Can you authenticate user/password from SAP to Active Directory
I don't want to implement SSO for ABAP because my company doesn't have the license for "SAP NW Single Sign-On"; but we would like to authenticate our users and their passwords to active directory. Our goal is to make sure the user/password in SAP is the same as their Active Directory user/password. Is this possible?
Thanks!
This has been discussed many times, for example see SSO with LAN UserID/Password. The short answer is no, you can't synchronize passwords. You can however achieve the requirement assuming you are using Identity Management to provision users and passwords to all systems (AD, SAP, etc). In that case you will have to deal with users changing their password. Recommendation is to enable SSO. If you don't want to get licenses for NWSSO, try to look at other options (X.509 certificates, SPNEGO in AS JAVA and then issue a Logon Ticket, 3rd party solution, etc).
Similar Messages
-
after upgraded to windows 2008 server, our mac os x wiki server can't authenticate user password anymore. How can I re-bind the wiki server to the AD again? thanks in advance.
Solved it by deleting the user and creating a new one with the same userID.
Maybe it occured because I marked the "user has to change password after first login" box when resetting the password but didn't yet allow him to do so in the webpages menu?!? -
Can you authenticate users from 2 different AAA-servers for one specific tunnel-group?
I need to authenticate users from two separate AD LDAP databases on the same tunnel-group. I would like them to use the same tunnel-group and thereby using the same group-alias. I tried creating a new aaa-server group and putting both LDAP servers into group but apparently the ASA does not roll through the separate servers in the aaa-server group and will stop if the first server states that the authentication failed.
I also tried assigning multiple aaa-server groups into the tunnel-group authentication-server-group but that also did not work. I finally tried to create a separate tunnel-group and assigning it the same group-alias but the ASA will not allow me to assign the same group-alias to different tunnel-group. What is the best way to accomplish this without having to create a new group-alias that will show up and possible confuse the dumb users requiring this access? Please help.If you don't want ANY drop down I believe you can do it in a kludgy sort of way.
Eliminate all the group aliases (which are used to populate the dropdown) and make a local database of the users for the sole purpose of assigning / restricting them to a non-default tunnel-group which authenticates to the secondary LDAP server.
You can also send out a non-published URL that points to a second tunnel-group not in the dropdown.
Of course, we can accomplish this if the AAA server is ISE. ISE 1.3 can authenticate users to multiple AD domains (with or without trust relationships) or a single domain with multiple join points in the Forest.
The ISE answer makes me wonder - could you establish trust between the domains and authenticate users that way? -
Can you access ~\Users\Sharing from a PC on the network?
I have a mixed home network of 3 PCs and one Mac Mini. I want to store all the digital music on the Mac Mini and share it with the PCs.
I have successfully created networking links between the PCs and the Mac. For example, I setup a MYPC account on the Mac and I can map a PC network drive to \\MacMini\MYPC\Music. This works fine, and survives a reboot. BUT IT ONLY GETS ME INTO THE FOLDER ON THE MAC WITH THAT USER'S FILES (MYPC), NOWHERE ELSE. So it's not a directory everyone can use (public).
I am trying to map \\MacMini\Users\Sharing and I can't get to it from the PC at all. I've tried using the IP address also. Nothing gets me there. This is after being connected in as an authorized account on the Mac. I thought that folder was open to all? Any suggestions?
I've also tried using a public folder on the Mac account to share. Also unsuccesful. Each PC user can easily see their own public folder (and more). Sometimes after I'm logged in, I can directly type in the address \\MacMini\MacUser\Public and see it, but it's intermittment and unpredicatable. I'm, open to this route, if I could get it to work.
This is a real head-scratcher. Please help me out.You will need to use Sharepoints in order to share specific folders
http://www.hornware.com/sharepoints/
iFelix -
Can you get User Data from a XI/PI System ?
Hello All
Can you with GRC 5.3 use PI as a User Data Source?
How?
