Problems in Changing LDAP (AD) Initial Password from Portal

Similar Messages

• LDAP : retreive the password from LDAP

  Hi,
  I am trying to authenticate the user with the password that is entered by him with the password in LDAP. Basically i have to do a String comparison. I am able to retreive all the attributes set for that user but the password is retrieved as:
  [B@867e89
  I did a toString() for that but no change.
  String s=attr.get().toString();I even tried to convert this String to a byte and then compare:
  byte[] newUnicodePassword=null;
                               try {
                                     newUnicodePassword = s.getBytes("UTF-16LE");
                                     System.out.println("Checking 2  :" + newUnicodePassword.toString());
                                } catch (UnsupportedEncodingException e) {
                                     // TODO Auto-generated catch block
                                     e.printStackTrace();
                                }But of no use.When i converted this byte array to a string it is the same encrypted characters.
  So i could not compare with the password that is entered by the user.
  Can anyone please tell why this is happening. And how i have to get the password from LDAP.
  Thanks in advance.

  You do not retrieve you passcode.
  Connect the iOS device to your computer and restore via iTunes. Place the iOS device in Recovery Mode if necessary to allow the restore.
  If recovery mode does not work try DFU mode.
  How to put iPod touch / iPhone into DFU mode « Karthik's scribblings
  For how to restore:
  iTunes: Restoring iOS software
  To restore from backup see:
  iOS: How to back up
  If you restore from iCloud backup the apps will be automatically downloaded. If you restore from iTunes backup the apps and music have to be in the iTunes library since synced media like apps and music are not included in the backup of the iOS device that iTunes makes.
  You can redownload iTunes purchases by:
  Downloading past purchases from the App Store, iBookstore, and iTunes Store

• Problem when printing Excel sheets when downloaded from Portal

  Hey,
  I am using the desformat=spreadsheet option to generate Excel files for my reports downloaded from Portal and this works fine. The trouble is that when users go to print the downloaded Excel reports it seems that the scale of the report changes and everything is made smaller to try and fit on the one page. The font size decreases, and the scale of the report decreases to the point where the report is nearly unreadable when printed. But when just viewing the reports in Excel everything looks fine.
  Any suggestions on why this is happening and how it can be fixed?
  Thanks

  Hello hermannedem,
  If you cannot see any content on pages you printed or in print preview, the cause might be margins which are set too high.
  #In order to check the margins, we need to go to ''File'' > ''Page Setup''.
  #Once this is done, switch to the ''Margins & Header/Footer'' tab.
  #Check what's set there under ''Margins''.
  The following are the default values for ''Margins'':
  '''Right''': 12.7
  '''Top''': 12.7
  '''Left''': 12.7
  '''Bottom''': 12.7
  Check these values accordingly and change them if necessary.
  Please let us know, if this resolves the issue.
  Thanks!

• Cisco ACS 5.4 + Anyconnect 3.1 NAM with 802.1x, problem with changing ACS Radius user password

  Dear all,
  Presently, we are testing 802.1x using Cisco ACS 5.4 and Cisco Anyconnect v3.1 as 802.1x supplicant. We have created predefined NAM profiles (with Cisco Profile Editor) and applied as default in on our test machine. We are using PEAP (MsCHAPv2) and ACS local user credentials for authenticating process. We have noticed that, when we try to authenticate the network with predefined profile (network profile has Administrator Network privileges) and Windows user on test machine has no Admin privileges we are not able to change ACS user password (checked "Change password on next login" in the ACS user profile). In the Monitoring and Report View we get Failure Reason "24203 User need to change password"  but no popup window apears in Anyconnect. When we change Windows local user privileges to Admin or create Anyconnect network profile localy (privileges User Network) then, we are able to finish the process.
  Have you ever been facing the problem described above. Is it Anyconnect bug? How can we fix it?
  Best regards,
  Piotr

