How to determine users whose password has expired?
Hi.
Is there a programatic method of determing which users have expired passwords and/or have been locked out?
Thanks.
Ian
Ian,
you need to check pwdaccountlocktime for locked users.
following a pl/sql code snippet that should give you a hint how to do that pwd expiration.
regards,
--Olaf
-- returns users expected expiration date
-- using pwdchangedtime (users) + pwdmaxage (from password policy)
FUNCTION get_pwd_expiration_date(p_userid IN VARCHAR2)
RETURN VARCHAR2
IS
l_expiration_date VARCHAR2(10);
l_user_dn VARCHAR2(256);
BEGIN
SELECT 'cn='||p_userid||MAX(DECODE(gf_name,'LDAP_BASE',
decode(substr(gf_value,1,1),',',gf_value,','||gf_value),null))
INTO l_user_dn
FROM gr_application_parameters;
l_expiration_date := to_char(to_date(substr(get_attribute(p_userid,
'pwdchangedtime'),1,14),'RRRRMMDDHH24MISS')+get_pwdmaxage_days,'MM/DD/RRRR');
RETURN l_expiration_date;
END;
-- returns pwdmaxage in days from ldap
FUNCTION get_pwdmaxage_days
RETURN NUMBER
IS
l_pwdmaxage_days NUMBER;
ldapbase VARCHAR2(256);
l_dn VARCHAR2(256);
retval PLS_INTEGER;
BEGIN
SELECT MAX(DECODE(gf_name,'LDAP_BASE',decode(substr(gf_value,1,1),',',
gf_value,','||gf_value),null))
INTO ldapbase
FROM gr_application_parameters;
l_dn := substr(ldapbase,instr(ldapbase,',',2));
l_pwdmaxage_days := to_number(get_attribute(my_global_session,
'cn=PwdPolicyEntry,cn=Common,cn=Products,cn=OracleContext'||l_dn,'pwdmaxage'))/24/60/60;
BEGIN
retval := DBMS_LDAP.unbind_s(my_global_session);
EXCEPTION when others THEN
null;
END;
RETURN l_pwdmaxage_days;
END;
FUNCTION get_attribute(p_session IN DBMS_LDAP.session,
search_base IN VARCHAR2,
p_attr IN VARCHAR2)
RETURN VARCHAR2
IS
my_session DBMS_LDAP.SESSION;
my_message DBMS_LDAP.message;
my_entry DBMS_LDAP.MESSAGE;
attrs DBMS_LDAP.STRING_COLLECTION;
my_retvals DBMS_LDAP.STRING_COLLECTION;
action NUMBER;
retval PLS_INTEGER;
entry_index PLS_INTEGER;
attr_value varchar2(2048);
BEGIN
IF p_session is null THEN
ldap_utl.get_ldap_session(my_session);
ELSE
my_session := p_session;
END IF;
attrs(1) := p_attr;
retval := DBMS_LDAP.search_s(my_session,
search_base,
DBMS_LDAP.SCOPE_SUBTREE,
'objectclass=*',
attrs,
0,
my_message);
my_entry := DBMS_LDAP.first_entry(my_session, my_message);
entry_index := 1;
--print('Got my_entry. Check to see if its null now');
WHILE my_entry IS NOT NULL
LOOP
--print('my_entry is not null');
my_retvals := DBMS_LDAP.get_values (my_session, my_entry, p_attr);
IF (my_retvals.COUNT = 1) THEN
attr_value := nvl(my_retvals(my_retvals.FIRST),'NO_ROWS_FOUND');
--print('Retrieved Value: '||p_attr||' = '||attr_value );
END IF;
IF (my_retvals.COUNT = 0) THEN
attr_value := 'NO_DATA_FOUND';
--print('Retrieved Value: '||p_attr||' = '||attr_value );
END IF;
IF (my_retvals.COUNT > 1) THEN
attr_value := 'TOO_MANY_ROWS';
--print('Retrieved Value: '||p_attr||' = '||attr_value );
END IF;
my_entry := DBMS_LDAP.next_entry(my_session, my_entry);
entry_index := entry_index+1;
END LOOP;
--print('YOu should have at lease one entry of "my_entry is not null"');
RETURN attr_value;
END get_attribute;
Similar Messages
-
List all users whos password has expired
Hi,
Is it possible to list all users whos password has expired in the R\3 system?
