LDAP Password rules in Portal

Similar Messages

• Java and ABAP system, setting new password rules

  Hello,
  we have a ecc 6.0 and in front for the users we have a portal based on netweaver 7.0. Our security colleagues told us, to change the password rules based on our new security book. the portal is getting the users via ume and the datasource is the abap system (ecc 6.0). All users accessing the form the portal to the backend system are communication users. my question now. there are two possiblities to change password rules settings. one in the java system and the other on the abap system. where should be implement the password rules? would the changes on the abap system also affect the java system?
  regards,
  alexander tuerk

  > we have a ecc 6.0 and in front for the users we have a portal based on netweaver 7.0. Our security colleagues told us, to change the password rules based on our new security book. the portal is getting the users via ume and the datasource is the abap system (ecc 6.0).
  For password rules please check the documentation: [Logon and Password Security in the SAP System|http://help.sap.com/saphelp_nw04/helpdata/en/52/6717ed439b11d1896f0000e8322d00/content.htm]
  [Profile Parameters for Logon and Password (Login Parameters)|http://help.sap.com/saphelp_nw04/helpdata/en/32/20709747d649e8bc74e084d0b2432c/frameset.htm]
  and the SAP Note: [Note 862989 - New password rules as of SAP NetWeaver 2004s (NW ABAP 7.0)|https://service.sap.com/sap/support/notes/862989]
  [2467 - Password rules and preventing incorrect logons|https://service.sap.com/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=0000002467&nlang=E]
  All users accessing the form the portal to the backend system are communication users. my question now. there are two possiblities to change password rules settings. one in the java system and the other on the abap system. where should be implement the password rules? would the changes on the abap system also affect the java system?
  Please go through the following Link: [Users and Passwords for AS JAVA|http://help.sap.com/saphelp_nw04/helpdata/en/3d/addc3ed98f7650e10000000a114084/content.htm]
  Regards,
  Dipanjan

• Edit password rules only for BCC user

  Hi all,
  our customer has requested some changes on the password rules only for BCC users.
  So, i should change the follow component:
  /atg/userprofiling/passwordchecker/PasswordMinLengthRule
  /atg/userprofiling/passwordchecker/PasswordMixedCaseRule
  /atg/userprofiling/passwordchecker/PasswordMustIncludeNumberRule
  /atg/userprofiling/passwordchecker/PasswordMustIncludeSymbolRule
  /atg/userprofiling/passwordchecker/InternalPasswordMustNotIncludeLogin
  /atg/userprofiling/passwordchecker/InternalPasswordNotInPreviousNRule
  But the component password rules above, should be changed only for the BCC users. How can i do this?
  Edited by: user7618461 on 30-set-2011 3.45

  Hi Christoph,
  in your Identity Store, you can use LDAP Server as authentification method (Tab Workflow). You need an attribute which contains the DN of the users and fill out port and host of your directory. That means that the PW can remain in the AD. Just try it, haven't used this possibility yet. You could also use Kerberos via AD instead. These scenarios don't cover your requirement that some might be without an AD account (which is not that common).
  Otherwise it's getting difficult again to get all passwords at once from your AD. You have to decrypt the passwords without a key...  AD could store a lower encrypted password for NT4, which makes this a bit easier, but still "unesthetic". You get these hashes via SSL and not with the common initial load jobs.
  The PW-Hook gets the passwords before they are set. That's why you could store and ecrypt the new passwords in the Identity Store and wait for 1 or 2 months till everyone had to change their password (if you use this policy).
  Best regards,
  Nils
  Edited by: Nils Sibold on Jul 18, 2008 3:10 PM

