Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
Showing results for 
Search instead for 
Did you mean: 


0 Kudos


We have implemented a custom program using the function module SUSR_USER_CHANGE_PASSWORD_RFC to synchronize users SAP passwords with that of their Active Directory passwords.

The program logic is as follows, in brief.

1) First we reset the users password to Initial type with a randomly generated password.

2) Next we send the users new password, the previously generated password, and the list of systems that the user has access to to the function module SUSR_USER_CHANGE_PASSWORD_RFC.

The issue we're facing is that, for a small percentage of users, the program is returning the error "Password cannot be longer than 8 char. and cannot contain lower case". We have verified that the users are not setting passwords that violate these rules, so the password does not seem to be the issue.

Based on my research, I've identified that this is being caused due to the parameter login/password_downwards_compatibility being set to 5 in the affected systems.

However, what we're seeing is that the error occurs extremely randomly. Sometimes it happens for one system, sometimes it happens for multiple systems, sometimes it happens for all the systems. Our questions are as follows

1) Why does the error happen randomly? We can understand if the error happens for all the systems at once, because that would indicate a problem with the password i.e. its length is more than 8 characters. I should note that all of the systems that this is occurring in have the same values for all password parameters i.e. parameters beginning with 'login'.

2) We would like to change the value of the parameter login/password_downwards_compatibility to 1 to fix this issue, however we'd like to know how to test the impact of changing the above parameter's value to 1. We're unsure of the test procedures so it would be great if you could guide us.


0 Kudos

Hello Shyamsundar,

You can use the SM50 logon trace, per SAP Note 495911, to verify what is happening.

About the profile parameter, you can also read SAP Note 1023437.




please keep in mind, that that FM SUSR_USER_CHANGE_PASSWORD_RFC is not(!) released for customers....

A password sync between different systems has always to be considered seriously. Better implement an SSO solution, than unifying the passwords...