Introducing a custom Password policy to expire passwords. odsee 11g - what are the expected results

We have left the default Password Policy untouched. As a default password aging is off. Our DS compatibility mode is now DS6 so we can add Password Policies with max age!
Some users need to have their passwords changed regularly due to political reasons.
We have introduced a custom Password Policy which has a pwd_Max_age value of 180 days and allows the user to Change Password. Entry is cn=Custom Pwd Policy for ABC,dc=mycorp,dc=com
Ok. Now we get confused by the behaviour of this ODSEE 11g server. Now, we are ADDING a new custom Password Policy to just a few selected users!
1. When we add the Policy to the user by setting the passwordpolicysubentry attribute = "cn=Custom Pwd Policy for ABC,dc=mycorp,dc=com"
- Nothing seems to happen.
- WHEN IS THE PASSWORD EXPIRED?
2. After we change a password for a user who has the passwordpolicysubentry attribute, he gains a new attribute pwdChangedTime
- IS THIS THE ONLY TIME THE EXPIRY CLOCK STARTS TICKING? *AFTER* THE PASSWORD IS CHANGED?
3. Is it true, that if a user never changes his password, even if he gets the new custom password policy applied, his password never automatically expires????
I just cannot work out what is supposed to happen. I would have hoped that at the very least, the password begins to expires as soon as he gets a Password Policy with pwd_Max_age set.
How is ODSEE 11g designed/supposed to function.
Help!!!!!
*HH

Sylvain ,Many thanks for your reply and suggestions. Always good to have a choice!
So it seems the only way to get the password aging clock to tick is for the password to be changed after having the password policy applied.
Option1 is not really an option although it certainly would make the users change the password and set up the password aging...
The main difficulty with odsee 11g  (Version 11.1.1.7.0) is that pwdChangedTime is a system read-only attribute linked to a modification to userPassword attribute, I cannot use ldapmodify to add/modify the pwdChangedTime attribute.
I was amazed that I can read/store the userpassword as the base64 string and replace the userpassword attribute with this value using ldapmodify. This is very easy (and works!) but will cause the pwdChangedTime attribute to contain the same time for all users. I can imagine helpdesk loving it when everyone calls them in 6 months time.
Using the LDIF backup/restore utility looks the best option, if it succeeds. At least we can randomize the actual value of pwdChangedTime with this approach.
Mercy Buckets.

Similar Messages

  • What are the username and password when i click the ICM of JavaEE5@SAP

    when i click the ICM of JavaEE5@SAP in the sapmanagement console mmc, It need i input the username and password for Web_admin, What are the username and password when i click the ICM of JavaEE5@SAP and which tools act the role as the VisualAdministrator of NetWeaver04s and NetWeaver2004s?
    thank you very much

    Hello Guoging,
    you can login to ICM with username Administrator and password abc123. That is described in the start.html file, which you can find in the unzipped Downloadpackage of SAP NetWeaver Java EE 5 Edition.
    You can use NetWeaverAdministrator(NWA) or config tool to configure this edition. NWA
    needs to be installed separately. If you have a default installation, go to
    C:SAPJP1JC00j2eeNWAdmin and execute the file install.bat. Ensure that NetWeaver is running, enter user Administrator und the Masterpassword you chose during installation and wait around 20 Minutes or more. NWA is started automatically after installation has finished in your webbrowser.
    For more information on NWA read the Administrationguide
    <a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/806e75a0-0e01-0010-2587-fc518de8ac1a">Administration Guide</a>

  • What are the defaul username and password for SQL Plus ?

    hello, what are the defaul username and password for SQL Plus ? i'm using the client 11.2.0.1

    You'll need to download the full database installation files for the platform you are using. They are two .zip files, about 2.2 gig total.
    I'm not going to give you the link because you should be able to find it easily. You have to read and accept the license agreement anyway.
    When you install it, you'll be given several options about the type of database you want.
    But before you install anything, you should read the installation manual for your platform.

  • What are the steps to reseting the administrator password with the mac os x installation dvd?

    what are the steps to reseting teh administrator password with the mac os x installation dvd?

    See OS X- Changing or resetting an account password.

  • What are the possible reasons why I cannot reactivate using my AppleID, even though I already change its password with the help of Apple personel

    What are the possible reasons why I cannot reactivate my Iphone5 using my AppleID, even though I already change its password with the help Apple personel

    If the password for your Apple ID works at id.apple.com > Manage Apple ID, then it's likely that the Apple ID the device wants you use is not the same as the Apple ID you are using.
    Exactly what screen are you at on your iPhone?  It sounds like it is in Activation Lock.

  • HT2731 what are the apple id password requirements?

    what are the apple id password requirements?

    As I recall an Apple ID password is required to have:
    At least 8 characters.
    At least one character must be a letter.
    At least one character must be a capital letter.
    At least one character must be a number.
    No special characters except "_".