Thank youHi Kristian,
for the AC 5.3 system user store itself or for the user details / user search you could use SAP ABAP, SAP UME, LDAP, etc.
Short: yes, you could use the ABAP user store of PI.
Best,
Frank -
Can you delete Airport passwords from previous owner?
I was looking under Keychain System and saw the previous owners Airport network password from before I purchased the macbook Pro with retina running Mountain Lion. Can I delete all of the iPhone 5 etc that are not mine? I see my ssid name but his also.
I didn't reset the machine and nothing else is on it since Apple helped me change to my name and Admin Account. I didn't want to mess up my system by removing the previous owners. I have my own Keychain password so that isn't a problem.
Keychain will probably ask for my password the next time I open after this correct?
Thanks.The first thing to do with a second-hand computer is to erase the internal drive and install a clean copy of OS X. You — not the previous owner — must do that. How you do it depends on the model, and on whether you already own another Mac. If you're not sure of the model, enter the serial number on this page. Then find the model on this page to see what OS version was originally installed.
1a. If you don't own another Mac
If the machine shipped with OS X 10.4 or 10.5, you need a boxed and shrink-wrapped retail Snow Leopard (OS X 10.6) installation disc from the Apple Store or a reputable reseller — not from eBay or anything of the kind. If the machine has less than 1 GB of memory, you'll need to add more in order to install 10.6. Preferably, install as much memory as it can take, according to the technical specifications.
If the machine shipped with OS X 10.6, you need the installation media that came with it: gray installation discs, or a USB flash drive for some MacBook Air models. For early MBA models, you may need a USB optical drive or Remote Disc. You should have received the media from the previous owner, but if you didn't, order replacements from Apple. A retail disc, or the gray discs from another model, will not work.
To boot from an optical disc or a flash drive, insert it, then reboot and hold down the C key at the startup chime. Release the key when you see the gray Apple logo on the screen.
If the machine shipped with OS X 10.7 or later, you don't need media. It should boot into Internet Recovery mode when you hold down the key combination option-command-R at the startup chime. Release the keys when you see a spinning globe.
1b. If you do own another Mac
If you already own another Mac that was upgraded in the App Store to the version of OS X that you want to install, and if the new Mac is compatible with it, then you can install it. Use Recovery Disk Assistant to create a bootable USB device and boot the new Mac from it by holding down the C key at the startup chime. Alternatively, if you have a Time Machine backup of OS X 10.7.3 or later on an external hard drive (not a Time Capsule or other network device), you can boot from that by holding down the option key and selecting it from the row of icons that appears. Note that if your other Mac was never upgraded in the App Store, you can't use this method.
2. Partition and install OS X
If you see a lock screen when trying to boot from installation media or in Recovery mode, then a firmware password was set by the previous owner, or the machine was remotely locked via iCloud. You'll either have to contact the owner or take the machine to an Apple Store or another authorized service provider to be unlocked. You may be asked for proof of ownership.
Launch Disk Utility and select the icon of the internal drive — not any of the volume icons nested beneath it. In thePartition tab, select the default options: a GUID partition table with one data volume in Mac OS Extended (Journaled) format. This operation will permanently remove all existing data on the drive.
After partitioning, quit Disk Utility and run the OS X Installer. You will need the Apple ID and password that you used to upgrade. When the installation is done, the system will automatically reboot into the Setup Assistant, which will prompt you to transfer the data from another Mac, its backups, or from a Windows computer. If you have any data to transfer, this is usually the best time to do it.
Then run Software Update and install all available system updates from Apple. To upgrade to a major version of OS X newer than 10.6, get it from the Mac App Store. Note that you can't keep an upgraded version that was installed by the previous owner. He or she can't legally transfer it to you, and without the Apple ID you won't be able to update it in Software Update or reinstall, if that becomes necessary. The same goes for any App Store products that the previous owner installed — you have to repurchase them.
