07-17-2007 9:36 PM
One of our user can not login to SAP - getting user lock message but in SU01 or SUIM we couldn't see him locked. It's a normal dialog user. We are not using CUA. What could be the issue ? How to unlock this user ?
Please suggest.
07-17-2007 9:38 PM
sapman,
What does it show for the uflag field in table usr02. This is the table/field that shows the lock status.
Cheers,
Ben
07-17-2007 9:58 PM
UFLAG filed shows 0 not 128 or 64.
Please how can we allow this user to login
07-17-2007 10:04 PM
Also be sure the password has not been inactivated.
If that is not the case answer the following:
If the user is copied into another user is it able to logon? Also what is the exact error message?
Cheers,
Ben
07-17-2007 10:13 PM
Lock and Unlock the user, and ask the user to logoff and login again. When the user is logged off check for any open session running with this user ID
07-17-2007 10:16 PM
I'll try to find answers to that ASAP.
But how to check whether password inactivated or not ?
TIA
07-19-2007 9:34 AM
Yes benjamin. I checked that login/password_expiration_time is over for this user. BCDA1 field date is over. Now whether his password can be now reset using simple SU01 ? or delete/create this id is required. In some notes I read that "expired password can not be reset" - not sure whether that is true with this prof parameter or not ?
Our security team says they tried to unlock & also reset password but user still can't login. Thats why I'm asking whether delete/create of this id required to enable him login ?
07-18-2007 1:44 PM
I would reset the user's password and ask them to try to relogon.
You can find if a password is deactivated in SU01 in the "logon data" tab.
07-19-2007 12:34 PM
Hi
I am not sure what version you are runnig gbut The profile paramters
login/password_max_new_valid and login/password_max_reset_valid should not be used. This causes issues with users. I had the same issue where by I had to delete and recreate,I then took these parms out and never had the issue agaain
07-19-2007 12:39 PM
Ensure that the users account is with in the "validity" period. eg Vaild from / to period in SU01.
07-20-2007 3:52 PM
@Moods: yes - have a kind look on <a href="https://service.sap.com/sap/support/notes/450452">SAP Note 450452</a>: refrain from using login/password_max_new_valid and use login/password_max_new_valid with care.
07-20-2007 3:50 PM
Advice: start transaction SE37 and test-drive function module SUSR_USER_PASSWORD_STATUS_GET.
Worse-comes-worse: use the tracing approach described in <a href="https://service.sap.com/sap/support/notes/495911">SAP Note 495911</a> to analyse the problem (which seems to be reproducable).
Cheers, Wolfgang