cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Password change Pormpt is not showing

former_member305573
Participant

on ‎2013 Dec 11 8:58 AM

0 Kudos
134

Dear all,

I am facing one issue in portal UME , Where i am not getting password change prompt in Portal

1) Portal UME is connected with LDAP server.

2) Password policy has been maintained in LDAP side.

we are getting user from Active directory with there group assigned in LDAP.

3) There they are maintaining the policy to change the password whenever first time user is logging in.

Issue is I am not getting any prompt of change password in Portal.

for UME database user,  it is working fine. but for LDAP issue is there.

Please help me with your expert advice.

It's an urgent issue

Your help will be always appreciable.

Regards:

Prashant krishen

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎2013 Dec 11 9:45 AM
0 Kudos

Hi,

Before that can you please tell me that the connection between the LDAP and Portal is secure because i think i read some where that to be able to change the password your connection should be secure.(Let me double check this one where i read this)

To get the prompt on the portal i think you need to configure the policy on the portal in the ume configuration.

Thanks

Rishi Abrol

Show replies
Show replies
former_member305573
Participant
‎2013 Dec 11 10:49 AM
0 Kudos

Hi Rishi,

Thanks for your response .

Connection and SSO has been set correctly . Because we are able to connect with initial password.

Let me be more specific.

When i am entering the initial password it is directly taking me to home screen of portal instead of asking me to reset the password. 

We are maintaining the LDAP security policy in our Portal.

Regards :

Prashant krishen.

Former Member
‎2013 Dec 11 11:15 AM
0 Kudos

Hi,

Please check this.

Specific Limitations

Microsoft Active Directory Server

  • Create User on Microsoft Active Directory

           Due to security reasons it is only possible to create users or user accounts or change a password on Microsoft Active Directory server, if you are using an SSL connection between the Enterprise Portal or SAP J2EE Engine and the directory server.
           Additionally, the "High Encryption Pack" for Windows 2000 to enable a 128 bit SSL encryption must be installed on the Microsoft Active Directory Server.

  • Group Members on Microsoft Active Directory 2000 and Following Releases

           The following restrictions concerning group members on a Microsoft Active Directory apply:

    • You cannot store more than 5000 members on a group.
    • If you read the group members from a group containing up to 1000 members, Microsoft Active Directory returns the members with the default attribute name.
    • If you read from a group containing more than 1000 members, it returns up to 1000 members, even if the group contains more members, but it uses a different attribute name.

           Therefore, the UME API calls that read the members of a group with more than 1000 members, return no members due to the different attribute name.

673824 - LDAP Recommendations for UME

Thanks

Rishi Abrol

Former Member
‎2013 Dec 11 11:18 AM
0 Kudos

Hi,

Also check the below note.

868194 - Change password for LDAP users is not working


Thanks

Rishi Abrol

former_member305573
Participant
‎2013 Dec 26 10:42 AM
0 Kudos

Hi Rishi,

Thanks for your reply.

Above note is not applicable in My case .

for your reference I am facing the same as below Thread.

http://scn.sap.com/thread/1048124

The no of users is 1000 only. so this not related to exceeding no users.

Regards:

Prashant krishen

Former Member
‎2014 Jan 02 10:24 PM
0 Kudos

UME (by default) cannot read the parameter "Password change required" on AD/LDAP and hence cannot prompt for password changes based on the LDAP policies defined.


Read the following two discussions, where I had run into the same problem and explained how this works and a few alternatives:


https://scn.sap.com/thread/2043508

http://scn.sap.com/thread/1770613

Thanks,

Shanti


Ask a Question