  If this happens with all machines then if a microsoft guy can look the app logs/privileges. It seems the app is requesting privilege that it is not authorized to and that's why the propmt window fails to appear. If we know what that privilege is we can probably fix it. If that privilege is not even required for smooth work Cisco need probably to fix this behavior.
  I am sorry if I am not able to help but I am not using the anyconnect for production.
  Regards,
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• Permissions problems, keep changing and can't save from within application

  Hi there, we're running Mavericks server on our local network with a half dozen MBP and iMacs connected.
  For a wee while now, our users have been getting permissions problems. Documents (Excel documents, InDesign, Photoshop etc.) are becoming read only and we can't save them to either the same folder from within the application. Even ones that the same user has created. The thing is, we can copy the document to our desktop and then back again to the same folder and continue to edit and save normally.
  I've tried setting the Access for our "Group" to "Read & Write" but to no avail, this keeps happening. I can login to the server as admin and correct the permissions but they seem to keep reverting somewhere along the line...
  Apologies if there's something obvious I'm overlooking.
  Any recommendations? Would you recommend just removing all users and groups and starting again? Am I missing something?

  Thanks Linc, I have selected the folders that are shared from the Server App "Storage" tab and made sure the permissions are correct and then "propogated" them.
  All users belong to the same group we call "material".
  Just wondering, should I do this sort of thing when no one is connected to the server? Or should I require that everyone log off and back on?

• Is it possible to change a SAP BW password from the BI Launchpad?

  Hello,
  We are currently running:
  Business Objects 4.1 SP4
  Apache Tomcat Web Server
  SAP BW 7.3 SP 7, ABAP stack only
  We are using SAP BW as our primary EDW with BI 4.1 as a front end for Reporting and Analytics. SAP Authentication is enabled in BOBJ and that is used as the authentication method for all users. The majority of our user have no reason to ever log onto BW as all of their BI content is attainable through the BI Launchpad. (Analysis and Design Studio)
  When a new user is created in BW, it is mandatory by policy for them to change their password upon first login. However, the only way they can do this is by logging in to the SAP GUI to BW. Can this be achieved somehow through the BI Launchpad?
  Thank you
  Scott

  It is not possible to change it in LaunchPad unfortunately, workarounds are discussed here:
  http://scn.sap.com/thread/3355098
  Best regards,
  Victor

• Why can my daughter change my Apple ID password from her ipod...

  without even entering my old password first?  Is there some way to prevent her access to my Apple ID account.  I've made so I have to enter a password prior to purchases etc... but she can go into Settings>Store and have direct access to my Apple ID account (including changing the password without entering the old password).
  TIA

  I did not change my Apple ID identification, only the password.

• Retrieve username and password from Portal in external appl.

  Hi All,
  I have deployed an web application containing jsp into OC4J. I have registered this application as an external application in the portal. I need to capture the username and password required for the external application in the jsp (deployed as web application) after the external application has been authenticated by SSO server.
  Can i get it from the request or is ther any other way to capture the user credentials in the jsp of the external application?
  Thanks & Regards,
  SY

  Actually if the JSP is registered as an external Application then it is the JSP itself that is doing the
  authentication not the SSO server. The credentials are sent to the External Application either as HTTP
  header entries or on the URL depending on the type of method chosen to submit the request. In an external
  application the SSO server is effectively building the URL that would have come from the Login Page of the
  application.
  So in this case, if the application is being called as an external application, then they already have the
  username/password. Else it would not be an external application.

• Problem in accessing images in the KM from Portal code.