• Exception when executing rules using portal

  Sorry for the unformatted post, but this is all I can do with the HTML client.....
  It looks like the p13nConsoleApp is not deployed properly.
  We are receiving the following exception when we execute a 'rule' in portal.
  ava.rmi.RemoteException: Error in ejbCreate:; nested exception is: javax.ejb.CreateException:
  javax.management.InstanceNotFoundException: Unable to find EventServiceConfig=null
  with parent twistDomain:ApplicationConfig=soe,Location=twist,Name=soe,Type=ApplicationConfigurationConfig.
  javax.ejb.CreateException: javax.management.InstanceNotFoundException: Unable
  to find EventServiceConfig=null with parent twistDomain:ApplicationConfig=soe,Location=twist,Name=soe,Type=ApplicationConfigurationConfig.
  at com.bea.p13n.events.internal.EventServiceBean.ejbCreate(EventServiceBean.java:154)
  at com.bea.p13n.events.internal.EventServiceBean_kh7q5h_Impl.ejbCreate(EventServiceBean_kh7q5h_Impl.java:117)
  at java.lang.reflect.Method.invoke(Native Method) at weblogic.ejb20.pool.StatelessSessionPool.createBean(StatelessSessionPool.java:151)
  at weblogic.ejb20.pool.StatelessSessionPool.getBean(StatelessSessionPool.java:101)
  at weblogic.ejb20.manager.StatelessManager.preInvoke(StatelessManager.java:148)
  at weblogic.ejb20.internal.BaseEJBObject.preInvoke(BaseEJBObject.java:127) at
  weblogic.ejb20.internal.StatelessEJBObject.preInvoke(StatelessEJBObject.java:61)
  at com.bea.p13n.events.internal.EventServiceBean_kh7q5h_EOImpl.dispatchEvent(EventServiceBean_kh7q5h_EOImpl.java:29)
  at com.bea.p13n.tracking.TrackingEventHelper.dispatchEvent(TrackingEventHelper.java:132)
  at com.bea.p13n.rules.advislets.RulesAdvisletImpl.sendRuleEvent(RulesAdvisletImpl.java:386)
  at com.bea.p13n.rules.advislets.RulesAdvisletImpl.getAdvice(RulesAdvisletImpl.java:211)
  at com.bea.p13n.advisor.internal.AdvisorImpl.getAdvice(AdvisorImpl.java:89) at
  com.bea.p13n.advisor.internal.CompoundAdvisletImpl.getAdvice(CompoundAdvisletImpl.java:102)
  at com.bea.p13n.advisor.internal.AdvisorImpl.getAdvice(AdvisorImpl.java:89) at
  com.bea.p13n.advisor.internal.EjbAdvisorImpl.getAdvice(EjbAdvisorImpl.java:77)
  at com.bea.p13n.advisor.internal.EjbAdvisorImpl_8wtzgj_EOImpl.getAdvice(EjbAdvisorImpl_8wtzgj_EOImpl.java:102)
  at com.bea.p13n.servlets.jsp.taglib.DivTag.includeBody(DivTag.java:115) at com.bea.p13n.servlets.jsp.taglib.DivTag.doStartTag(DivTag.java:181)
  at jsp_servlet.__billinginformation_mainsummary._jspService(__billinginformation_mainsummary.java:822)
  On the console it appears that the p13nConsoleApp is not deployed.
  Here is our config.xml file
  <?xml version="1.0" encoding="UTF-8"?> <!--Last updated on: Tue Mar 11 12:56:06
  GMT-07:00 2003, If your domain is active, please do not edit the config.xml file.
  Any changes made to that file while the domain is active will not have any effect
  on the domain's configuration and are likely to be lost. If your domain is inactive,
  you may edit this file with an XML editor. If you do so, please refer to the BEA
  Weblogic Server Configuration Reference documentation available from http://edocs.bea.com/wls/docs70/config_xml.
  In general, we recommend that changes to your configuration file be made through
