FAQ: BC-LDAP-USR (Directory Interface for User Management via LDAP )

Version: 20060317
Q: Where can i find more information to the BC-LDAP-USR interface ?
A: Have a look on our ICC webpage in the SDN:
SAP NetWeaver AS - Directory Interface for User Management via LDAP (BC-LDAP-USR)[1] [original link is broken]
Q: What costs a arising when we want our product to be certified ?
A: See also our SDN page under the headline "Price List".
Q: Is there a link/page for the already certified products for this interface ?
A: Sure, have a look on our ICC page under the headline "Certified Solutions"
Q: Who can we ask in case of general question ?
A: Have a look at our general ICC forum:
SAP Integration and Certification Center (SAP ICC)
Of course, if you have urgent requests you can send them also directly to our local ICC's:
ICC Walldorf in Germany: [email protected]
ICC Palo Alto in USA: [email protected]
ICC Bangalore in India: [email protected]
Q: Who can we ask in case of technical questions ?
A: This depends on the state of your certification project.
1.) If the certification contracts have been signed then you can ask in this forum and if this does not solve your question go back to your assigned integration consultant.
2.) When the certification contracts have not been signed then you can ask questions in this forum.

I distinguish it using the passwordExpirationTime(or something like that, i don't have code here with me).
This is possible if after password is expired user has at least one more access.It is a user policy that can be set in the Ldap server.
If it is possible, user can still login and perform operations.You chan search the passwordExpirationTime attribute and determine if password is expired, and the send a message to the user, telling him to change it.(If only one access is allowed and you change the password with the same application or service then do not close context, else you should not be able to connect again.) Instead, if you use an external script, then the last acces should not give you problems.
Hope i made myself clear.

Similar Messages

  • Can't create blogs for users created in LDAP directory

    I have an LDAP directory set up on an Open Directory Master and use it for user management. I want to allow users to create blogs off of the main web site. However, when I try to create a blog, it won't authenticate to any of the LDAP users, only the local user (of which the administrator account for the server is the only one).
    LDAP directory users can access their personal websites, though (http://mydomain/~user).
    Does anyone have any ideas how I can get the blog portion of the web site to allow my LDAP users to create a blog?
    Thanks.

    Sorry, I should have mentioned I am using Leopard Server (10.5.5).

  • LDAP connection for user attribute via webdynpro code

    Hello,
    Kindly help for below issue
    point1
    While connecting to LDAP exception of simple bind failed is coming. code is as below
              try {
                   Hashtable env = new Hashtable();
                   env.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
                   env.put("java.naming.provider.url", "ldap://10.77.16.220");
                   env.put("java.naming.security.authentication", "simple");
                   env.put(Context.SECURITY_PROTOCOL,"ssl");
                   env.put("java.naming.security.principal", "sapuser");
                   env.put("java.naming.security.credentials", "voda@12345");
                   DirContext ctx;
                   ctx = new InitialDirContext(env);
                   // Create search controls
                   SearchControls controls = new SearchControls();
                   controls.setCountLimit(0);
                   controls.setTimeLimit(0);
                   controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
                   // Create filter
                   String filter = "(sAMAccountName= *)";
                   // Run search
                   NamingEnumeration results = ctx.search("OU=OUs,DC=mycomp,DC=com", filter, controls);
                   //wdComponentAPI.getMessageManager().reportSuccess(results);
              } catch (NamingException e) {
                   // TODO Auto-generated catch block
                   //e.printStackTrace();
                   wdComponentAPI.getMessageManager().reportSuccess(e.getMessage());
    point 2
    is there any method available in this API to reset pasword of user in LDAP ?
    thank you in advance
    B

    Hello,
    If you need this info, you will have to create a password policy that log last logon time.
    But be carefull with this function, it can create a lot of cpu load.
    <http://docs.sun.com/app/docs/doc/820-4809/fhkrj?l=en&n=1&a=view>
    Regards
    Eric.