  Hi All,
  I need to develop a portal application that accesses the KM and displays the images that are stored in the KM to the user. There are 8 images which are stored in the /documents/Images directory in the KM. The user should be able to see the next image in the KM by clicking on the 'Next' button of the JSP and the previous image in the KM by clicking on the 'Previous' button of the JSP.
  Below is the code which reads the KM and displays the images. However, the images that are displayed are not in a proper sequence. Also when the user clicks on the 'Next' button and arrives to the last image, although i disable the 'Next' button, when the user clicks on the 'Previous' button the user is not able to see the previous image. Infact the KM tries to display the next image which is not present and hence throws an IndexOutOfBoundsException. This happens vice versa for the 'Previous' button as well.
  Any help would be highly appreciated and rewarded.
  JSP Dynpage
  package com.ltitl.image;
  import com.ltitl.bean.ImageBean;
  import com.sap.security.api.IUser;
  import com.sapportals.htmlb.event.Event;
  import com.sapportals.htmlb.page.DynPage;
  import com.sapportals.htmlb.page.PageException;
  import com.sapportals.portal.htmlb.page.JSPDynPage;
  import com.sapportals.portal.htmlb.page.PageProcessorComponent;
  import com.sapportals.portal.prt.component.IPortalComponentProfile;
  import com.sapportals.portal.prt.component.IPortalComponentRequest;
  import com.sapportals.portal.prt.component.IPortalComponentSession;
  import com.sapportals.portal.security.usermanagement.UserManagementException;
  import com.sapportals.wcm.repository.ICollection;
  import com.sapportals.wcm.repository.IResource;
  import com.sapportals.wcm.repository.IResourceContext;
  import com.sapportals.wcm.repository.IResourceList;
  import com.sapportals.wcm.repository.ResourceContext;
  import com.sapportals.wcm.repository.ResourceException;
  import com.sapportals.wcm.repository.ResourceFactory;
  import com.sapportals.wcm.util.uri.RID;
  import com.sapportals.wcm.util.usermanagement.WPUMFactory;
  public class ImageControl extends PageProcessorComponent {
    public DynPage getPage(){
      return new ImageControlDynPage();
    public static class ImageControlDynPage extends JSPDynPage{
      public static ImageBean imageBean = null;
      public static IResource resource = null;
      public static IResourceContext resourceContext = null;
      public static IPortalComponentSession componentSession = null;
      public static IPortalComponentRequest request = null;
      public static IPortalComponentProfile profile = null;
      public static IUser user1 = null;
      public static RID rid = null;
      public static int count = 0;
      public static int total = 0;
      public static IResourceList children = null;
      public void doInitialization() throws PageException{
        request = (IPortalComponentRequest)this.getRequest();     
        componentSession = request.getComponentSession();
        profile = request.getComponentContext().getProfile();
        user1 = request.getUser();
        imageBean = new ImageBean();
         try
                 com.sapportals.portal.security.usermanagement.IUser user =  WPUMFactory.getUserFactory().getEP5User(user1);
       resourceContext = new ResourceContext(user);
       String imagepath = profile.getProperty("PathToFolder");     
       rid = RID.getRID(imagepath);
       resource = ResourceFactory.getInstance().getResource(rid,resourceContext);
       if(resource != null)
               if(resource.isCollection())
                        ICollection collection = (ICollection)resource;
                        total = collection.getChildrenCount(true,false,false);
                        imageBean.setTotal(total);
                        children = collection.getChildren();
                        accessResource();
                   else
                        imageBean.setMsg_txt("resource " + resource.getName() + " is not a collection");
              else
                   imageBean.setMsg_txt("resource " + resource.getRID() + " does not exist");
            componentSession.putValue("imageBean",imageBean);
         } catch (UserManagementException ume) {
              imageBean.setMsg_txt("exception:" + ume.getLocalizedMessage());     
         catch(ResourceException ue) {
              imageBean.setMsg_txt("exception:" + ue.getLocalizedMessage());     
      public void doProcessAfterInput() throws PageException {
            IPortalComponentSession session = ((IPortalComponentRequest)this.getRequest()).getComponentSession();
            imageBean = (ImageBean)session.getValue("imageBean");
            if(null != imageBean) {
                 accessResource();
            else
                 imageBean.setMsg_txt("Image Bean null");
      public void doProcessBeforeOutput() throws PageException {
        this.setJspName("ImageOutput.jsp");
      public void onPrevious(Event event) throws PageException {
           --count;
       public void onNext(Event event) throws PageException {
            ++count;
  public void accessResource() throws PageException {
  try {
  if(count >= 0 && count < total)
  IResource resImg = children.get(count);
  imageBean.setCount(count);
  imageBean.setMsg_txt("count: " + count);
  imageBean.setInitialPath("/irj/go/km/docs");
  imageBean.setImageName("" + resImg.getRID());
  else
  imageBean.setMsg_txt("out of bounds count:" + count);
  } catch (ResourceException e) {
       imageBean.setMsg_txt("resource exception:" + e.getLocalizedMessage());

