Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

automatically deactivate password on CUA

Former Member

‎02-05-2013 9:34 AM

0 Kudos

We have a system whereby user-accounts are automatically created from Active Directory to SAP. As these users are normally only used for acces from a portal the password should be de-activated. We need to do this from the CUA-system as password changes are not allowed on the child-system.

When a new user is created the password is of course always initial but Is there a way to automatically deactivate the password directly after an account is created ?

Thanks for any suggestions.

4 REPLIES 4

Former Member

‎02-06-2013 9:08 AM

0 Kudos

Hi Thom,

Could the parameter login/disable_password_logon help you? Then the password is deactivated for all users in the system.

Kind regards

Maaike

jurjen_heeck
Active Contributor

‎02-06-2013 2:54 PM

0 Kudos

Hi Thom,

You can also consider decreasing the lifespan of the initial password (login/password_max_new_valid). With unknown initial passwords which expire before the user is notified there shouldn't be a big security risk.

Jurjen

Former Member
In response to jurjen_heeck

‎02-11-2013 7:55 AM

0 Kudos

Hi Jurjen,

It is not enough to disable the password, you have to actively set the password to "deactivated".

These users come from an HR-portal where their identity is verified via ldap but connect to backend-system to get the relevant HR-data per user. To prevent them getting a logon-screen when connecting the password needs to be deactivated (which is something else than disabled). As the users are automatically created on a CUA-system we need to add a step somewhere to do this deactivation. Hope this clarifies my question.

Frank_Buchholz
Product and Topic Expert
Product and Topic Expert

‎02-07-2013 9:29 AM

0 Kudos

Do you use the standard LDAP syncronization to copy users from LDAP to the CUA central system?

- Transaction LDAP to configure the connection

- Report RSLDAPSYNC_USER to synchronize users according to LDAP

Currently I do not have access to a test system to verify it personally, but I guess that you can configure the password creation rule 'no password' in the settings somehow. Please check the attribute mappings in transaction LDAP.

Kind regards

Frank