  • What are the default userid and password to logon to Oracle Applications

    What are the default userids and passwords to logon to Oracle Applications Manager?

    There r no any default password for Application Manager,
    However userID is applmgr and if I have to create a password for applmgr I would do that as welcome or welcome1 so the applmgr user can change it when he/she log on first time as needed.

  • I'm trying to activate icloud.  It asks me to verify my e-mail address by entering my username and password.  It keeps refusing to accept my password.  I've have changed the password twice now.  Still the same result.  What do I do?

    I'm trying to activate icloud.  It asks me to verify my e-mail address by entering my username and password.  It keeps refusing to accept my password.  I've have changed the password twice now.  Still the same result. It did however accepted my password to join Apple Support Communites just now. What do I do?

      I had the same promblem using my ipad2, I thought i was going crazy, then I noticed once when I put my user name in and checked it was right, one time it dropped the last letter of my U/N as went to hit submit so i went back put the deleted "m" back into ".com", hit enter, put in my password multiple times, tripple checked, no joy. So I hit remote on my iphone4s did the same UN/PW and it worked first time! I had the same promblem with accessing YouTube - I know I was putting the right UN/PW in but it wouldn't let me in, then miraculously one time it did... could be a letter dropping bug...

  • What are the possible approches for hosting a product(custom SP application) for multiple clients on a single SharePoint farm?

    We have a product which is a custom application based on SharePoint Foundation 2010. Right now, for each of our client we create a dedicated server and host the application in the standalone deployment. Now, the requirement is to host multiple clients in a
    farm deployment.
    Challenges are: 1. The product has same name for the wsp that is deployed on different client servers as of now. How to distinguish for different clients on same farm
    Currently the product specific css and jquery is in 14 hive. These files will be of difefrent versions for different client. How to segregate that?
    How many web applications is recommend to be created in a single SPF 2010 farm? What are the challenges?
    There are a couple of DBs created in SQL for the application. What is the best way to separate those for the client?
    Essentially its the same product but with different versions for each client that we want to deploy in a single farm. What is the best practice to tackle this?

    For the most part, these are not SharePoint questions per se, but product-specific questions you'd better ask the vendor about. To get in some more detail:
    1. It totally depends on the scope of the solution. If its global, then you're out of luck and any changes you make affect all instances that use it. Better ask the vendor about it.
    2. Not that many, let's say < 10, assuming you're web applications have separate application pools. Check out  http://technet.microsoft.com/en-us/library/cc262787(v=office.14).aspx#WebApplication for
    more info.
    3. This is very application specific and really should be answered by the vendor. Not related to SharePoint at all.
    4. Again, really depends on the product so better ask the vendor.
    Good luck!
    Kind regards,
    Margriet Bruggeman
    Lois & Clark IT Services
    web site: http://www.loisandclark.eu
    blog: http://www.sharepointdragons.com

  • What are the avlble methods to Measure  Quality of Customer Service in SAP

    Hi
    We are in Retail business, and I would like to know what are the available methods to measure the Quality of Customer service in SAP CRM. Help us to get the required information?
    Best regards

    Venkat,
    there are two aspects to this :
    1. The overall philosophy ( for want of a better word ) of QOS for any service - there is a lot of thought that has gone into measuring QOS for a service - hence I would say that QOS is more related to the specific service than the entire domain.
    2. Measuring the quality of service in terms of what ? - there are a lot of KPIs for the same some of them could be :
    Average time taken to service a customer
    Does the customer get all that they want in the store or only some of the items ( partial fill)
    Are the products neatly arranged and easy to access
    average time taken for the customer to get what h/she needs
    customer facilities like parking / childern play area etc
    Availability of attendants / helpers for the customer
    home delivery
    credit options... etc etc and the list could go on endlessly ... as you can see it is very specific to the service being provided and accordingly you will get KPIs for the same.
    As for measauring the same - there are umpteen ways to do the samedepending on the place it gets recorded - you can have surveys / web surveys / POS details etc etc - what is it that you are looking for specifically ?
    Arun
    Hope it helps....
    Message was edited by:
            Arun Varadarajan

  • What are the steps to make it seamless for a customer to use the install program and then use the installed program?