3. Other issues
If the previous owner "accepted" the bundled iLife applications (iPhoto, iMovie, and Garage Band) in the App Store so that he or she could update them, then they're linked to that Apple ID and you won't be able to download them without buying them. Reportedly, Mac App Store Customer Service has sometimes issued redemption codes for these apps to second owners who asked.
If the previous owner didn't deauthorize the computer in the iTunes Store under his Apple ID, you wont be able to authorize it immediately under your ID. In that case, you'll either have to wait up to 90 days or contact iTunes Support.
When trying to create a new iCloud account, you might get a failure message: "Account limit reached." Apple imposes a lifetime limit of three iCloud account setups per device. Erasing the device does not reset the limit. You can still use an account that was created on another device, but you won't be able to create a new one. Contact iCloud Support for more information. -
Can you install a password so that the user of the phone cannot unblock blocked contacts. I do not want my daughter to be contacted by certain people. I also do not want her to be able to contact them.
The real problem is that whatever you do will only affect that phone. If she really wants to contact them she could use ANY phone.
-
Provision UserID/Password from SAP Ssyetm to Non-SAP System
Hi,
I have a requirement to be able to provision UserID & Password from a SAP ECC6 system to a non-SAP thick client application. All interactions between ECC6 & the non-SAP Application will be via SAP PI. (SAP EEC6 <-> SAP PI <-> Non-SAP App)
Our landscape includes:
SAP ECC6
SAP BI
SAP PI
SAP SOLMAN
SAP Portal
non-SAP App
SAP IdM has been ruled out due to budget constraints, Active Directory is not suitable due to the requirement that the non-SAP application must be able to authenticate users if the WAN/LAN is down.
Yes, we could simply maintain the users in both systems, but for the time being that has been deemed not appropriate.
I have thought about using CUA on SOLMAN to provision to the SAP Systems & then use SAP PI somehow to provision to the non-SAP App, but I have no idea how to pass the raw user password through SAP PI.
If anyone has any ideas or can point me to links where I can do further research would be much appreciated.
Thanks in advance,
Stephen HallThe search term "password AND synchronize" will help you further to find "flamewars" from the past.
You cannot send "raw" passwords from CUA, as the password is represented by a "one way" hash which is not decryptable by mortals, but rather the "raw" password is encrypted and the hashes are compared locally. Non-SAP systems cannot do this... (bar trial-and-error).
A better option would be to use a SSO mechanism. This is very easy within SAP.
For bi-directional authentication with non-SAP you will face some challanges...
The easiest option is to re-use a PKI certificate based authentication or re-use the native Kerberos authentication available for Windows bases PCs.
In the SAP --> non-SAP direction you can consider using a verification library to extract the user name - but that is not "state of the art" and if such a UID should be encrypted then have fun...
In the non-SAP --> SAP direction you are best off forgeting about the infrastructure trust or worste-case-scenario is a password sync. Rather re-authenticate the caller using a realm which already exist.
Active Directory is not suitable due to the requirement that the non-SAP application must be able to authenticate users if the WAN/LAN is down.
I would consider an application specific password self-service as a failover only and go for the AD or an "identity provider" which your applications trust as a service.
If your AD or entire network goes down you will probably be in bigger trouble than passwords... so you should not expose "raw" passwords during normal operations for this eventuality...
Cheers,
Julius -
DAC server start-up error and Can't authenticate user
HI,
we have installed DAC server in Linux machine and client on windows. By using DAC client we restored the backup of DAC repository, DAC client was working fine still restoration and after restoring it’s not logging in. It throws error like "Can't authenticate user"
while starting DAC services in Unix server it throws an error like
ANOMALY INFO An exception occurred. Shutting down server...
MESSAGE:::/u01/DAC/jdk/jre/lib/i386/xawt/libmawt.so: libXext.so.6: cannot open shared object file: No such file or directory
EXCEPTION CLASS::: java.lang.UnsatisfiedLinkError
Note: since DAC client is not separately available for windows we have installed dac server also and while installing and after installing we never configured to connect to the dac server which is in Linux, we have configured only DB.
we have successfully installed OBIEE, Informatica, and DAC version is 10.1.3.4.1.