  the Administration Console.--> <Domain ConfigurationVersion="7.0.0.0" Name="twistDomain">
  app tag removed <!--- Application Deployed="true" Name="p13nConsoleApp" Path="/opt/bea7sp1/weblogic700/portal/lib"
  TwoPhase="true"> <WebAppComponent Name="p13nConsole" Targets="twist" URI="p13nConsole.war"/>
  </Application> <Application Deployed="true" Name="soe" Path="./applications/soeApp.ear"
  StagedTargets="" TwoPhase="true"> <ApplicationConfiguration Name="soe" Targets="twist"
  URI="META-INF/application-config.xml"/> <EJBComponent Name="SOE_usermgmt" Targets="twist"
  URI="SOE_usermgmt.jar"/> <EJBComponent Name="accountMgmt" Targets="twist" URI="accountMgmt.jar"/>
  <EJBComponent Name="c2kmaintenance" Targets="twist" URI="c2kmaintenance.jar"/>
  <EJBComponent Name="ejbadvisor" Targets="twist" URI="ejbadvisor.jar"/> <EJBComponent
  Name="events" Targets="twist" URI="events.jar"/> <EJBComponent Name="failOver"
  Targets="twist" URI="failOver.jar"/> <EJBComponent Name="orderMgmt" Targets="twist"
  URI="orderMgmt.jar"/> <EJBComponent Name="pipeline" Targets="twist" URI="pipeline.jar"/>
  <EJBComponent Name="property" Targets="twist" URI="property.jar"/> <EJBComponent
  Name="referenceData" Targets="twist" URI="referenceData.jar"/> <EJBComponent Name="rules"
  Targets="twist" URI="rules.jar"/> <EJBComponent Name="services" Targets="twist"
  URI="services.jar"/> <EJBComponent Name="tuxedoServices" Targets="twist" URI="tuxedoServices.jar"/>
  <WebAppComponent Name="masterDataSync.war" URI="masterDataSync.war"/> <WebAppComponent
  Name="orderService" Targets="twist" URI="orderService.war"/> <WebAppComponent
  Name="orderServiceDataSync" Targets="twist" URI="dataSync.war"/> </Application>
  <ApplicationManager Name="twistDomain"/> <CachingRealm BasicRealm="C2kCustomRealm"
  CacheCaseSensitive="true" Name="SoeCachingRealm"/> <CustomRealm ConfigurationData="IgnorePrincipals=system,Administrators,everyone,guest,SoeUsers,admin;GroupName=SoeUsers"
  Name="C2kCustomRealm" RealmClassName="com.qwest.wireless.soe.security.C2kSecurityRealm"/>
  <EmbeddedLDAP Credential="{3DES}fEhMlTXHx3AEUUOg/nNBOWobvlCzwMdsztHoPLEE5Kc="
  Name="twistDomain"/> <FileRealm Name="wl_default_file_realm"/> <JDBCConnectionPool
  DriverName="oracle.jdbc.driver.OracleDriver" InitialCapacity="1" MaxCapacity="5"
  Name="dataSyncPool" Properties="user=portal7;password=portal7;dll=ocijdbc8;protocol=thin"
  Targets="twist,twist" TestConnectionsOnReserve="true" TestTableName="dual" URL="jdbc:oracle:thin:@pcsdev05:1521:soews104"/>
  <JDBCConnectionPool DriverName="oracle.jdbc.driver.OracleDriver" InitialCapacity="1"
  MaxCapacity="5" Name="jmsPool" Properties="user=jmstore;password=jmstore;dll=ocijdbc8;protocol=thin"
  Targets="twist" TestConnectionsOnReserve="true" TestTableName="dual" URL="jdbc:oracle:thin:@pcsdev05:1521:soews104"/>
  <JDBCConnectionPool DriverName="oracle.jdbc.driver.OracleDriver" InitialCapacity="1"
  MaxCapacity="10" Name="oracleCommercePool" Properties="user=portal7;password=portal7;dll=ocijdbc8;protocol=thin"
  Targets="twist" TestConnectionsOnReserve="true" TestTableName="dual" URL="jdbc:oracle:thin:@pcsdev05:1521:soews104"/>
  <JDBCConnectionPool DriverName="oracle.jdbc.driver.OracleDriver" InitialCapacity="1"
