cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Reset password for LDAP user in Portal

Go to solution
Former Member

on ‎08-18-2009 1:02 AM

0 Kudos

HI All,

We are on Enhancement pack 1. I have configured the logon help to reset the user password.Now on the portal login screen "GET SUPPORT link is displayed". If the users are stored in the UME ( Portal database) then I can able to reset the password but the same is not working for the users stored in LDAP.

I am using WRITABLE LDAP CONFIGURATION FILE in CONFIG tool and even user is having full access at AD level.

Please let me know how to reset the user password if they are stored in AD.

Thanks

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎08-20-2009 8:25 AM
0 Kudos

Hi hammad,

LDAP users can change their passwords in Portal. In my company it's work. In Portal exist 2 datasources UME and LDAP. By default UME datasource is primary and have more high priority then LDAP. If you setup that LDAP datasource primary, LDAP users can change their password in Portal

Regards

Dmitriy

Show replies
Show replies
Former Member
‎08-20-2009 4:07 PM
0 Kudos

Hi Dmitriy,

Thanks for you response, I have seen you have replied to most of threads..Thanks again..

As you said to setup LDAP datasource primary, HOW CAN WE ACHIEVE THIS".

I configured UME to point to LDAP by using XML(writable) configuration file ( in Config tool) and the user used to configure LDAP in config tool having all the rights ( change pwd, manage account etc)..but still it's not working... if you have modified the XML file then can you please show me modified portion of it to achieve this..

Also the user that I am trying to change the password exists in the same OU where user is used to configure in LDAP in config tool.

I have given OU level rights ( change pwd, manage account etc).

Please let me know how to achieve this.

Thanks

Former Member
‎08-21-2009 7:52 AM
0 Kudos

Hi hammad,

In ActiveDirectory I have OU where "live" portal accounts. LDAP users can change their passwords in portal. Have a look part of my datasource fileresponsible for LDAP. Try to download it instead yours, I hope it help you.

+ <dataSource id="PRIVATE_DATASOURCE" className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence" isReadonly="false" isPrimary="true">

- <dataSource id="CORP_LDAP" className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence" isReadonly="false" isPrimary="true">

- <homeFor>

<principal type="account" />

<principal type="user" />

<principal type="group" />

</homeFor>

- <notHomeFor>

- <principal type="user">

- <nameSpace name="$serviceUser$">

- <attribute name="SERVICEUSER_ATTRIBUTE">

- <values>

<value>IS_SERVICEUSER</value>

</values>

</attribute>

</nameSpace>

</principal>

- <principal type="account">

- <nameSpace name="$serviceUser$">

- <attribute name="SERVICEUSER_ATTRIBUTE">

- <values>

<value>IS_SERVICEUSER</value>

</values>

</attribute>

</nameSpace>

</principal>

</notHomeFor>

- <responsibleFor>

- <principal type="account">

- <nameSpace name="com.sap.security.core.usermanagement">

<attribute name="j_user" readonly="true" />

<attribute name="logonalias" readonly="true" />

<attribute name="j_password" readonly="false" />

<attribute name="userid" readonly="true" />

</nameSpace>

- <nameSpace name="com.sap.security.core.authentication">

<attribute name="principal" />

<attribute name="realm" />

<attribute name="domain" />

</nameSpace>

</principal>

- <principal type="user">

- <nameSpace name="com.sap.security.core.usermanagement">

<attribute name="firstname" readonly="true" />

<attribute name="displayname" readonly="true" />

<attribute name="lastname" readonly="true" />

<attribute name="fax" readonly="true" />

<attribute name="email" readonly="true" />

<attribute name="title" readonly="true" />

<attribute name="department" readonly="true" />

<attribute name="description" readonly="true" />

<attribute name="mobile" readonly="true" />

<attribute name="telephone" readonly="true" />

<attribute name="streetaddress" readonly="true" />

<attribute name="uniquename" readonly="true" />

</nameSpace>

Regards

Dmitriy

Edited by: Dmitry Korolev on Aug 21, 2009 8:52 AM

Former Member
‎08-21-2009 3:36 PM
0 Kudos

Thanks Dmitry for your response. I have compared your XML with my XML configuration files. I can see the following difference

1) In your XML <attribute name="j_password" readonly="false" /> ..I will also make the same change

2) In PRIVATESECTION of xml you have

<ume.ldap.access.msads.control_attribute>msds-useraccountdisabled</ume.ldap.access.msads.control_attribute>

<ume.ldap.access.msads.control_value>FALSE</ume.ldap.access.msads.control_value>..I will also include the same..