Thanks in advance,
AviadYou can use program RSUSR200.
On selection screen in block 'Selection by status of the password' select only 'Users with inactive passwords' checkbox. -
Scheduled Report Fails To Run If User Password Has Expired
Why can't a report, that has been scheduled for a user whose password has expired, continue to run and go to its predefined destinations?
A user doesn't know until he/she attempts to log in that there is a password expiration issue. They may have scheduled the report to go to a multitude of inboxes, but if their password has expired, the report doesn't run.
I can understand "some" issues with the necessity to stop the report until credentials are updated correctly. However, Business Objects doesn't notify a user until it has expired, thus making it too late for those expecting something in their inbox.
Is there any method of notifying users that their password is going to be expiring soon, in advance? In other words, is there any "proactive" feature within Business Objects for notifying the user of an upcoming need to change their password?
HepMeThere is nothing built in to BusinessObjects for this, but there may be third-party tools available or you can write code that would do this.
In Query Builder, run this query:
Select SI_ID, SI_Name, SI_LAST_PASSWORD_CHANGE_TIME, SI_UPDATE_TS, SI_LASTLOGONTIME
from CI_SYSTEMOBJECTS where SI_Kind = 'User' and SI_NAME != 'Administrator' and SI_NAME != 'Guest' and SI_PASSWORDEXPIRE = 1
order by SI_LAST_PASSWORD_CHANGE_TIME desc, SI_UPDATE_TS desc
Users who are new and haven't yet changed their password will not have a value for SI_LAST_PASSWORD_CHANGE_TIME, so you can use SI_UPDATE_TS to determine when they were created.
You could build an application that uses this query to determine who is getting close to password expiration and send out an email reminding those users to change their passwords.
-Dell -
How to find out the list of all user's whose passwords are expired
Hi
i had tried to find out the list of all user's whose passwords are expired.
i had written some jndi code by finding the max age and then find out the current time and subtracted this current time from max age using the following code
"Attributes attbts=ctx.getAttributes("cn=pwdpolicy");
String maxAge=(String)attbts.get("pwdMaxAge").get();
Date Today = new Date();
System.out.println("maxAge"+maxAge);
long curTime=(Today.getTime())-Long.parseLong(maxAge)*1000;"
and then parse it and create a string time as follows
String time=year+month+day+hour+minute+second+"Z";
where "year" "month" etc were parsed from curTime
now i can get the list by using following code
"String filterCriteria="(&(objectclass=person)(pwdChangedTime>="+time+")";
NamingEnumeration results = ctx.search(baseDN,filterCriteria, sc); "
but the current time which i am getting is the time of my system not the time of ldap server
so my questions are following;
1.Can there is any way by which i can get the tivole sever's system time.
2.If there is no way then can you suggest any other way to find out the list of user's whose passwords are expired.
please help me.
Thanks.
Krishan Rathi.Hi,
Thanx for ur reply..
I got the list from the table...
thanks,
sivagami -
"Password has expired" for user created via UME API
Hi,
I have written a service that processes new user accounts and uses the UME API to create them. The code works fine on my local Sneak Preview installation of EP6 SP16, allowing the created users to logon and forcing them to change their password on first login.
When I try and run this code on EP6 SP14 it completes without generating any exceptions but when I try and login I get the message "Password has expired" and cannot login or change the users password.
Does anyone know why?
