cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Setting productive password in ABAP Systems

Go to solution
Former Member

on ‎08-09-2013 3:31 PM

0 Kudos

I've implemented this note which works when I create a new user but I don't achieve to do it when it's for a reset password.

https://websmp130.sap-ag.de/sap(bD1ubCZjPTAwMQ==)/bc/bsp/sno/ui_entry/entry.htm?param=69765F6D6F6465...)

I've added this line : ProductivePwd with value X

That works fine.

I did the same with the task : ChangePasswordOfABAPUser

And I get this warning message

Could someone tell me what else need to be done ?

Thx.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member202491
Explorer
‎08-15-2013 9:15 PM
0 Kudos
Hi Nicolas
Out of interest what version of the ABAP backend are you dealing with? On a 731 system, I found that BAPI_USER_CREATE didn't perform a SNC check and that BAPI_USER_CHANGE did. This is within the code segment within the user change BAPI.
 
if auth_type = 'S'. "this session was personalized using SNC authentic
        " possible values: 'S' (SNC),
        "                  'P' (Password),
        "                  'X' (X.509 client certificate auth...),
        "                  'E' (External, SAML)
  
As Chris/ Matt have mentioned; once I had SNC correctly established both create/modify were able to set productive password.
Rgrds
Craig
Show replies
Show replies
ChrisPS
Contributor
‎08-15-2013 9:30 PM
0 Kudos

Hello - yes as Craig stated there was a change to the behaviour of  BAPI_USER_CHANGE which checks whether the user is logged on using SNC - see note 1287410 BAPI_USER_CHANGE: Set productive password. If the user is not logged on over SNC then the password is set as initial when updated from IdM via BAPI_USER_CHANGE.

Hope it explains.

Chris

Answers (2)

Answers (2)

former_member202491
Explorer
‎08-15-2013 9:42 PM
0 Kudos

Cheers Chris, That's were the change was introduce - thanks for the clarification. From what I have seen its just that BAPI_USER_CREATE doesn't make the same check. Hence I ended up with Nicolas issue where productive passwords work for create but not change.

Can be a tad confusing when it works one way and not the other. As the actual issue relates within the underlying SNC layer/ config.

Rgrds
Craig

Show replies
Show replies
former_member2987
Active Contributor
‎08-09-2013 4:06 PM
0 Kudos

Nicolas, please take a look at notes1287410 and 1602902.

Thanks!

Matt

Show replies
Show replies
Former Member
‎08-12-2013 1:46 PM
0 Kudos

Hi Matt,

Thanks for the links.

In fact it works when I create a user but not when updating the data.

It's maybe normal that as an admin I cannot send a productive password for someone but it maybe works with the "self-service reset password".

I'll check that but if you have an other idea, it's allways welcome.

Nicolas.

former_member2987
Active Contributor
‎08-13-2013 2:55 PM
0 Kudos

Nicolas,

It should not matter either way.  I can think of only two other things at this point.

1. Double check the IDM password settings/policy.

2. Check with your BASIS and security teams to make sure they don't have something setup that could be conflicting with what you would like to do in IDM.

Regards,

Matt

Former Member
‎08-13-2013 3:07 PM
0 Kudos

Password is provisionned correctly, it's just that the parameter X - Productive Password doesn't work for an update but well for a user creation.

former_member2987
Active Contributor
‎08-13-2013 3:41 PM
0 Kudos

Nicolas,

I know I set it up for updates at a past client (although it was 7.1)  I don't recall what I set the value to.  I'll have to see if I have it anywhere in my notes.

Regards,

Matt

Former Member
‎08-14-2013 9:38 AM
0 Kudos

That would be wonderfull if you find it back in your notes.

Thanks in advance.

Nicolas.

former_member2987
Active Contributor
‎08-14-2013 2:01 PM
0 Kudos

Nicolas,

Thankfully the system I did it on was from IDM 7.1 which still had the System Report functionality.  Here's an excerpt from the report:

1.39.4.7    Passes

1

Yes

To Custom

Set ECC Password

1.39.4.7.1  Pass 1: Set ECC Password/To Custom

Repository

-- None --

1.39.4.7.1.1         Source

Use identity store

False

Source database

<EMPTY>

SQL query

<EMPTY>

Initialization script

<EMPTY>

Entry script

<EMPTY>

Termination script

<EMPTY>

1.39.4.7.1.2         Destination

Pass type

ToSAP

  1. jco.client.ashost

%$rep.JCO_CLIENT_ASHOST%

  1. jco.client.sysnr

%$rep.JCO_CLIENT_SYSNR%

  1. jco.client.user

%$rep.JCO_CLIENT_USER%

  1. jco.client.client

%$rep.JCO_CLIENT_CLIENT%

  1. jco.client.passwd

%$rep.JCO_CLIENT_PASSWD%

  1. jco.client.lang

%$rep.JCO_CLIENT_LANG%

  1. jco.client.group

%$rep.JCO_CLIENT_GROUP%

  1. jco.client.gwhost

%$rep.JCO_CLIENT_GWHOST%

  1. jco.client.gwserv

%$rep.JCO_CLIENT_GWSERV%

  1. jco.client.mshost

%$rep.JCO_CLIENT_MSHOST%

  1. jco.client.r3name

%$rep.JCO_CLIENT_R3NAME%

  1. jco.client.snc_lib

%$rep.JCO_CLIENT_SNC_LIB%

  1. jco.client.snc_mode

%$rep.JCO_CLIENT_SNC_MODE%

  1. jco.client.snc_myname

%$rep.JCO_CLIENT_SNC_MYNAME%

  1. jco.client.snc_partnername

%$rep.JCO_CLIENT_SNC_PARTNERNAME%

  1. jco.client.snc_qop

%$rep.JCO_CLIENT_SNC_QOP%

logonuid

%MSKEYVALUE%

password

$FUNCTION.sap_getPassword(%MX_ENCRYPTED_PASSWORD%)$$

changetype

modify

ProductivePwd

1

So you'll note that the ProductivePwd value is set to 1 not X.  Hopefully that will help.

Regards,

Matt

ChrisPS
Contributor
‎08-14-2013 2:13 PM
0 Kudos

Hello Nicolas,

                    try the following:

In the target repository you will have defined a value for JCO_CLIENT_SNC_MYNAME and

JCO_CLIENT_USER.

In the target abap system for the user defined in JCO_CLIENT_USER goto the SU01 account. Here you will see the SNC tab and a field snc name. Here populate this with the value  -> JCO_CLIENT_SNC_MYNAME eg p:CN=IdM, O=myserver, C=DE and save.

Check then if the password is updated as productive.

Thanks,

Chris

Ask a Question