  ImageBean
  package com.ltitl.bean;
  import java.io.Serializable;
  public class ImageBean implements Serializable {
       public String imageName;
       public String msg_txt;
       public String initialPath;
       public int count;
       public int total;
        * @return
       public String getImageName() {
            return this.imageName;
        * @param string
       public void setImageName(String string) {
            imageName = string;
        * @return
       public String getMsg_txt() {
            return this.msg_txt;
        * @param string
       public void setMsg_txt(String string) {
            msg_txt = string;
        * @return
       public String getInitialPath() {
            return initialPath;
        * @param string
       public void setInitialPath(String string) {
            initialPath = string;
        * @return
       public int getCount() {
            return count;
        * @return
       public int getTotal() {
            return total;
        * @param i
       public void setCount(int i) {
            count = i;
        * @param i
       public void setTotal(int i) {
            total = i;
  Hope this helps.

• SAP  Portal  unable to recognize  AD requirement to change initial password

  Hi,
  We configured Active Directory server (2008 R2) as UME for SAP Portal (Netweaver 7.01  SP7).  We matched as many of the security parameters as possible* (ex.  minimum password length, require one number in password, etc.).  The AD parameter "User must change password at Next logon" is set ON.  However, upon attempt to login to SAP Portal with the initial password that was set in AD we are not prompted to change the password.  Rather, the SAP Portal logon attempt fails with message:  "Authentication Denied"
  Has anyone dealt with this problem before?
  Other information: 
  *Our MarketPlace researched indicated that the SAP Portal parameter "ume.ldap.security_policy.password_change_required" (which would correspond to the AD parameter mentioned above) is no longer an available parameter for our SAP Portal version (Netweaver 7.01  SP7).
  In our version of SAP Portal, the AD parameter "User must change password at Next logon" has one parameter which is similar, but does not directly correspond.  The SAP Portal parameter which we do have is "No password change required".  Notice this is the logical opposite of the AD parameter:  AD says to require the password, whereas SAP Portal says it's NOT required.  Therefore, when the AD parameter is set to ON, this results in the Portal parameter being set to OFF.  Even still, we face the login failure.

  You have to note here that implementing SAP IDM is only ONE of the possible options you have. The implementation of IDM in itself is a huge undertaking because of the number of systems and the decision making process involved with it.
  In one of my previous implementations, when SAP IDM was not around, we had Tivoli Access Management tools which took care of the password problems.
  even though we implement IDM and deploy IDM UI on Portal , still user should change password before it expires on AD right ?
  Even with IDM in place, user will not be able to login to SAP portal with an expired AD password. However, in our case, we provide a link on the logon page of SAP portal to the IDM password self service application which will allow the user to change the password.
  Does IDM has any feature like sending notifications before password expiration period ?
  I don't think it does - however I have not explored this option in IDM since most of our users do not have email addresses and we cannot send a reminder. You should be able to create a task (with some customization) in IDM to achieve this.
  Also will the IDM implementation help us in creating users with option "User should change password at next logon" on AD ?
  Yes - IDM does create users with option "User should change password at next logon" in AD.
  With IDM in place and tied to AD, it should be the central place of creating users. It is recommended NOT to create or manipulate the users in any target systems (SAP, AD, etc). IDM should be taking care of all the user provisioning activities.
  is this like a work around to allow users to change password from Portal before it gets expired on Active Directory(AD) ?
  This is not a work around - it is rather a full blown identity management solution for all your company needs.
  You will get a lot of your IDM specific questions answered in the Identity Management forum.
  Thanks,
  Shanti

• Exchange 2010 user cannot change password from OWA

  My users are not able to change their own email password from owa. But we can change the passwords from ECP or from the server without any issue. What could be the issue ?
  Biju Rajan

