Active Directory as userstore (writeable)

Hello,

I configured an ADS (flat) as userstore. The ADS is connected via LDAP over SSL (Port 636).

The users in the ADS are visible in the portal useradministration.

The administrator can create, delete and change the users. Also the administratror is able to change the passwords.

But if a user tries to logon, he's prompted to change his own password.

When the user tries to change the password he get's an "authentication failed".

In the default trace the following error appears:

#1.5#00145E1B20DE004A0000001D0000174C0004096F7BFB4C53#1136274333010#com.sap.security.core.persistence#sap.com/irj#com.sap.security.core.persistence#Guest#116####ea8598407c2c11dab89a00145e1b20de#SAPEngine_Application_Thread[impl:3]_28##0#0#Error#1#/System/Security/Usermanagement#Java###DataSource : Can not change password#1#CORP_LDAP# #1.5#00145E1B20DE004A0000001E0000174C0004096F7BFB80BE#1136274333026#com.sap.security.core.imp#sap.com/irj#com.sap.security.core.imp.[cf=com.sap.security.core.sapmimp.logon.SAPMLogonLogic][md=doLogon][cl=19621]#Guest#116####ea8598407c2c11dab89a00145e1b20de#SAPEngine_Application_Thread[impl:3]_28##0#0#Error##Java###doLogon failed [EXCEPTION] #1#javax.security.auth.login.LoginException: PASSWORD_EXPIRED

at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoginException(SAPJ2EEAuthenticator.java:344)

at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:108)

at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:305)

at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:96)

at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:186)

at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:522)

at java.security.AccessController.doPrivileged(Native Method)

at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)

at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)

at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)

at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)

at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)

at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)

at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)

at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)

at java.security.AccessController.doPrivileged(Native Method)

at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:95)

at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:160)

Any suggestions?

Thanks and best regards,

Jens Wannenmacher