  • Using default web interface for users

    I wish to use the default web interface for my users, I do not have the time to develop a custom app. I wish to get rid of the group and and mount point folders.
    Please Help,
    Jeff

    CM SDK 9.0.4 (released very shortly) includes the "Web Starter Application". This is a J2EE Web Application with full MVC architecture and completely open source!
    You may be able to obtain this application sooner from Oracle Consulting - it will work on the current CM SDK 9.0.3.
    JSP and Tag Libraries make up the UI. The controller framework is similar to Jakarta Struts. It offers localization support, ADA compliance etc.
    You can easily develop the application from JDeveloper and deploy to 9iAS.
    Matt.

  • Different Directory views for users

    How can I achieve different directory views on user's phones for different types of users using DCD?
    This is for a Centrex type of service.

    OK. I see this posting which mentions installing the IP Services SDK for such applications.
    http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=IP%20Phone%20Services%20for%20Developers&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1ddc61e0/0#selected_message
    I find it hard to believe that there is not an easier way.
    Why can't there be a directory-profile setting or a setting in the device profile to group users?

  • Service Interfaces for Credit Management using WS-RM

    Hi,
    We are implementing FSCM Credit Management on EHP 5 without using PI. For this we are WS-RM and have configured following service interfaces:
    CreditCommitmentNotification_In
    CreditCommitmentNotification_Out
    CreditWorthinessQuery_In
    CreditWorthinessQuery_Out
    However, when we create sales order, credit check is not being perfomed. Do we need any other service interface for implementing Credit Management?

    Hello,
    I am using ECC 6 ehp 5 Which Enables you to Implement FSCM services via WS-RM (Web Service Reliable Messaging) instead of having to use Previously PI.
    I require to implement the scenario is:
    Credit Management (FSCM) and Integration with FICA without requiring PI.
    I think I have covered all the technical configuration, but do not know how to test credit management and integration with FI-CA, appreciate if you can do to get a guide.
    As indicated by the WSRM configuration guide, run the report SRT_ADMIN_CHECK and the result is:
    Cross-checking system settings
    bgRFC destination is Operational
    bgRFC destination is registered supervisor
    WSRM event handler is activated
    Task is active watcher
    Data collector for monitoring is not activated
    ICF All nodes are active for SOAP Runtime
    Ending cross-check of system settings
    thank you for your help.
    Regards.

  • How do I use DBV utility for User Managed Backup?

    Dear all! I am a student, studying RMAN and User Managed Backup. But I did not understand how to use the DBVerify utility to check a block or a backup of control file.What's command can I do?
    Thanks for your reply!

    DBV is a utility which workd with Oracle Datafiles not with controlfiles.
    controlfile can be always recreated by you, just issue in a time of backup:
    alter dabase backup controlfile to trace; in case you will have corrupted binary copy of controlfile you will have an option to use this trace to recrete it.
    Best Regards
    Krystian Zieja / mob

  • Service for User Management API

    Hi,
    I want to use the User Management service in the portal component.I would like to include the classes present in the package  com.sapportals.portal.prt.service.usermanagement.IUserManagementService.
    To develop the Portal component , I am using Netweaver Developer studio. The problem is How can I add the service User Management service to my particular project ?
    Any ideas.
    Thanks,
    Vivek

    Hi Darell, hi Vivek,
    > request.getService
    ... is deprecated. Use <i>PortalRuntime.getRuntimeResources().getService</i>
    Vivek: To get this work, as usual you'll have to add com.sap.portal.usermanagement/lib/com.sap.portal.usermanagementapi.jar to your classpath as well as com.sap.portal.usermanagement to the SharingReference within portalapp.xml.
    Hope it helps
    Detlev
    PS: Vivek, seems you overlooked my helping answers at /thread/27173 [original link is broken] ...