    I wrote an install program (.exe) that is downloaded from a website.  When run, it 1) leads a customer to browse to a directory, and 2) copies files (.exe, .dll, etc.) from a website to that directory.  When I run, the installed program works.
    What are the steps to make it seamless for a customer to use the install program and then use the installed program? 
    bhs67

    This site https://msdn.microsoft.com/en-us/library/vstudio/2kt85ked%28v=vs.110%29.aspx provides a basic description of the Visual Studio Windows Installer. 
    Near the bottom of the page is "You can unlock all the features of InstallShield by paying to upgrade to the full version of InstallShield."  Where do I find info that describes the differences between the "free" and the "full"
    versions?
    bhs67
    Hello,
    The default feature does support the task for your requirement, so there is no need to pay for the other features unless you want to use some feature which is not free.
    In addition, as this thread
    InstallShield LE not available with VS 2012 RTM? shared, even through there is a link to InstallShield LE in the New Project dialog under Deployment solutions, but it belongs to third-party that I would recommend you consider posting this issue
    at the following forum to get supports about InstallShield.
    http://community.flexerasoftware.com/forumdisplay.php?133-InstallShield
    Regards.
    Carl
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • What are the different Smartforms available for customer letters

    Hi Gurus,
    what are the standard layout sets available in Smartforms?.. How can I modify them.
    I would like to find out the particular smartform in the domain of QM.
    I am trying to generate a customer letter in smartforms with the sold-to-party details on top and the material he ordered in the body of the letter with other details like the quality process which we used and also I want to generate this form in .pdf and .doc formats for printing and faxing aswell.
    Please help me in this issue.
    Thanks in Advance.
    Kind Regards,
    Praveen

    Hi Praveen,
    for generating a standard type smartform u can find them in TNAPR table entries. but if u wanna have a customised SF then u have to create it.
    for converting SF to PDF
    first convert the smartform output which is in rtf format to otf format using covert_otf FM then use FM convert to PDF and then use Fm API_SEND to send it as a mail..
    the following code can be applied...partly the logic is right and not all the code.
    TABLES: zKTREE_t1,sflight.
    DATA: cparam TYPE ssfctrlop,
    outop TYPE ssfcompop,
    fm_name TYPE rs38l_fnam,
    my_tabix TYPE sy-tabix,
    file_size TYPE i,
    bin_filesize TYPE i.
    DATA: tab_otf_data TYPE ssfcrescl,
    pdf_tab LIKE tline OCCURS 0 WITH HEADER LINE,
    itab LIKE TABLE OF zshail_t1 WITH HEADER LINE,
    otab TYPE TABLE OF sflight WITH HEADER LINE,
    tab_otf_final TYPE itcoo OCCURS 0 WITH HEADER LINE.
    start-of-selection.
    suppressing the dialog box****************************
    outop-tddest = 'LP01'.
    cparam-no_dialog = 'X'.
    cparam-preview = space.
    cparam-getotf = 'X'.
    ****************for the first smartform*******************************
    CALL FUNCTION 'SSF_FUNCTION_MODULE_NAME'
    EXPORTING
    formname = 'ZSHAIL_SMFORM2'
    VARIANT = ' '
    DIRECT_CALL = ' '
    IMPORTING
    fm_name = fm_name
    EXCEPTIONS
    no_form = 1
    no_function_module = 2
    OTHERS = 3
    IF sy-subrc <> 0.
    MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
    WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
    ENDIF.
    SELECT my_id my_income my_name FROM zshail_t1 INTO TABLE itab.
    CALL FUNCTION fm_name
    EXPORTING
    ARCHIVE_INDEX =
    ARCHIVE_INDEX_TAB =
    ARCHIVE_PARAMETERS =
    control_parameters = cparam
    MAIL_APPL_OBJ =
    MAIL_RECIPIENT =
    MAIL_SENDER =
    output_options = outop
    user_settings = space
    IMPORTING
    DOCUMENT_OUTPUT_INFO =
    job_output_info = tab_otf_data
    JOB_OUTPUT_OPTIONS =
    TABLES
    it_tab = itab[]
    EXCEPTIONS
    formatting_error = 1
    internal_error = 2
    send_error = 3
    user_canceled = 4
    OTHERS = 5
    IF sy-subrc <> 0.
    MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
    WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
    ENDIF.
    *********appending the otf data into the final table*********************
    tab_otf_final[] = tab_otf_data-otfdata[].
    **removing the initial and final markers from the OTF data*********
    DELETE tab_otf_data-otfdata WHERE tdprintcom = '//'.
    searching for the end-of-page in OTF table************
    READ TABLE tab_otf_final WITH KEY tdprintcom = 'EP'.
    my_tabix = sy-tabix + 1.
    appending the modified OTF table to the final OTF table****
    INSERT LINES OF tab_otf_data-otfdata INTO tab_otf_final INDEX my_tabix.
    finally call the Fm SO_NEW_DOCUMENT_ATT_SEND_API1
    to send as email for this u need to populate the reciepent fields properly 
    g_cont_par-device = 'MAIL'.
    Get BOR-Objects for Recipient, Sender und Applikation
    PERFORM mail_recipient_object CHANGING g_mail_rec_obj.
    PERFORM mail_sender_object CHANGING g_mail_sen_obj.
    PERFORM mail_appl_object CHANGING g_mail_app_obj.
    Calling Smartform
    CALL FUNCTION fm_name
    EXPORTING
    ARCHIVE_INDEX =
    ARCHIVE_INDEX_TAB =
    ARCHIVE_PARAMETERS =
    control_parameters = g_cont_par
    mail_appl_obj = g_mail_app_obj
    mail_recipient = g_mail_rec_obj
    mail_sender = g_mail_sen_obj
    output_options = g_output
    user_settings = ' '
    IMPORTING
    ... rest of function ...
    Here are the Forms:
    *& Form mail_recipient_object
    text
    <--P_G_MAIL_REC_OBJ text
    FORM mail_recipient_object CHANGING p_mail_rec_obj.
    CALL FUNCTION 'CREATE_RECIPIENT_OBJ_PPF'
    EXPORTING
    IP_COUNTRY =
    IP_FAXNO =
    ip_mailaddr = g_mail "g_mail type
    "SO_NAME.
    ip_type_id = g_rectype " 'U'
    IMPORTING
    ep_recipient_id = p_mail_rec_obj
    EP_ADDRESS =
    ET_RECIPIENT =
    EXCEPTIONS
    invalid_recipient = 1
    OTHERS = 2
    IF sy-subrc <> 0.
    MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
    WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
    ENDIF.
    ENDFORM. " mail_recipient_object
    *& Form mail_sender_object
    text
    <--P_G_MAIL_SEN_OBJ text
    FORM mail_sender_object CHANGING p_mail_sen_obj.
    CALL FUNCTION 'CREATE_SENDER_OBJECT_PPF'
    EXPORTING
    ip_sender = sy-uname
    IMPORTING
    ep_sender_id = p_mail_sen_obj
    EXCEPTIONS
    invalid_sender = 1
    OTHERS = 2.
    IF sy-subrc <> 0.
    MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
    WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
    ENDIF.
    ENDFORM. " mail_sender_object
    *& Form mail_appl_object
    text
    <--P_G_MAIL_APP_OBJ text
    FORM mail_appl_object CHANGING p_mail_app_obj.
    SELECT * FROM soud WHERE sapnam LIKE sy-uname AND deleted = ' '.
    ENDSELECT.
    IF sy-subrc NE 0.
    CALL FUNCTION 'SO_USER_AUTOMATIC_INSERT'
    EXPORTING
    sapname = sy-uname
    EXCEPTIONS
    no_insert = 1
    sap_name_exist = 2
    x_error = 3
    OTHERS = 4.
    IF sy-subrc NE 0.
    CLEAR soud.
    ELSE.
    SELECT * FROM soud WHERE sapnam LIKE sy-uname AND deleted = ' '.
    ENDSELECT.
    ENDIF.
    ENDIF.
    CLEAR sofmfol_key.
    sofmfol_key-type = 'FOL'.
    sofmfol_key-year = soud-inbyr.
    sofmfol_key-number = soud-inbno.
    bor_key = sofmfol_key.
    IF NOT bor_key IS INITIAL.
    swc_create_object folder 'SOFMFOL' bor_key.
    IF sy-subrc = 0.
    swc_object_to_persistent folder p_mail_app_obj.
    IF sy-subrc NE 0.
    CLEAR p_mail_app_obj.
    ENDIF.
    ENDIF.
    ELSE.
    CLEAR p_mail_app_obj.
    ENDIF.
    ENDFORM. " mail_appl_object
    Message was edited by:
            Durgaprasad Kare
    Message was edited by:
            Durgaprasad Kare