  MaxCapacity="20" Name="oraclePool" Properties="user=supdt;password=supdt;dll=ocijdbc8;protocol=thin"
  Targets="twist" TestConnectionsOnReserve="true" TestTableName="dual" URL="jdbc:oracle:thin:@pcsdev05:1521:soews104"/>
  <JDBCConnectionPool DriverName="oracle.jdbc.driver.OracleDriver" InitialCapacity="1"
  MaxCapacity="5" Name="pdb" Properties="user=supdt;password=supdt;dll=ocijdbc8;protocol=thin"
  RefreshMinutes="2" Targets="twist" TestConnectionsOnReserve="true" TestTableName="dual"
  URL="jdbc:oracle:thin:@pcsdev05:1521:soews104"/> <JDBCConnectionPool ConnLeakProfilingEnabled="false"
  DriverName="oracle.jdbc.driver.OracleDriver" EnableResourceHealthMonitoring="true"
  InitialCapacity="1" JDBCXADebugLevel="0" KeepLogicalConnOpenOnRelease="false"
  KeepXAConnTillTxComplete="false" MaxCapacity="5" Name="rtma" NeedTxCtxOnClose="false"
  NewXAConnForCommit="false" PrepStmtCacheProfilingEnabled="false" PrepStmtCacheProfilingThreshold="10"
  PreparedStatementCacheSize="10" Properties="user=rtma;password=rtma;dll=ocijdbc8;protocol=thin"
  RecoverOnlyOnce="false" RefreshMinutes="2" SqlStmtMaxParamLength="10" SqlStmtParamLoggingEnabled="false"
  SqlStmtProfilingEnabled="false" Targets="twist" TestConnectionsOnReserve="true"
  TestTableName="dual" URL="jdbc:oracle:thin:@pcsc2k:1521:rtmatst" XAEndOnlyOnce="false"/>
  <JDBCDataSource JNDIName="jmsPool" Name="jmsPool" PoolName="jmsPool" Targets="twist"/>
  <JDBCDataSource JNDIName="oraclePool" Name="oraclePool" PoolName="oraclePool"
  Targets="twist"/> <JDBCDataSource JNDIName="oracleProductCatalogPool" Name="pdbsource"
  PoolName="pdb" Targets="twist"/> <JDBCDataSource JNDIName="oracleRtmaPool" Name="rtmasource"
  PoolName="rtma" RowPrefetchEnabled="false" RowPrefetchSize="48" StreamChunkSize="256"
  Targets="twist"/> <JDBCTxDataSource JNDIName="weblogic.jdbc.jts.commercePool"
  Name="commercePool" PoolName="oracleCommercePool" Targets="twist"/> <JDBCTxDataSource
  JNDIName="weblogic.jdbc.jts.dataSyncPool" Name="dataSyncPool" PoolName="dataSyncPool"
  Targets="twist,twist"/> <JDBCTxDataSource EnableTwoPhaseCommit="true" JNDIName="txOraclePool"
  Name="txOraclePool" PoolName="oraclePool" Targets="twist"/> <JMSJDBCStore ConnectionPool="jmsPool"
  Name="RebateMsgStore" PrefixName="rebate"/> <JMSServer Name="SoeJMSServer" Store="RebateMsgStore"
  Targets="twist"> <JMSQueue JNDIName="SoeOrderResubmit" Name="OrderResubmitJMSQueue"
  StoreEnabled="false"/> <JMSQueue JNDIName="SoeOrderSubmit" Name="OrderSubmitJMSQueue"
  StoreEnabled="false"/> <JMSQueue JNDIName="SoeReferenceDataRefresh" Name="ReferenceDataJMSQueue"
  StoreEnabled="false"/> <JMSQueue JNDIName="SoeTransactionHistoryLog" Name="TransactionHistoryLogJmsQueue"
  StoreEnabled="false"/> <JMSQueue JNDIName="CCARefundSubmit" Name="TuxServicesJMSQueue"
  RedeliveryDelayOverride="30000" StoreEnabled="true"/> <JMSTopic JNDIName="SoeFailoverReload"
  Name="FailoverReloadTopic" StoreEnabled="false"/> </JMSServer> <JTA Name="twistDomain"
  TimeoutSeconds="120"/> <Log FileCount="14" FileMinSize="1" FileName="logs/domain.log"
  Name="twistDomain" NumberOfFilesLimited="true" RotationType="byTime"/> <PasswordPolicy
  LockoutDuration="15" LockoutThreshold="4" Name="wl_default_password_policy"/>
  <Realm CachingRealm="SoeCachingRealm" FileRealm="wl_default_file_realm" Name="soe_security_realm"/>
