link the "Add event MX_PERSON" to MX_PERSON: Identity Stores -> "Name ofd your IS" -> IS Schema -> Entry type -> MX_PERSON -> Event tasks. There link the Ordered task as add event
This ensures that every new person will get a password. If there are more mandatory attributes needed in the future. You can add a task to that Oredered taskgroup and add the attributes in a ToIdenttiyStore pass (or in a script of a ToGeneric pass).
To add passwords to all persons which have no password:
- Copy the Job (not Task!) of the Add password task to the Job folder.
- Fill in the Source Tab SQL query to select every MX_PERSON which has no password
- Execute the job
Okay I performed the steps.
Screenshot of the config:
http://imageshack.us/photo/my-images/32/screenshotato.png/
But I get the same error.
Maybe these questions may help you:
- Have you tried this with a new user or an existing user?
- Does the provisioned user have the attributes MX_PASSWORD and MX_ENCRYPTED_PASSWORD?
- Is the ABAP provisionign still the same? Or better question: Is the password attribute active and with what value?
- Is the user only updated?
Best regards
Dominik
I got it to work.
The attribute ACCOUNT<System> (Identity Stores --> <Identity store> --> Identity Store Schema --> Attributes) wasn't configured corryctly. The error message had nothing to do with the error =/
Thanks for your effort Dominik.
Probalby I'll need your help for further steps again
User | Count |
---|---|
83 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.