How to start the DAC services?
How to configure dac client to connect to DAC server and how to solve this "Can't authenticate user" issue?
Pls help in this regard.
Thanks in advance.EddyLau wrote:
Hi,
I encounter the "Can't authenticate user" error in DAC first setup after installation when it prompt up to ask for setting up administrator id and password.
here's my sql statement to create database schema for dac in oracle database.
grant dba, connect, resource, create view, create session to SSE_ROLE;
create user DEV_DAC identified by "password";
grant DEV_DAC to SSE_ROLE;
grant dba, connect, resource, create view, create session, grant any role to DEV_DAC;
I tried dropping the data schema and create it again but still fail to authenticate.
did I grant enough privileges to the database schema?
Please help.
Thanks,
EddyLogin to DEV_DAC using the credentials from SQL Developer or sql
Then do select * from W_ETL_USER -- here you will see 2 Administrator id's listed
now run the command Delete From W_ETL_USER
Now login to dac client with Administrator and pwd which you have set earlier.
Mark as helpful or correct if it helps
Thanks,
RM -
Can we send .csv file from sap srm system to sap pi?
Hi Experts,
we have 3 options send the data from sap systems to sap pi.i. e.proxy,idoc and rfc only
How can we send .csv file from sap srm to sap pi?
Regards,
AnjanAnjan
As you know SAP SRM and SAP PI are different boxes.
*_Option 1:_*
we need a shared AL11 directory in between SAP SRM and SAP PI (Ask basis to setup shared folder). Place / Populate the file in the folder from SAP SRM and then it can be picked through sender file communication channel.
In this case you (Basis team) will share one folder which is visible from the AL11 transaction of both the systems (SRM and PI). You will drop .csv file using some report or program from SRM at this location and from PI you can read that file using File communication channel (NFS mode).
Option 2:
Setup a FTP at SRM environment and expose some folder which can be accessible from PI. Use sender file communication channel at PI end to pick the file.
You can use this option incase sharing of folder is not possible (due to network / other constrains). Here FTP server is required to expose any folder as FTP so as it can be accessible from internet (remote location). You need to expose some folder at SRM machine. You will drop .csv file using some report or program from SRM at this location. Now PI can fetch the file from that location using sender file communication channel (FTP Mode) providing user credentials.
Hope it clears now.
Regards
Raj -
API's need to authenticate users while integrating SAP with ms ADS
Hi
Can anybody send me some code samples to authenticate users while integrating SAP with Microsoft ADS.Do suggest the methods(or API's) through which this authentication can be achieved.
thanks in advance
regards
YogalakshmiHello Yogalakshmi,
you should not crosspost. Please let us keep the discussion in the original topic:
<a href="https://forums.sdn.sap.com/thread.jspa?threadID=73100&tstart=0">how to integrate SAP with Microsoft ADS</a>
Regards
Gregor -
How can i autoforward that mail from SAP INBOX to the outlook
Hi ,
My Requirement is that,
I have to send an email to outlook, whenever PO Created in SRM System
I have created custom workflow, i have added a sendmailtask step, i given the SAP userid to send SAP Mail to the user.
It is sending SAP Mail to the User to his inbox perfectly.
Now, how can i autoforward that mail from SAP INBOX to the outlook. This is has to work for all users.
Please give some suggestions. ot it can be achived any other way.
Note: This is Email Message not a workitem.
I have doubt that RSWW program will work only for workitems.*
Thanks & Regards,
Suresh.Hi ST,
what I understand from your requirement is that you are able to send messages using SendMail Step to SAP Inbox and now you want it to be sent to users Outlook.
Here you need to create a container which would store users email address of Outlook (which would be stored in SU01 or in a ztable), use this container in your Send Mail step and in the Recepient Type as email.
Hope it helps.
Aditya -
How to change user password from default realm programaticaly
Hello,
I would like to know if there are any ways to change a users password from a file
realm through java classes ie . programaticaly.Thank you for the support.