  • User Management via Web Services

    Hi,
    We are investigating building a user management application that will control user creation and management across a range of applications, including SAP ECC6 and BW.  The idea is to use web services to interact with the systems.  I have seen that a range of BAPIs exist for managing users (e.g. BAPI_USER_CREATE, BAPI_USER_CHANGE) - does anyone have any experience in using these BAPIs via web services that they would be willing to share?
    Thanks

    HI Colin,
    We did that successfully. It was webservice/infopath based Interactive . net form which would do user management and also Workflow funtionality. In summary from my experience
    - Initial cost would be cheaper, however ongoing maintainance on whole infrastructure should be considered.
    - SAP BAPI/FM/webservice development was very easy
    - Integration with Infopath was challange
    - Fronted development was pain as you would need other people to do that for you
    - Once operational, was very easy to managed
    - Future enhancement was limitless
    - Limitation of integration to other technology
    - Should only be justifiable in absence of IDM solution
    - Too much custom development
    - Change management in SAP was easy (Transport, testing, QA etc) however Infopath and Frontend change Management was not easy
    Let me know what other information you need. Finding BAPI's and designing in SAP is the easy part, you should think more about how you are going to deploy Webservice to end users.
    However if your IT department has more bucks to spend, think about more longer term solution and towards IDM or product such as GRC etc.

  • VPN user management via VMS

    I am using Catalyst 6500 IPSEC module for VPN remote access users. As far as I know you can manage VPN remote access users via CiscoWorks VMS if they are connected to a VPN3000 series concentrator.
    Is it possible to manage these users if they connect to IPSEC module the same way using VMS?

    HI Colin,
    We did that successfully. It was webservice/infopath based Interactive . net form which would do user management and also Workflow funtionality. In summary from my experience
    - Initial cost would be cheaper, however ongoing maintainance on whole infrastructure should be considered.
    - SAP BAPI/FM/webservice development was very easy
    - Integration with Infopath was challange
    - Fronted development was pain as you would need other people to do that for you
    - Once operational, was very easy to managed
    - Future enhancement was limitless
    - Limitation of integration to other technology
    - Should only be justifiable in absence of IDM solution
    - Too much custom development
    - Change management in SAP was easy (Transport, testing, QA etc) however Infopath and Frontend change Management was not easy
    Let me know what other information you need. Finding BAPI's and designing in SAP is the easy part, you should think more about how you are going to deploy Webservice to end users.
    However if your IT department has more bucks to spend, think about more longer term solution and towards IDM or product such as GRC etc.

  • "Password has expired" for user created via UME API

    Hi,
    I have written a service that processes new user accounts and uses the UME API to create them. The code works fine on my local Sneak Preview installation of EP6 SP16, allowing the created users to logon and forcing them to change their password on first login.
    When I try and run this code on EP6 SP14 it completes without generating any exceptions but when I try and login I get the message "Password has expired" and cannot login or change the users password.
    Does anyone know why?
    I have the following UME settings for both servers:
    ume.logon.security_policy.password_change_allowed = TRUE
    ume.logon.security_policy.password_change_required = TRUE
    ume.logon.security_policy.password_expire_days = 99999
    The SP14 server also uses LDAP to authenticate users primarily  and has the following setting:
    ume.persistence.data_source_configuration = dataSourceConfiguration_ads_deep_readonly_db.xml
    There are some other UME configuration differences but none that seem relevant to this problem.
    Can anyone suggest what the problem might be?
    Cheers,
    Steve Archer

    The Xp machine is fine acessing the mb
    its the macbook that is having a problem accessing the xp machine coz it says that the password has expired
    but there is no password for the user on the xp machine that i am trying to access from my mb
    so that would be:
    xp to mb = fine all working
    mb to xp = password expired even though no password required for the xp user

  • Which is better for User Managed Hot backup - running in cron or oracle scheduler

    We are taking hot backup in our environment by using sql script of just begin backup, host copy and end backup
    Can we use this script to be put in cron for weekly two times or to use oracle scheduler .
    Which is better option and why?

    The answer to your question depens on your condition. Do you have more experienced Unix admin or DBA?
    From my point of view cron is better becuase all you need is SQL*Plus utility and shell script:
    export ORACLE_SID=...
    sqlplus <username>/<password> as sysdba <<EOF
    ALTER TABLESPACE .. BEGIN BACKUP;
    host copy ..
    ALTER TABLESPACE .. END BACKUP;
    EXIT
    EOF

  • Configure idocs for User management ack settings?