  <SNMPAgent Name="twistDomain"/> <Security CompatibilityMode="true" Name="twistDomain"
  PasswordPolicy="wl_default_password_policy" Realm="soe_security_realm" RealmSetup="true"/>
  <SecurityConfiguration Credential="{3DES}x9Dc91liWeYhTCNCdL6p4XSuwuE/vQYuxUx00OHkQfou++Nz7ir8dA5r54wIVykPJ9ELRmVMKEUYFP33OWI2AyxwRZpHGZWv"
  Name="twistDomain"/> <Server Name="blank"> <COM Name="blank"/> <ExecuteQueue Name="default"/>
  <IIOP Name="blank"/> <JTAMigratableTarget Cluster="" Name="blank" UserPreferredServer="blank"/>
  <JTARecoveryService Name="blank"/> <KernelDebug Name="blank"/> <Log Name="blank"/>
  <SSL Name="blank"/> <ServerDebug Name="blank"/> <ServerStart Name="blank"/> <WebServer
  Name="blank"/> </Server> <Server ListenPort="4501" Name="twist" ServerVersion="7.0.1.0"
  TransactionLogFilePrefix="tlogs/"> <COM Name="twist"/> <ExecuteQueue Name="default"
  ThreadCount="15"/> <IIOP Name="twist"/> <JTAMigratableTarget Cluster="" Name="twist"
  UserPreferredServer="twist"/> <JTARecoveryService Name="twist"/> <KernelDebug
  Name="twist"/> <Log FileCount="14" FileMinSize="1" FileName="logs/twist.log" Name="twist"
  NumberOfFilesLimited="true" RotationType="byTime"/> <SSL ListenPort="4502" Name="twist"/>
  <ServerDebug Name="twist"/> <ServerStart Name="twist"/> <WebServer LogFileName="logs/access.log"
  LogRotationPeriodMins="1440" LogRotationType="date" LoggingEnabled="true" Name="twist"/>
  </Server> <StartupClass ClassName="com.qwest.wireless.soe.services.ejb.C2kTransactionHistoryQueueRefreshStartup"
  Name="C2kTransactionHistoryLogging queue refresh scheduler startup class" Targets="twist"/>
  <StartupClass ClassName="com.qwest.wireless.soe.services.ejb.C2kServiceReportStartup"
  Name="MyStartup Class" Targets="twist"/> <StartupClass ClassName="com.qwest.wireless.soe.referenceData.ejb.ReferenceDataStartup"
  Name="ReferenceDataStartupClass" Targets="blank"/> <WLECConnectionPool MaximumPoolSize="5"
  MinimumPoolSize="1" Name="ProductAvailabilityPool" PrimaryAddresses="//pcsdev50:14502"
  Targets="twist" WLEDomain="PA_WLE_JAVA"/> <WLECConnectionPool FailoverAddresses="//sia-co5:31011"
  MaximumPoolSize="5" MinimumPoolSize="1" Name="SIAWLECConnectionPool" PrimaryAddresses="//sia-co6:31011"
  Targets="twist" WLEDomain="SIA_DASC"/> <WTCServer Name="twist" Targets="twist">
  <WTCExport EJBName="com.qwest.wireless.soe.tuxedoServices.ejb.TuxCCAAdapter" LocalAccessPoint="TWIST_DOM"
  Name="Refund" ResourceName="CCA_REFUND"/> <WTCImport LocalAccessPoint="TWIST_DOM"
  Name="C2k_1" RemoteAccessPointList="TWISTELINK1,TWISTELINK2" ResourceName="ASMBLR_SOE"/>
  <WTCImport LocalAccessPoint="TWIST_DOM" Name="C2k_2" RemoteAccessPointList="TWISTELINK2,TWISTELINK1"
  ResourceName="ASMBLR_SOE"/> <WTCLocalTuxDom AccessPoint="TWIST_DOM" AccessPointId="TWIST_DOM"
  BlockTime="70" ConnectionPolicy="ON_DEMAND" Interoperate="Yes" NWAddr="//nexus:4503"
  Name="TWIST_DOM" Security="NONE"/> <WTCRemoteTuxDom AccessPoint="TWISTELINK1"
  AccessPointId="TWISTELINK1" LocalAccessPoint="TWIST_DOM" NWAddr="//pcsdev53:14548"
  Name="TWISTELINK1"/> <WTCRemoteTuxDom AccessPoint="TWISTELINK2" AccessPointId="TWISTELINK2"
  LocalAccessPoint="TWIST_DOM" NWAddr="//nowhere:9999" Name="TWISTELINK2"/> </WTCServer>
  </Domain>
  Cheers Philipp

