Skip to Content
avatar image
Former Member

Initial password's problem for LDAP account in Portal

Hi colleagues.

I have next problem.

I setuped communication between LDAP (Active Directory) and UME,

configured SSL Between the UME and an LDAP Directory and install

certificate in Visual Administrator and in Active Directory on domain

controller. As result I can manage LDAP accounts from Portal (delete

LDAP accounts, define new password for them manage them like UME

accounts).

The problem appear then in Active Directory for LDAP account I difine

password and check property user must change password at next logon.

User tried to logon with this password to Portal and have message User

authentication is faild.

Useful answers will be pointed

Regards

Dmitriy

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • Best Answer
    avatar image
    Former Member
    Dec 18, 2008 at 05:06 AM

    Dmitry,

    Here are mine 2 cents:

    1. useraccountcontrol=544

    Try with 512, because 544 means also PASSWD_NOTREQD.

    This is why your password change may get messed up.

    From other forums I can see that initial password change in LDAP should work:

    https://forums.sdn.sap.com/click.jspa?searchID=20081205&messageID=5363287

    2. There is an option to activate self help at login screen for users who cannot login and need their password reset and emailed them. May be useful.

    3. Open an OSS message with SAP. They should be able to help.

    Ну и от себя: Дай Поинтов Маркови, старается же человек.

    Regards,

    Slava

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi Dmitry,

      I am having same issue of LDAP account in locked status, even after Admin has reset password from Portal.

      How did you manage to unlock LDAP Accounts? do unlock it from Portals or ABAP or LDAP ?

      Kumar

  • Oct 03, 2008 at 03:32 PM

    Dmitriy,

    When an account is created in Active Directory, it is normally disabled by default. The parameter msDS-UserAccountDisabled may initially be set to TRUE. This needs to be set to false to be used as a login.

    If this parameter is false, please paste the datasource.xml you are using and I'll take a look.

    Cheers,

    Marc

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Marc Timperley

      Hi Marc,

      A add this 2 lines to the end of private section but unfortunately the result is the same, user can not change password .

      Answers on your questions

      1. Users able to log into the AD immediately after creation

      2. Users able to change their passwords from the portal (AD property User must chage password at next logon is switch off, user can change password via Personalize)

      3. I use SSL connection between the systems

      Regards

      Dmitriy

  • Dec 15, 2008 at 10:07 AM

    Dmitriy,

    Two further questions:

    1. You say that users can login to AD immediately after creation. Are they prompted to change their password if they do this?

    2. When a user logs onto the portal for the first time, are they able to get into the portal without being forced to change their password?

    Thanks,

    Marc

    Add comment
    10|10000 characters needed characters exceeded

    • Dmitriy,

      A couple more troubleshooting questions:

      1. You say that users can login to AD immediately after creation. Are they prompted to change their password if they do this?

      2. If a user changes their password in portal, does it change the AD password?

      3. Can you please attach the UME Configuration zip file? Remember to remove any sensitive data before posting

      4. What version of the portal are you running?

      Thanks,

      Marc

  • avatar image
    Former Member
    Mar 23, 2009 at 06:16 PM

    Have you tried altering the date on the property:

    ume.logon.security_policy.password_last_change_date_default 12/31/9999 to 12/31/1999?

    Edited by: Laura Duffy on Mar 23, 2009 7:18 PM

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Dec 26, 2013 at 10:36 AM

    HI Dmitriy,

    I am facing the same issue.

    If you have able resolve the issue.

    Than please help me with your document or suggestion.

    Reffing the above discussion i have done all changes accordingly.

    But still i am not able to get the Change password prompt.

    Please help with your valuable suggestion it's urgent for me.

    Your help will be always appreciable .

    Thanks in Advance :

    Prashant krishen.

    Add comment
    10|10000 characters needed characters exceeded