    1. IDOC config idoc says acknowledgments should not be requested, and run idx_noale ? why should we turn off and how to do this ?
    2. IDOCs sent to IS should not be processed by IDoc adapter, advises insert the relevant idoc types into exception table, execute report idx_select_idoctyp_without_is
    why we need to configure explicitly for each relavant ido types?
    thanks

    Hi Kumar,
    Receiver adapters that run on the Adapter Engine support system acknowledgments if they are requested by the sender. Acknowledgements are triggered when a message is successfully processed by the adapter or if an error occurs while it is being processed. Receiver adapters do not support application acknowledgments. The RNIF and CIDX adapters are exceptions to this rule, since they also support scenario-dependent application acknowledgments. Sender adapters of the Adapter Engine do not request any acknowledgments.
    This means, JDBC adapter does only send system acks, however IDoc adapter is requesting application acks. Therefore as mentioned by the previous poster, you have to disable acks for this scenario using report IDX_NOALE.
    Also go through these documents for any further help:
    http://sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/xi/xi-how-to-guides/how to handle acknowledgments for idoc.pdf
    http://help.sap.com/saphelp_nw04/helpdata/en/6a/e6194119d8f323e10000000a155106/content.htm
    I hope this clears all your doubts.
    Regards,
    abhy
    PS: AWARD POINTS FOR HELPFUL ANSWERS.

  • Command Line Cmds for User Management

    Is there a command line command that will simply display the user groups that a user belongs to?
    Is there a command line command that will simply add a supplied group name to the list of groups a user belongs to?
    Finally, is there a command line command that will list all the defined groups in the system?
    Thanks!

    mac57 wrote:Is there a command line command that will simply display the user groups that a user belongs to?
    # groups <user>
    Is there a command line command that will simply add a supplied group name to the list of groups a user belongs to?
    # gpasswd -a <user> <group>
    Finally, is there a command line command that will list all the defined groups in the system?
    Take a look at the first field of each line /etc/group file. There's probably a simpler way to do it, but:
    # awk -F ":" '{print $1;}' </etc/group | sort
    Hope that helps!

  • Java role for User Management

    Hi ,
    I would like to know how can i restrict the access from java front in pi server
    I would like to give only all access to the User managerment links and everything else either no display or view details
    Rgds
    Aditya

    Hi,
    I think the following link will be useful in resolving the your problem
    http://help.sap.com/saphelp_nw70/helpdata/en/45/b90177cf2252f8e10000000a1553f7/content.htm
    Thanks & Regards,
    Vidyadhar K

Maybe you are looking for

  • Hash Table Infrastructure ran out of memory Issue

    I am getting ORA-32690 : Hash Table Infrastructure ran out of memory error, while executing an Informatica mapping using Oracle Database ( Test Environment) The partition creation is as shown below. TABLESPACE MAIN_LARGE_DATA1 PARTITION BY LIST (MKTC

  • Audio not working in pavilion dm3 after harddrive change and operating system reload

    I had hard drive failure on my Hp Pavilion dm3 and so I got a new hard drive and had the operating system reloaded and upgraded from Windows 7 Home Premium to Windows 7 Professional.  My audio isn't working unless I have external speakers plugged in.

  • Freight costs per PO

    Hi gurus, is it possible to automatically determine freight costs on header level of a PO? I can enter freight costs on item level (condition types FRA1, FRB1 etc.) and create condition records for them in info records. But on header level, none of t

  • IBook Author EULA

    We sell software to support our products. If I produce an ibook of a software manual (which we freely distribute in pdf format) do I have to go through the Apple store or can my customers just download it from our website? Thanks David

  • ActiveSync not updating firstname and lastname

    Hi All, i am using FlatFileActiveSync. Using that i am able to create the accounts with details specified in .csv file. but if i change the first name annd lastname value in the .csv file and run the ActiveSync, Updation is not happening only for the