  Hi Karol,
  thanks for your answer.
  I also had this SP synchronization issue regarding other problems with the execution of web templates. See my post <a href="https://forums.sdn.sap.com/thread.jspa?threadID=209587">https://forums.sdn.sap.com/thread.jspa?threadID=209587</a>.
  I will once again ask the basis team, if the two SP-levels are identical.
  Regards,
  Philipp

• Sun LDAP & Password

  Hi im just wondering about how password are stored in sun ldap.
  Now when I view a users password in the console it is encrypted, when i change the password it also gets encrypted which is fine.
  Now my question is for example if I am querying or adding new entries in LDAP from a vb.net script can I
  1) Compare a password entered by the user on my homepage to the encrypted password in ldap
  2) If i had a new entry with password from a .net page does this automatically get encrypted ?
  Thanks in advance

  Hi Jeremy,
  here the answers to your questions:
  >My question is which system takes precedence over the password policy?
  Unfortunately there is no policy verification between the portal and your Sun One LDAP. So if you reset the password from the portal then only the portal password policies can be checked.
  >  If I wanted to do password resets from the Portal, does the portal then store only the password in its database?
  No, the password will be stored in the LDAP, but only if it also corresponds with the LDAP policies. If not, then you will get an error, but you will not see the real LDAP exception.
  > Also what would then happen if you tried to reset the password from the LDAP?
  The password in the LDAP does not have to fit to the Portal password policies. When you log in, the portal will only check if the password you tipped in is the new one in LDAP and will not check any policies.
  Hope this brings some light in,
  Robert

• Setting up LDAP for authentication to portal:default property set named "ldap

  Hi
  I am trying to implement the LDAP authentication to WebLogic Portal .Iam went
  thru the docmentation ( http://edocs.bea.com/wlp/docs40/p13ndev/users.htm#1131824).It
  mentions using the default property set named "ldap" and deploying ldapprofile.jar.My
  quenstion is:
  -Is there a way to look into the property using EBCC
  - Apart from deploying,configuring the ldapprofile.jar,do I have to do any additional
  steps in order to make my portal(say,stockportal) authenticate users from LDAP?
  -If a create my own portal,should I create a similar "ldap" property set?If so,how.
  Any suggestions/help is appreciated.Thanks
  - Mike

  Thanks Dave.
  "David Anderson" <[email protected]> wrote:
  You should be able to view the property set for LDAP through the EBCC
  if you
  have the propertysetws.jar installed in your Portal domain. This provides
  the ability for the EBCC to retrieve property set information from your
  server.
  Dave
  "mike" <[email protected]> wrote in message
  news:[email protected]...
  Hi Adrian
  Thank you for the pointers.Much appreciate it.However,one questionstill
  persists.
  What is the significance of the property set "ldap" mentioned in the
  document(http://edocs.bea.com/wlp/docs40/p13ndev/users.htm#1131824).Where
  does this property set feature vis-a-vis setting up LDAP securityrealm;does it
  mater prior to/after the setting up as mentioned in the document pointeryou just
  gave .
  Is it sufficinet that i follow the procedure to set up the LDAP oris
  there more
  to post setting,like creating a property set (similar to "ldap" orcloning
  it)
  apaprt frpom deploying ldapprofile.jar.
  Thanks.
  - Mike
  "Adrian Fletcher" <[email protected]> wrote:
  Mike,
  The documentation that covers LDAP authentication is listed under
  Weblogic
  Server rather than Weblogic Portal.
  See Configuring the LDAP Security Realm in Managing Security
  (http://e-docs.bea.com/wls/docs61////adminguide/cnfgsec.html#1071872)
  Also take a look at the FAQ - Why can't I boot WebLogic Server whenusing
  the LDAP Security Realm?
  (http://e-docs.bea.com/wls/docs61//faq/security.html#25833)
  Hope this helps,
  Sincerely,
  Adrian.
  Adrian Fletcher.
  Senior Software Engineer,
  BEA Systems, Inc.
  Boulder, CO.
  email: [email protected]
  "mike" <[email protected]> wrote in message
  news:[email protected]...
  Hi
  I am trying to implement the LDAP authentication to WebLogic Portal.Iam
  went
  thru the docmentation
  http://edocs.bea.com/wlp/docs40/p13ndev/users.htm#1131824).It
  mentions using the default property set named "ldap" and deployingldapprofile.jar.My
  quenstion is:
  -Is there a way to look into the property using EBCC
  - Apart from deploying,configuring the ldapprofile.jar,do I have
  to
  do any
  additional
  steps in order to make my portal(say,stockportal) authenticate usersfrom
  LDAP?
  -If a create my own portal,should I create a similar "ldap" propertyset?If so,how.
  Any suggestions/help is appreciated.Thanks
  - Mike