After looking at the code, I noticed RealmManager is not documented in the BEA
Javadocs. Am I missing something or is it not documented. Lot of other methods
also not documented. Do you have the latest Javadocs?
Thanks
John
"Tom Moreau" <[email protected]> wrote:
>
See message #4589 - it posts the code magic needed
to change the password. The caller doesn't have to
be aware of which realm is being used - that's taken
care of for you.
-Tom
"John M" <[email protected]> wrote:
Hello,
I would like to know if there are any ways to change a users passwordfrom
a file
realm through java classes ie . programaticaly. -
How can you move the objects from one server to another?
how can you move the objects from one server to another?
Hi,
Collecting objects for Transporting
1. rsa1->transport connection
2. left panel choose 'object type', middle panel choose 'infocube' and 'select objects'
3. then choose your infocube and 'transfer'
4. will go to right panel, choose collection mode 'manual' and grouping only 'necessary objects'
5. after objects collection finished, create request
6. If they are $TMP, then change the package.
7. When you click the Save on the change package, it will prompt for transport. Here you can provide an existing open transport request number, or if you like here itself you can create a new one.
8. You can check the request in SE09 to confirm.
Releasing Transport Request
Lets say you are transporting from BWD to BWQ
Step 1: In BWD go to TCode SE10
Step 2: Find the request and release it (Truck Icon or option can be found by right click on request #)
Note: First release the child request and then the parent request
Steps below are to import transport (generally done by basis )
Step 1: In BWQ go to Tcode STMS
Step 2: Click on Import queue button
Step 3: Double Click on the line which says BWQ (or the system into which transport has to be imported)
Step 4: Click on refresh button
Step 5: High light the trasnport request and import it (using the truck icon)
Transport
http://help.sap.com/saphelp_nw2004s/helpdata/en/b5/1d733b73a8f706e10000000a11402f/frameset.htm
http://help.sap.com/saphelp_nw70/helpdata/en/0b/5ee7377a98c17fe10000009b38f842/frameset.htm
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/media/uuid/224381ad-0701-0010-dcb5-d74236082bff
Hope this helps.
thanks,
JituK -
How can you get your password sent to your email address I do not want to change my password.
If you cannot remember the passcode for the Screen Lock, you will need to Restore the device...
1) Connect to iTunes on the computer you usually Sync with and Restore...
http://support.apple.com/kb/HT1414
2) If necessary Place the Device into Recovery mode...
http://support.apple.com/kb/ht4097
Note on Recovery Mode.
You may need to try this More than Once... Be sure to Follow ALL the Steps...
Once you have Recovered your Device...
Re-Sync your Content or Restore from the most recent Backup...
Restore from Backup > http://support.apple.com/kb/ht1766
Maybe you are looking for
-
Several months ago, I kept getting prompted to 'update' my iphoto library. When I finally clicked on the 'update' button, it 'greyed out' ALL of my photos. Now ALL of my photos are grayed out and I can't see ANY of my pictures unless I click on e
-
Ipad mini retina blue screen issue after ios 8 update
After update to iOS8 over wifi, my iPad Mini with Retina Display is working perfectly, however I had an issue twice since yesterday. While using it, I observed the screen became totally blue (like Windows crashing) and the ipad restarted. Anyone faci
-
TS3999 iCloud + iCal + ML sync issues
Hey guys, I recently purchased a late-2011 13" MBP and upgraded it to ML. I did not have any prior issues with my iPhone/Mac/iPad/Black MacBook syncing together with iCloud, which is why I'm perplexed after countless Google searches and resets with
-
Changing the number keys to lower case
how can I change the number keys on my air book so that I don't have to use upper case and use all the &,",' on the upper case?
-
Big Problem ! 4th gen help
my computer runs fine and itunes works perfectly i got ios6 on wednesday and now when i plug my ipod in itunes will see and never finish regestering it as an ipod or it will let me accesit via itunes and i make my changes the back up takes for ever i