  Check the regional date and time is set for user OWA...Follow the below steps
  On the Client Access Server (CAS), click Start > Run and type
  regedit.exe and click OK.
  Navigate to HKLM\SYSTEM\CurrentControlSet\Services\MSExchange OWA.
  Right click the MSExchange OWA key and click New >
  DWord (32-bit).
  The DWORD value name is ChangeExpiredPasswordEnabled and set the value to
  1.
  Note: The values accepted are 1 (or any non-zero value) for "Enabled" or 0 or blank / not present for "Disabled"
  After you configure this DWORD value, you must reset IIS. The recommended method to reset IIS is to use
  IISReset /noforce from a command prompt.
  Ref:http://blogs.technet.com/b/exchange/archive/2010/10/06/3411240.aspx
  Exchange Queries

• Error with passwords via Portal and LDAP

  When we change a user's password via portal, either by the user or administrator, the password gets changed, but then when the user tries to log in again, it says the password is expired, and no longer allows changing the password.
  The log has the following errors
  defaultTrace.18.trc:#1.5#0003BA68FF7E00510000000C00001AEC0004059FD46D2697#1132083928701#com.sap.security.core.persistence#sap.com/com.sap.security.core.admin#com.sap.security.core.persistence.[cf=com.sap.security.core.persistence.datasource.imp.LDAPPersistence][md=changePassword][cl=19566]#<USER>#569##<Portal Instance>#<USER>#48329170561011daada40003ba68ff7e#SAPEngine_Application_Thread[impl:3]_0##0#0#Error##Java###Can not change password
  defaultTrace.18.trc:#1.5#0003BA68FF7E00510000000E00001AEC0004059FD46D2C5B#1132083928706#com.sap.security.core.persistence#sap.com/com.sap.security.core.admin#com.sap.security.core.persistence#<USER>#569##<Portal Instance>#<USER>#48329170561011daada40003ba68ff7e#SAPEngine_Application_Thread[impl:3]_0##0#0#Error#1#/System/Security/Usermanagement#Java###DataSource : Can not change password#1#CORP_LDAP#
  defaultTrace.18.trc:#1.5#0003BA68FF7E00510000000F00001AEC0004059FD46D96C1#1132083928731#com.sap.security.core.admin#sap.com/com.sap.security.core.admin#com.sap.security.core.admin.[cf=com.sap.security.core.admin.UserAdminLogic][md=performUserProfileChange][cl=19566]#<USER>#569##<Portal Instance>#<USER>#48329170561011daada40003ba68ff7e#SAPEngine_Application_Thread[impl:3]_0##0#0#Error##Java###[LDAP: error code 16 - No Such Attribute]
  defaultTrace.18.trc:#1.5#0003BA68FF7E003E0000002500001AEC0004059FD5A452F0#1132083949095#com.sap.security.core.persistence#sap.com/com.sap.security.core.admin#com.sap.security.core.persistence.[cf=com.sap.security.core.persistence.datasource.imp.LDAPPersistence][md=changePassword][cl=19566]#<USER>#569##<Portal Instance>#<USER>#48329170561011daada40003ba68ff7e#SAPEngine_Application_Thread[impl:3]_21##0#0#Error##Java###Can not change password
  defaultTrace.18.trc:#1.5#0003BA68FF7E003E0000002700001AEC0004059FD5A4591E#1132083949099#com.sap.security.core.persistence#sap.com/com.sap.security.core.admin#com.sap.security.core.persistence#<USER>#569##<Portal Instance>#<USER>#48329170561011daada40003ba68ff7e#SAPEngine_Application_Thread[impl:3]_21##0#0#Error#1#/System/Security/Usermanagement#Java###DataSource : Can not change password#1#CORP_LDAP#
  defaultTrace.18.trc:#1.5#0003BA68FF7E003E0000002800001AEC0004059FD5A49EBD#1132083949114#com.sap.security.core.admin#sap.com/com.sap.security.core.admin#com.sap.security.core.admin.[cf=com.sap.security.core.admin.UserAdminLogic][md=performUserProfileChange][cl=19566]#<USER>#569##<Portal Instance>#<USER>#48329170561011daada40003ba68ff7e#SAPEngine_Application_Thread[impl:3]_21##0#0#Error##Java###[LDAP: error code 16 - No Such Attribute]
  Any help would be greatly appreciated
  We are using Portal 6Sp14
  Thanks
  Brian Timothy