• LDAP configuration for HR Portal in dual stack EHP4 - Best Practice

  Hi Experts,
             Hello Experts,
  We are trying to use the JAVA Stack of ECC server for HR Portal i.e Dual Stack and have applied EHP4 package for ESS/MSS Appraisal. When we are trying to configure the LDAP ADS datasource through portal , we are not able to do it since ABAP datasorce file is available by default.This we are doing for HR(ESS/MSS) Portal.This is for access to the object data stored in the Active Directory.
  We have already checked note 718383.
  Also, for the scenatrio ,LDAP <-> ABAP <-> J2EE
  We have already checked sap help doc.here:
  http://help.sap.com/erp2005_ehp_04/helpdata/EN/e6/0bfa3823e5d841e10000000a11402f/frameset.htm
  What should now be the best practice to follow for configuration ? Should we go for separate Portal server or is it possible to use Java Stack of ECC server for configuration ?
  Also, LDAP <-> ABAP <-> J2EE scenario please suggest if it a best practice and we can follow the same .What are the limitations , risks and issues ? Please suggest if this has been implemented and running well in any live project .
  Are the suggestions applicable for load balanced production servers as well?
  Thanks,
  Rakesh

  Hi,
  the UME datasource must remain ABAP but you can sync the users between ABAP and LDAP using the LDAP connector:
  http://help.sap.com/saphelp_nw70ehp2/helpdata/en/48/74040175bb501ae10000000a42189b/frameset.htm
  Regards,
  Jozsef

• Problem in Synchronizing LDAP Password

  I have done every step as described in idm doc to synchronize LDAP password to IdM, but I encountered a problem when activeSync is fetching the idmpasswd attribute value from LDAP.
  In my activeSync log I have the message below:
  2006-05-29T10:12:05.209+0200: Entry skipped because object class not in "Object Classes to Synchronize" list.
  I have already added idmpasswd and userPassword attributes in 'Attributes to synchronize' list. idmpasswd is an operational attribute so it doesn't really need to be in the 'Object Classes to Synchronize' list.
  So I really wonder I am missing here!?

  The problem stated above is solved now. ActiveSync now can detect the the password change on LDAP.
  But I am stuck with another problem. I can't see how to retrieve the password. The attribute activeSync.password returns null in the activeSync form.
  Where exactly is the decypted password stored? Is there any other special configuration I am missing?

• How to pass username and password with the portal url

  i want to access portal from my web site. i have created username and password fields in my web page. when submited , my portal page should open. so how to pass username and password with the portal url.

  This is not straightforward; but it is doable.
  First tell us about your portal version; portal 10.1.4 has a slightly different method of doing it and the pre-10g portals were completely different animals.
  And if you are in AS Rel 2, then the most important document for you would probably be the following:
  [Creating Deployment Specific Pages| http://download-west.oracle.com/docs/cd/B14099_19/idmanage.1012/b14078/custom.htm#i1015535]
  You might want to use it in conjunction with some metalink notes about your portal version and such a login page.
  hope that helps!
  AMN

• How to encrypt Password while calling Portal URL from Abap

  Hi all,
  My requirement is to call portal from R/3 4.6C.  As part of it I'm calling Portal URL along with user id & Password by using the FM CALL_BROWSER. The problem here is User ID & Password are visible everyone in the URL.
  Is there any way that I can encrypt sothat it doesn't become a security issue?
  I really appreaciate for your help.
  Thanks
  Seshu

  can you please mention the abap code  by which you are sending the username and password to a portal via url.....
  are you able to log on to the portal...please share your code ......
  Edited by: Ashutosh Shukla on Apr 18, 2008 9:17 AM

• Command to View LDAP Password on Cisco ASA 5520

  Hello
  I am migrating from a Cisco ASA 5520 (ASA version 8.4(6)5 to a Cisco ASA 5585. We have LDAP issues logging into to our vpn client software. I assume the LDAP password may be incorrectly entered on the new 5585. No service password- encryption or more running:config won't show the encrypted LDAP password. What is the command to view that?
  Thanks!
  Matt

