Skip to Content
avatar image
Former Member

automatically deactivate password on CUA

We have a system whereby user-accounts are automatically created from Active Directory to SAP. As these users are normally only used for acces from a portal the password should be de-activated. We need to do this from the CUA-system as password changes are not allowed on the child-system.

When a new user is created the password is of course always initial but Is there a way to automatically deactivate the password directly after an account is created ?

Thanks for any suggestions.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • avatar image
    Former Member
    Feb 06, 2013 at 09:08 AM

    Hi Thom,

    Could the parameter login/disable_password_logon help you? Then the password is deactivated for all users in the system.

    Kind regards

    Maaike

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Feb 06, 2013 at 02:54 PM

    Hi Thom,

    You can also consider decreasing the lifespan of the initial password (login/password_max_new_valid). With unknown initial passwords which expire before the user is notified there shouldn't be a big security risk.

    Jurjen

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Jurjen,

      It is not enough to disable the password, you have to actively set the password to "deactivated".

      These users come from an HR-portal where their identity is verified via ldap but connect to backend-system to get the relevant HR-data per user. To prevent them getting a logon-screen when connecting the password needs to be deactivated (which is something else than disabled). As the users are automatically created on a CUA-system we need to add a step somewhere to do this deactivation. Hope this clarifies my question.

  • Feb 07, 2013 at 09:29 AM

    Do you use the standard LDAP syncronization to copy users from LDAP to the CUA central system?

    - Transaction LDAP to configure the connection

    - Report RSLDAPSYNC_USER to synchronize users according to LDAP

    Currently I do not have access to a test system to verify it personally, but I guess that you can configure the password creation rule 'no password' in the settings somehow. Please check the attribute mappings in transaction LDAP.

    Kind regards

    Frank

    Add comment
    10|10000 characters needed characters exceeded