on 08-09-2013 3:31 PM
I've implemented this note which works when I create a new user but I don't achieve to do it when it's for a reset password.
I've added this line : ProductivePwd with value X
That works fine.
I did the same with the task : ChangePasswordOfABAPUser
And I get this warning message
Could someone tell me what else need to be done ?
Thx.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello - yes as Craig stated there was a change to the behaviour of BAPI_USER_CHANGE which checks whether the user is logged on using SNC - see note 1287410 BAPI_USER_CHANGE: Set productive password. If the user is not logged on over SNC then the password is set as initial when updated from IdM via BAPI_USER_CHANGE.
Hope it explains.
Chris
Cheers Chris, That's were the change was introduce - thanks for the clarification. From what I have seen its just that BAPI_USER_CREATE doesn't make the same check. Hence I ended up with Nicolas issue where productive passwords work for create but not change.
Can be a tad confusing when it works one way and not the other. As the actual issue relates within the underlying SNC layer/ config.
Rgrds
Craig
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Nicolas, please take a look at notes1287410 and 1602902.
Thanks!
Matt
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Matt,
Thanks for the links.
In fact it works when I create a user but not when updating the data.
It's maybe normal that as an admin I cannot send a productive password for someone but it maybe works with the "self-service reset password".
I'll check that but if you have an other idea, it's allways welcome.
Nicolas.
Nicolas,
It should not matter either way. I can think of only two other things at this point.
1. Double check the IDM password settings/policy.
2. Check with your BASIS and security teams to make sure they don't have something setup that could be conflicting with what you would like to do in IDM.
Regards,
Matt
Nicolas,
Thankfully the system I did it on was from IDM 7.1 which still had the System Report functionality. Here's an excerpt from the report:
1 | Yes | To Custom | Set ECC Password |
Repository | -- None -- |
Use identity store | False |
Source database | <EMPTY> |
SQL query | <EMPTY> |
Initialization script | <EMPTY> |
Entry script | <EMPTY> |
Termination script | <EMPTY> |
Pass type | ToSAP |
| %$rep.JCO_CLIENT_ASHOST% |
| %$rep.JCO_CLIENT_SYSNR% |
| %$rep.JCO_CLIENT_USER% |
| %$rep.JCO_CLIENT_CLIENT% |
| %$rep.JCO_CLIENT_PASSWD% |
| %$rep.JCO_CLIENT_LANG% |
| %$rep.JCO_CLIENT_GROUP% |
| %$rep.JCO_CLIENT_GWHOST% |
| %$rep.JCO_CLIENT_GWSERV% |
| %$rep.JCO_CLIENT_MSHOST% |
| %$rep.JCO_CLIENT_R3NAME% |
| %$rep.JCO_CLIENT_SNC_LIB% |
| %$rep.JCO_CLIENT_SNC_MODE% |
| %$rep.JCO_CLIENT_SNC_MYNAME% |
| %$rep.JCO_CLIENT_SNC_PARTNERNAME% |
| %$rep.JCO_CLIENT_SNC_QOP% |
logonuid | %MSKEYVALUE% |
password | $FUNCTION.sap_getPassword(%MX_ENCRYPTED_PASSWORD%)$$ |
changetype | modify |
ProductivePwd | 1 |
So you'll note that the ProductivePwd value is set to 1 not X. Hopefully that will help.
Regards,
Matt
Hello Nicolas,
try the following:
In the target repository you will have defined a value for JCO_CLIENT_SNC_MYNAME and
JCO_CLIENT_USER.
In the target abap system for the user defined in JCO_CLIENT_USER goto the SU01 account. Here you will see the SNC tab and a field snc name. Here populate this with the value -> JCO_CLIENT_SNC_MYNAME eg p:CN=IdM, O=myserver, C=DE and save.
Check then if the password is updated as productive.
Thanks,
Chris
User | Count |
---|---|
80 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.