  Hi Brian
  which datasource u r using?
  i think u used read only LDAP + Databse
  when u chang the password for user in portal than after corresponding user password in LDAP directory are not changed thas't why it's generated a message that
  password expires and u can't change the password
  so try to change the password in LDAP also.
  hope it's helps u.
  regards,
  kaushal

• Color changed when webdynpro application is called from Portal

  Hi,
  I have developed an Webdynpro application, but the orginal color has been changed if I call it from portal.
  Does someone have an idea how to deal with it?
  best regards

  Hi,
           The attribute name in iView configuration is 'Supply Portal Stylesheet'. It should be marked as 'No' to not to use the Portal Style Sheet.
  Ranganathan.

• Updating Values from Portal to R/3

  Hi ,
    Iam facing a problem in updating values while calling RFCs from portal.This is the scenario of calling RFCs :
  1. Submitting new data by changing some values from the existing record.
                                 - They are calling a RFC to save those values in R/3.
              I have used Commit work and wait and also   
              BAPI_TRANSACTION_COMMIT to update the values in database in this 
              RFC.
  2. Now Immediately after submission they are searching the records by giving  
      changed values as search criteria by calling another RFC(RFC for search).
                                - The record is coming but the values are not updating and showing previous values.
  Same scenario is working fine from R/3 when executing the Function modules with out calling from portal.
  What are the changes that need to do at R/3 side?
  Thanks & Regards,
  Swarna Munukoti.
  Message was edited by:
          Swarna Munukoti

  In addition and from a maintenance perspective you could do a: Portal Group to R/3 UserMapping.
  This will then automatically map all Portal Users in the Portal Group to the one R/3 user in the back-end. This saves effort when new users are created on the portal you don't have to map them all.
  This method is also proposed by SAP for mapping to MDM for example.
  NOTE: When you choose this you cannot trace the user in the back-end because
  this back-end user is shared. If this is not a problem for your scenarion then I would say go for it.
  Cheers,
  Benjamin Houttuin

• I can't update my apps, I think that the problem is that I've change my password from my ID Apple but  they have not change from the telephone configuration. Any idea?

  I can't update my apps, I think that the problem is that I've change my password from my ID Apple but  they have not change from the telephone configuration. Any idea? Thanks

  Hi skippy2012trev,
  Welcome to the Apple Support Communities!
  I understand that you updated your Apple Id and password but now you are being prompted for the old information in iCloud. You are on the right track by changing the Apple ID back to the previous email address temporarily so that you can sign out. You should not need to verify the email address. After you edit the Apple ID back to the old email address and then sign out of iCloud on your iPhone, edit the Apple ID back to the address you would currently like to use. There is no need to change the password again, only the email address, unless you prefer to update the password again.
  If you're asked for the password to your previous Apple ID when signing out of iCloud - Apple Support
  Change your Apple ID temporarily
  If signing out and back in to iMessage or FaceTime didn't help, try these steps:
  Change your Apple ID to the Apple ID you used previously. You shouldn't need to verify the email address.
  Tap Settings > iCloud. Complete these steps only if the Find My [Device] setting is turned on:
  Scroll down and tap Sign Out, then tap Sign Out to confirm. If you're using iOS 7 or earlier, tap Delete Account, then tap Delete to confirm.
  Tap Keep on My [Device] or Delete from My [Device]. In either case, your data remains in iCloud and will be updated on your device when you sign in to iCloud again.
  Enter the password for your previous Apple ID.
  Change your Apple ID to the new email address that you want to use. You'll need to verify the email address.
  Return to Settings > iCloud and sign in with your new Apple ID.
  Cheers,
  Joe