cancel
Showing results for 
Search instead for 
Did you mean: 

Portal UME user password locked...

Former Member
0 Kudos

Hi,

We have a scenario like our portal is connected to LDAP, we have a setting like when user enter his credentials wrong 3 times his User Id will be blocked in LDAP and same can be seen in Portal under User management-> User -> password locked option is checked.

But we have a option of re-set the portal password in Login page so user can able to reset his password after which he gets the mail saying he has reset the password successfully, which unlock him in Ldap but his user is still locked in Portal Ume tht is "User management-> User -> password locked option is checked." Due to which he still doesnt able to login to portal.

I dont know how UME is not getting effected when LDAP is still unlock. pls share some information.

regards

stan

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Stan,

Even though your EP user store is based on LDAP, by default EP enforces its security policies: 60 minutes lock after 6 invalid attempts.

This lock has nothing to do with the LDAP server, it is local to EP.

It is possible to change this behavior using 2 ways: UME GUI or simply modify UME properties in the Config tool.

Do it via Config tool:

Open Config Tool, go to "Global server configuration", services, com.sap.security.core.ume.service.

Modify the following property:

Set ume.logon.security_policy.lock_after_invalid_attempts to 0

Save, check that this property is not overwritten to a different value in any of the server nodes local properties of the EP instances. Restart the cluster.

This should do it.

It is explained here:

http://help.sap.com/saphelp_nw04s/helpdata/en/b5/16c43bdd3da244a1d3372a77b5f83f/frameset.htm

I also would set ume.logon.security_policy.auto_unlock_time to 1, just in case user got locked, the lock will hold only 1 minute.

Best regards,

Slava

Former Member
0 Kudos

Hello,

Are you using the standard SAP Login page to unlock the user? Are you sure the UME keeps the user locked? I know that AD replication can take a few minutes sometimes if you have a few AD servers...

If you are using a programmed component, are you clearing the UME cache for that user after reseting the password?

Cheers,

Hermann