Skip to Content
Aug 13, 2020 at 04:39 PM


543 Views Last edit Aug 14, 2020 at 02:18 PM 2 rev


We have implemented a custom program using the function module SUSR_USER_CHANGE_PASSWORD_RFC to synchronize users SAP passwords with that of their Active Directory passwords.

The program logic is as follows, in brief.

1) First we reset the users password to Initial type with a randomly generated password.

2) Next we send the users new password, the previously generated password, and the list of systems that the user has access to to the function module SUSR_USER_CHANGE_PASSWORD_RFC.

The issue we're facing is that, for a small percentage of users, the program is returning the error "Password cannot be longer than 8 char. and cannot contain lower case". We have verified that the users are not setting passwords that violate these rules, so the password does not seem to be the issue.

Based on my research, I've identified that this is being caused due to the parameter login/password_downwards_compatibility being set to 5 in the affected systems.

However, what we're seeing is that the error occurs extremely randomly. Sometimes it happens for one system, sometimes it happens for multiple systems, sometimes it happens for all the systems. Our questions are as follows

1) Why does the error happen randomly? We can understand if the error happens for all the systems at once, because that would indicate a problem with the password i.e. its length is more than 8 characters. I should note that all of the systems that this is occurring in have the same values for all password parameters i.e. parameters beginning with 'login'.

2) We would like to change the value of the parameter login/password_downwards_compatibility to 1 to fix this issue, however we'd like to know how to test the impact of changing the above parameter's value to 1. We're unsure of the test procedures so it would be great if you could guide us.