on 08-18-2009 1:02 AM
HI All,
We are on Enhancement pack 1. I have configured the logon help to reset the user password.Now on the portal login screen "GET SUPPORT link is displayed". If the users are stored in the UME ( Portal database) then I can able to reset the password but the same is not working for the users stored in LDAP.
I am using WRITABLE LDAP CONFIGURATION FILE in CONFIG tool and even user is having full access at AD level.
Please let me know how to reset the user password if they are stored in AD.
Thanks
Hi hammad,
LDAP users can change their passwords in Portal. In my company it's work. In Portal exist 2 datasources UME and LDAP. By default UME datasource is primary and have more high priority then LDAP. If you setup that LDAP datasource primary, LDAP users can change their password in Portal
Regards
Dmitriy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Dmitriy,
Thanks for you response, I have seen you have replied to most of threads..Thanks again..
As you said to setup LDAP datasource primary, HOW CAN WE ACHIEVE THIS".
I configured UME to point to LDAP by using XML(writable) configuration file ( in Config tool) and the user used to configure LDAP in config tool having all the rights ( change pwd, manage account etc)..but still it's not working... if you have modified the XML file then can you please show me modified portion of it to achieve this..
Also the user that I am trying to change the password exists in the same OU where user is used to configure in LDAP in config tool.
I have given OU level rights ( change pwd, manage account etc).
Please let me know how to achieve this.
Thanks
Hi hammad,
In ActiveDirectory I have OU where "live" portal accounts. LDAP users can change their passwords in portal. Have a look part of my datasource fileresponsible for LDAP. Try to download it instead yours, I hope it help you.
+ <dataSource id="PRIVATE_DATASOURCE" className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence" isReadonly="false" isPrimary="true">
- <dataSource id="CORP_LDAP" className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence" isReadonly="false" isPrimary="true">
- <homeFor>
<principal type="account" />
<principal type="user" />
<principal type="group" />
</homeFor>
- <notHomeFor>
- <principal type="user">
- <nameSpace name="$serviceUser$">
- <attribute name="SERVICEUSER_ATTRIBUTE">
- <values>
<value>IS_SERVICEUSER</value>
</values>
</attribute>
</nameSpace>
</principal>
- <principal type="account">
- <nameSpace name="$serviceUser$">
- <attribute name="SERVICEUSER_ATTRIBUTE">
- <values>
<value>IS_SERVICEUSER</value>
</values>
</attribute>
</nameSpace>
</principal>
</notHomeFor>
- <responsibleFor>
- <principal type="account">
- <nameSpace name="com.sap.security.core.usermanagement">
<attribute name="j_user" readonly="true" />
<attribute name="logonalias" readonly="true" />
<attribute name="j_password" readonly="false" />
<attribute name="userid" readonly="true" />
</nameSpace>
- <nameSpace name="com.sap.security.core.authentication">
<attribute name="principal" />
<attribute name="realm" />
<attribute name="domain" />
</nameSpace>
</principal>
- <principal type="user">
- <nameSpace name="com.sap.security.core.usermanagement">
<attribute name="firstname" readonly="true" />
<attribute name="displayname" readonly="true" />
<attribute name="lastname" readonly="true" />
<attribute name="fax" readonly="true" />
<attribute name="email" readonly="true" />
<attribute name="title" readonly="true" />
<attribute name="department" readonly="true" />
<attribute name="description" readonly="true" />
<attribute name="mobile" readonly="true" />
<attribute name="telephone" readonly="true" />
<attribute name="streetaddress" readonly="true" />
<attribute name="uniquename" readonly="true" />
</nameSpace>
Regards
Dmitriy
Edited by: Dmitry Korolev on Aug 21, 2009 8:52 AM
Thanks Dmitry for your response. I have compared your XML with my XML configuration files. I can see the following difference
1) In your XML <attribute name="j_password" readonly="false" /> ..I will also make the same change
2) In PRIVATESECTION of xml you have
<ume.ldap.access.msads.control_attribute>msds-useraccountdisabled</ume.ldap.access.msads.control_attribute>
<ume.ldap.access.msads.control_value>FALSE</ume.ldap.access.msads.control_value>..I will also include the same..
I can only see the above two major changes in the XML file..(Please let me know If I miss anything in the XML file and APART FROM XML FILE)..anyhow I will also make the same change in my xml and will give a try.
I have also opened the OSS message on this issue...SAP has responded saying..if you want to achieve this we have to enable SSL between J2EE engine and LDAP..Here is the note 673824 that talks about it..look at the II. Specific limitations (Create user on Microsoft Active Directory).
Have you done the same as mentioned in the SAP note.
Thanks
Yes, we have solved the problem. In order to implement this first you need to setup SSL between J2EE Engine & Active directory.
Once it is setup you can use the LDAP writable configuration file, make sure readonly property of j_password is set to false.
Let me know if you have any issue.
Thanks
Hello Hammad,
I've been somewhat successful in using this procedure to change passwords but it's not working for all users. When I create a test user in the LDAP with the users first and last names and e-mail address it works. When I attempt to change my own password I receive the message "Incorrect user information, cannot send e-Mail with new password". I've verified the name and e-mail address are correct in the LDAP but the one variable I see here is we are using the Microsoft Exchange Server for emails. I'm not sure if this has anything to do with my problem or not. For the test ID I just key in the e-mail address in the LDAP so it's not getting it from the Exchange Server. Anyone have any thoughts?
Thanks,
Dan
It is working fine for me. I have created SAPPORTALUSER in LDAP with First name , Last name & email address.
When I entered the ID & Email address to change the password I have recieved an email with the password. Make sure user ID and Email field should match with the account information. You cannot use different email address for sending the password, make sure to use the email address which is on the account.
Hi Hammad,
When we are changing USER'S password in LDAP then we are getting a mail with new password,but we are using this new password to login to portal that time we are not getting the password change screen but when we are changing the user's password through portal and got a mail with new password and when we login through this new password we can get the password change screen.
can you please help me on this why we are not able to get password change screen we are resetting password through LDAP ,
is there any setting there in LDAP?
Regards
Trilochan
Hi
You cannot change the password for LDAP users through portal but you can provide a link for change password that directs to LDAP change password link.
Hope this helps
Regards
Aruna
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The link that you have provided me is the password change application..but I want external user to reset their password if they forget it. Moreover as Aruna said..it is not possible to change the LDAP user password then why SAP has given WRITABLE CONFIG file for LDAP-UME configuration..Even I have seen some threads where people have implemented this feature.
Please let me know if I am missing any UME configuration.
Thanks
Dear Hammad,
As per my knowledge Ldap users credentials(passwords) can be changed from there network login as it is a part of microsoft ad directory and post ldap configuration user is able to login to portal with their network user credentials , so if they change their network passwords their portal passwords will also be affected.
Also if you want you can develop change password link in the portal itself.
Please find the excellent link with complete code ,may be it is usefulto you:
Regards
Pooja Gehani
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
89 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.