I have the following UME settings for both servers:
ume.logon.security_policy.password_change_allowed = TRUE
ume.logon.security_policy.password_change_required = TRUE
ume.logon.security_policy.password_expire_days = 99999
The SP14 server also uses LDAP to authenticate users primarily and has the following setting:
ume.persistence.data_source_configuration = dataSourceConfiguration_ads_deep_readonly_db.xml
There are some other UME configuration differences but none that seem relevant to this problem.
Can anyone suggest what the problem might be?
Cheers,
Steve ArcherThe Xp machine is fine acessing the mb
its the macbook that is having a problem accessing the xp machine coz it says that the password has expired
but there is no password for the user on the xp machine that i am trying to access from my mb
so that would be:
xp to mb = fine all working
mb to xp = password expired even though no password required for the xp user -
SBS 2008 RWW displays "Your password has expired. Change it on the Change Password page."
I have one User Account that when logging into RWW , a dialog (as attached) comes up? From my experience, when a password needs to be changed you are simply taken to the change password screen to enter old password and new. This AD account even has Password
does not expire set.
Even after changing password in AD this comes up - there are some other worrying things happening with this account as when the User opened their mailbox all of their Unread Items were marked as Read. Not sure if this is related.
When I login with another Test User Account, I cannot force the same dialog to come up and a google does not show me much.
Could RWW of been compromised or is there something in User AD Account? I ended up resetting Users' password via AD just to be safe, but dialog still comes up.Hi,
Did this encounter for all the user accounts or just for a specific one?
In general,if it is determined that the user must change the password upon logging on to the site (for example, the password has expired or set to User must change password at next logon), the logon page will present that error message to the user.
Please check the prperties of that user account to see if you have selected "User must change password at next logon"check box.
In addition, please check the default domain policy via the path below: Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy
Pleae check the value you have configured for “Maximum password age”.
Best regards,
Susie
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Error: Your password has expired
I get the following error when login to Oracle9iAS Portal as portal owner user, how do I reset the password?
Error: Your password has expired, please contact the directory administrator to reset your password (WWC-53069)Go to <ORACLE_HOME>/bin and launch oidadmin
Once Oracle Directory Manage Interface comes up, connect to your OID server as user "orcladmin".
The password will be the same as the one that you have provided at installation time.
Now go to
Entry Management
For me the entries were like the following
cn=com,cn=oracle,cn=idc,cn=users,cn=portal
change the userPassword attribute in your corresponding entry. Now try to log in to portal with the new password and it should work.
Regards,
Nachiketa -
"your password has expired" popup
I do not have any SR left with Novell.
How can I obtain the fix in VO as mentioned?
"your password has expired" popup after user changes admin set password
in Virtual Office
http://www.novell.com/support/viewCo...6911&sliceId=1
"your password has expired" popup after user changes admin set password
in Virtual Office
This document (3456911) is provided subject to the disclaimer at the end
of this document.
Environment
Novell Virtual Office
Situation
After the user first logs in (or after admin resets the password) and is
prompted to change their password. After the password is changed
succesfully a further popup box appears "Your Password is expired". The
user can cancel this box and continue. This behavior does not occur
outside of Virtual Office.
Resolution
Submitted to development.
Fix is available by request.
Status
Reported to Engineering
Additional Information
Formerly known as doc # 135
To Reproduce:
NetWare 6.5 Support Pack 5
Add a UP policy to a container, set policy to expire password after 30
days and give 6 grace logins.
Add forgotten password option and use the sample challenge set.
Create a new user in this container. No Other container or user password
restrictions other than the defaults should be set. Login to VO as the
user - get prompted to change the password.
After Changing Password, the POP UP will appear saying password has expired.
If you disable the grace logins from the UP Policy this works fine.
Document
Document ID: 3456911
Creation Date: 03-27-2007
Modified Date: 06-24-2008
Novell Product: Open Enterprise ServerDrumDude wrote:
>Any Luck in getting the patch?