I can only see the above two major changes in the XML file..(Please let me know If I miss anything in the XML file and APART FROM XML FILE)..anyhow I will also make the same change in my xml and will give a try.

I have also opened the OSS message on this issue...SAP has responded saying..if you want to achieve this we have to enable SSL between J2EE engine and LDAP..Here is the note 673824 that talks about it..look at the II. Specific limitations (Create user on Microsoft Active Directory).

Have you done the same as mentioned in the SAP note.

Thanks

Former Member
‎08-24-2009 10:30 AM
0 Kudos

Hi hammad,

Yes, we apply this note and setup SSL between Portal and J2EE.

Regards

Dmitriy

Former Member
‎08-24-2009 1:08 PM
0 Kudos

We are in the mode of setting up of SSL between Portal and Active directory..I will let you know once the configuration has been done.

Thanks

Former Member
‎09-15-2009 3:50 PM
0 Kudos

Hello Hammad,

Have you got this to work. I'm in a similar situation where I'm trying to set up the Portal so that external users can change there own passwords and we are also using the LDAP as our user store as opposed to the UME.

Thanks,

Dan

Former Member
‎09-15-2009 10:25 PM
0 Kudos

Yes, we have solved the problem. In order to implement this first you need to setup SSL between J2EE Engine & Active directory.

Once it is setup you can use the LDAP writable configuration file, make sure readonly property of j_password is set to false.

Let me know if you have any issue.

Thanks

Former Member
‎09-24-2009 3:30 PM
0 Kudos

Hello Hammad,

I've been somewhat successful in using this procedure to change passwords but it's not working for all users. When I create a test user in the LDAP with the users first and last names and e-mail address it works. When I attempt to change my own password I receive the message "Incorrect user information, cannot send e-Mail with new password". I've verified the name and e-mail address are correct in the LDAP but the one variable I see here is we are using the Microsoft Exchange Server for emails. I'm not sure if this has anything to do with my problem or not. For the test ID I just key in the e-mail address in the LDAP so it's not getting it from the Exchange Server. Anyone have any thoughts?

Thanks,

Dan

Former Member
‎09-24-2009 4:39 PM
0 Kudos

It is working fine for me. I have created SAPPORTALUSER in LDAP with First name , Last name & email address.

When I entered the ID & Email address to change the password I have recieved an email with the password. Make sure user ID and Email field should match with the account information. You cannot use different email address for sending the password, make sure to use the email address which is on the account.

Former Member
‎03-12-2010 9:15 AM
0 Kudos

Hi Hammad,

When we are changing USER'S password in LDAP then we are getting a mail with new password,but we are using this new password to login to portal that time we are not getting the password change screen but when we are changing the user's password through portal and got a mail with new password and when we login through this new password we can get the password change screen.

can you please help me on this why we are not able to get password change screen we are resetting password through LDAP ,

is there any setting there in LDAP?

Regards

Trilochan

Answers (2)

Answers (2)

Former Member
‎08-18-2009 9:46 AM
0 Kudos

Hi

You cannot change the password for LDAP users through portal but you can provide a link for change password that directs to LDAP change password link.

Hope this helps

Regards

Aruna

Show replies
Show replies
Former Member
‎08-18-2009 5:14 PM
0 Kudos

The link that you have provided me is the password change application..but I want external user to reset their password if they forget it. Moreover as Aruna said..it is not possible to change the LDAP user password then why SAP has given WRITABLE CONFIG file for LDAP-UME configuration..Even I have seen some threads where people have implemented this feature.

Please let me know if I am missing any UME configuration.

Thanks

Former Member
‎08-18-2009 8:03 AM
0 Kudos

Dear Hammad,

As per my knowledge Ldap users credentials(passwords) can be changed from there network login as it is a part of microsoft ad directory and post ldap configuration user is able to login to portal with their network user credentials , so if they change their network passwords their portal passwords will also be affected.

Also if you want you can develop change password link in the portal itself.

Please find the excellent link with complete code ,may be it is usefulto you:

Regards

Pooja Gehani

Show replies
Show replies
Ask a Question