  Thankyou Jennifer for the responds.
  Could you please help me on how to enable "memberOf" attribute on AD to be pushed to ASA for the OU matching.
  i have already set the "Remote Dialin" property of user account name "testvendor" in AD as "Allow Access" .It can be shown in the debug output as below.
  [454095] sAMAccountName: value = testvendor
  [454095] sAMAccountType: value = 805306368
  [454095] userPrincipalName: value = [email protected]
  [454095] objectCategory: value = CN=Person,CN=Schema,CN=Configuration,DC=abc,DC=local
  [454095] msNPAllowDialin: value = TRUE
  [454095] dSCorePropagationData: value = 20111026081253.0Z
  [454095] dSCorePropagationData: value = 20111026080938.0Z
  [454095] dSCorePropagationData: value = 16010101000417.0Z
  Is their any other settings that i need to do it on AD ?
  Kindly advice
  Regards
  Shiji

• Not contain the userid as part of the password (Password Rule).

  Hi Team,
  We are using SAP Netweaver 6.40 and i am trying to set "Not contain the userid as part of the password " as part of the password rules we have and looks like this predefined SAP rule is This rule applies only in systems up to SAP R/3 4.6D.Can anyone lemme know how this rule can be manually implemented.
  Thanking you.

  Hi,
  yes you are right.
  As of Release 6. 10 (Web Application Server), this rule "Not contain the userid as part of the password "  was removed.
  check  Note 2467 - Password rules and preventing incorrect logons
  it is not possible to implement this rule manually. but you can add all userid in table USR40 as exception.
  so user can not use his userid as password. but you can only prevent that user is not used his userid as password ,
  the requirement of  not containing userid as password is not fulfill
  regards,
  kaushal
  Edited by: Kaushal Malavia on Jun 26, 2008 11:54 AM

• Customise Userid/Password rule

  HI
  I want to set my own userid/password rule to the users.As per the standard, As per the requirement userid should be like below..
  1) Only First letter should be Alphabet 
  2) Rest are Numeric.
  3) Length should be 7.
  Is it possible through configuration or I need to do some custom code ????
  Thanks
  Shashank

  Hi Shashank,
      Please check this link.
  http://help.sap.com/saphelp_nw04s/helpdata/en/43/3d77734ae830f3e10000000a11466f/frameset.htm
  Regards,
  Siva
  P.S: Award points if you find this useful.

• Disable password expiry in Portal V2

  Hello,
  Is it possible to disable password expiry in Portal V2 (ias902).
  I do not password to expire for some users at all.
  Thanks,
  Ritendra.

  Hi Kaustubh,
  Refer this link:
  how to disable the "change of password" field in login page of SAP portal?
  Regards,
  jithin

• Password Rules for BCC

  Hi All,
  I need to setup password rules for BCC login, create users in BCC, ACL for different users, prompting to change password automatically in 2 months.
  Please some one throw light on this configuration.
  Regards,
  DKAP
  Edited by: DKAP on Feb 19, 2013 6:30 PM

  For setting up password rules for BCC login -
  In your Merchandising module there is a component - config\atg\userprofiling\passwordchecker\InternalPasswordRuleChecker , enable it and it could be configured to add OOB rules and your own custom rules
  # Enable/Disable the strong password rule checking functionality
  enabled=true
  rules=/atg/userprofiling/passwordchecker/PasswordMinLengthRule,\
       /atg/userprofiling/passwordchecker/PasswordMustIncludeNumberRule,\
       /atg/userprofiling/passwordchecker/PasswordNotInPreviousNRule,\
  /atg/userprofiling/passwordchecker/MyProjectPasswordRule
  Create users in BCC -
  This is easily done via BCC under InternalUsers tab, where the internal users can be created or edited
  ACL for different users -
  you can always do it by assigning different roles to different internal users depending upon what screen access you want to give to internal users. New roles can also be created
  Prompting to change password automatically in 2 months -
  There is a component (\config\atg\userprofiling\InternalProfileFormHandler) that handles the account related functionalities such as login, change password etc for internal users, so override this component as follow,
  $class=yourPackage.InternalProfileFormHandler (extending the ATG ProfileFormHandler class)
  profileTools=/atg/userprofiling/InternalProfileTools
  Now there is a property in userProfile named lastPasswordUpdate , so you can override the handleLogin method in your class and check for the lastPasswordUpdate property, if password is more than 2 months old then you can redirect internal user to the change password jsp.