Alas, our official Novell contacts are on vacation. I received an
unofficial answer that you should try to open an incident and try to
reclaim your money afterwards.
Marcel Cox
http://support.novell.com/forums
Marcel Cox's Profile: http://forums.novell.com/member.php?userid=8 -
Obiee 11g How to let user change password
obiee 11g How to let user change password ?
i not mean use weblogic console。 normal user how to change password。With 11g, OBIEE essentially uses the 10g notion of external authentication.
By default, this is done by the WLS (Weblogic) LDAP identity store, but it may be done by another supported Authenticator either within WLS, or in the OBIS meta data (i.e. Custom Authenticator or LDAP). As such, OBIEE no longer has any control over user passwords; this is why the steps referenced in note 1102353.1 do not apply to OBIEE 11g, but only to internal/repository-defined users in OBIEE 10g.
So, as with password maintenance in OBIEE 10g when an external authenticator is used, it is within that external authentication system that password is changed, not within OBIEE 11g. There is no option in OBIEE 11g to allow users to change passwords.
There are two work-arounds with which you can change your password:
1) From the Weblogic administration console/WLST.
You need to give such user access into Weblogic console or access to browse through involved MBean hierarchy and other modify permissions. Changing the password using WLST instance is covered here:
Ideally, the console and WLST approaches are used by Administration accounts to manage other users. But the console and WLST can be made to allow other users to change passwords (which will be more or less like carrying out an administrative task by users themselves)
2) Using a programmatic approach.
Here the application that intends to provide password change functionality to its users should implement this functionality on its own (GUI plus call to the relevant Weblogic API). Weblogic provides an MBean that the application can use to accomplish this. See here for more information.
An enhancement request exists for this functionality. This is unpublished bug 11836170 - enable non admin users to change passwords in obiee 11g. -
Not able to connect to database: ORA-28001: the password has expired
I started getting the 'password has expired' error in my SOA server log today (six months after installing my SOA Suite 11.1.1.4 development environment). I found a tip in an old forum thread:
Failed to connect to database instance: ORA-28001: the password has expired
and changed the password expiration time as suggested, and bounced my SOA server hoping for the best. But I'm still getting the password has expired error. Is there a way to clear that out so that I don't have to go back and figure out which user(s) are being affected and what their passwords should be reset back to so that my SOA environment will work again? Thanks!Hi,
Better to check the password_life_time unlimited for all your schemas, suppose your prefix is DEV you may have:
DEV_MDS
DEV_ORABAM
DEV_ORASDPM
DEV_SOAINFRA
Cheers,
Vlad -
Sneak Preview SP15: Password has expired
Hi,
today I installed the Netweaver 04 SP15 Sneak preview. The first thing I did was creating a new portal user, and I assigned the end user role, which worked fine.
When I try to log in as the new user, I always get a "Password has expired" message (not the usual initial password change, I just cannot log in). I also reset the password as admin, but it doesn't help.
The user view shows today as last password change, expiration time is 99999 days. There are no special characters in the password.
System is Windows Server 2003, JDK 1.4.2_08.
Thanks in advance,
Markus
Message was edited by: Markus Wagner
Found a solution. In J2EE Administration -> Security Provider, I checked the "No password change required" option. That doesn't really solve the problem, but I can login, which is fine for me.You have to log in locally on the machine, on which the portal is running (or at least, that's the easiest way). Start the Visual Administrator tool with the go.bat (or the go script for *X systems) in C:\usr\sap\J2E\JC00\j2ee\admin.
Select the default connection and log in as admin. Then navigate in the tree to Server/Services/Security Provider. Change to tab User Management. Then look for the user and select it. Click on the edit button above the tabs (I had a bit trouble finding that) and select the "No passwort change required" checkbox, a bit below the middle of the window. Do that for each user and then switch back to read only mode.