  • I have a Win7Pro SP1 PC locked down with a Group Policy as it is a public facing PC. PDF fillable forms cannot be completed when logged on as the restricted user. The forms work as a normal user. What are the user requirements/permissions needed to fill f

    I have a Win7Pro SP1 PC locked down with a Group Policy as it is a public facing PC. PDF fillable forms cannot be completed when logged on as the restricted user. The forms work as a normal user. What are the user requirements/permissions needed to fill forms?

    Well, try this (I was able to fix my with these steps):
    Go Utilities > Disk Utility
    Select your Startup Disk, e.g. Macintosh HD
    Then, under the First Aid Tab, click Verify Disk Permissions.
    If there are errors, then click repair Disk Permissions.
    After it is done, restart the computer and see if your problem is resolved.
    I hope this help.
    Zeke
    www.ZekeYuen.com/blog/

  • What are the seven steps of Creation of Customs declaration

    Hi Friends,
    What are the seven steps of Creation of Customs declaration.
    Thanks in advance
    Suma

    Hi Suma,
    Where have you heard or read that there are seven steps?  That is a closely-guarded secret, known only to GTS gurus .
    Regards,
    Dave

  • How to know what are the privs for one custom schema?

    how to know what are the privs for one custom schema?
    please suggest me......

    Hi,
    Check this user_sys_privs
    Cheers
    Pavan Kumar N

Maybe you are looking for