Markus -
right here we go....
i have got past all the problems connecting my xp machine to my macbook.
but now when i connect my macbook to the xp machine it asks for the username and password as normal but says that the password has expired. The user i have on the xp machine does not have a password so cant expire, this use to work on tiger with out a problem
i have tried using the IP address but it does the same thing.
any solutions or work arounds?The Xp machine is fine acessing the mb
its the macbook that is having a problem accessing the xp machine coz it says that the password has expired
but there is no password for the user on the xp machine that i am trying to access from my mb
so that would be:
xp to mb = fine all working
mb to xp = password expired even though no password required for the xp user -
Password has expired + port change
Dear friends, i have managed to install NW04 SP15, and can login using the admin/admin combination. when i create another user or try to login using the Administrator loginid it gives me an error "Password has expired". Can some one help me solve this issue.
Also i want to change the 50000 port to the default port of 80. is this possible if yes where is the option to get this done...any help will be appreciatedHi Glenn,
When you have created the users then you must have given some roles to them. If any of the user you have created has User Administration role, then you can change the password of the "ADMIN" user.
Apart from that you can also set the initial values of admin user from the visual Administration. You can change the setting of the Administrator UID/Pass to defualt which changes it back to admin/admin. I hope these would help you.
Also, I dont know why do you want to change the port to 80. Actually when you install Portal 50000 is the defualt port for it. It is not the 80 port which we generally wants. This is SAP specific port. The port number depends on the J2ee Instance installed at the installation of the Poratl. So I would say that there is no need for changing this port.
Regards
Pravesh
PS: Please consider rewarding points if helpful. -
My ipad says my password has expired and has me locked out
How do I reset my iPad password when it say my password has expired and won't let me log on?
Hey Elizabeth VP
If the iPad is disabled, then the only option is to restore the iPad to the factory defaults. The articles below will explain how to take care of that and sort you out.
iOS: Forgotten passcode or device disabled after entering wrong passcode
http://support.apple.com/kb/ht1212
iOS: Unable to update or restore
http://support.apple.com/kb/HT1808
Thanks for using Apple Support Communities.
Regards,
-Norm G. -
Dears,
I am facing a strange issue from a long time.I am using ECC5 having ABAP+JAVA Stack.When ever I reset password of any user by SU01 and then login on Portal first time with this new password,A window open to change my first password but on its top it is also showing error:
"Password has expired"
While after entering old and new password it takes new password and work perfectly but not getting while at first logon it shows this error message.
Please suggest.
ShivamHi,
Pls refer Portal Security policy.
[http://help.sap.com/saphelp_nw04s/helpdata/en/b5/16c43bdd3da244a1d3372a77b5f83f/frameset.htm]
[http://help.sap.com/saphelp_nw70/helpdata/EN/52/4c6c3e58d0d064e10000000a114084/frameset.htm]
Also chk the link
[Stopping Initial Password Change;
Regards
Baby
Maybe you are looking for
-
Any suggestions would be greatly appreciated!
-
Updated iphone 5 with ios 6.1 - lost all Sim contacts - how do I get them back?
I updated my iphone 5 last night to the latest update 6.1 (and signed into the cloud for the first time) and now all my SIM contacts are gone....only my Facebook ones remain. How can I get them back?
-
Hi Gurus, I have write a copa report , i have assigned in KE4I sd condition type to value filed, so +/- are assigned in PR00 and VPRS condition typs ..still i am getting wrong value ..ie Reversal document value also add to the report ex billing doc
-
Not in GZIP format error while trying to unzip the file
I'm using GZIPInputStream in order to read data from zipped file. It worked perfectly from command line. I have to execute the same code from crontab and it gave me the exception: java.io.IOException: Not in GZIP format It tries to check the GZIP_MAG
-
Hi, I am working on ALE for Activity allocation. I am using 3 methods in my distribution model. I need to transfer data from ECC 6.0 source system to R/3 4.7. BUS6010 Method POST & CHECK BUS2072 Method FINDDETAILS I am using the Program RHINLV00_LSO