Portal Password Reset - Active Directory - Urgent
Friends
We are using SAP Portal 6.0 SP 18. The Portal UME data source has been configured with Microsoft ADS.
Now we have an requirement to change the user Password in the Active Directory from the Portal.
How can we achieve this...? I am OK even to do some development for this.
Please let me know the mechanism.
You can use the UME API to change your own password on a Microsoft Active Directory server, but before that please see the SAP note 876938. Also please see the SAP note 613577, this note have an attachment, it is very helpful. Useful blog <a href="https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/1789">User management API in WebDynpro</a> for how to use UME API's.
Regards,
Nitin
Similar Messages
-
Issue with Reset Password from Active Directory Integration Pack
I seem to be having some issues with a subscription in the Reset Password activity from the Active Directory Integration Pack. The "User Password" field refuses to take a value from a subscription provided earlier in a Generate Random
Text activity. As you will see in the screenshot below, when the Reset Password activity runs, the User Password value is blank.
Any idea why this might be happening? It looks like a possible bug with the Active Directory Integration Pack.Hi John,
I think this is not a bug, this should be by design because the password is a secure string. If you look for the Published data for Reset User Password activity at
http://technet.microsoft.com/en-us/library/hh553463.aspx it is not listed there as well.
If you need the the string (e.g. to send it via email) use the
data from the "Generate Random Text" Activity.
Regards,
Stefan
www.sc-orchestrator.eu ,
Blog sc-orchestrator.eu -
Hi All,
My scenario wants an automated process where the users can reset their own password. Do you know if the user password reset on the logon page is a automated process? Does the email with password go directly to the user or the email goes to the administrator and then the administrator has to reset the password? Do I need to configure the SMTP in my client system for this? If so can you give the steps involved for configuring SMTP?
I have configured SMTP server by logging as Administrator in portal -> System Admin -> Sys Confgiruation ->
Universal Worlist & Workflow -> Engine and gave the notification email as 'JavaMail'.
The again portal -> System Admin -> Sys Confgiruation ->
Universal Worlist & Workflow -> Email edit it gave the Host name as my SMTP mail server name. I checked my mail server through telner <mail server> 25 and it is opening in command prompt. Am I missing anything here in SMTP configuaration. Fileds like Pop3 User and Pop3 Password I wanted to leave as blank but when I click save in Portal , it self add some encrypted values.
can Anybody has done the above scenario.Its urgent.
I have read on help.sap.com and it looks like it sends an email to administrator and then the administrator resets the user password. Is my understanding correct on the above.
Can anyone provide me a step by step approach on the same.
Suitable answers will be rewarded definitely.
Regards,
Narayanan BI found some information about this on SDN and on the help.sap.com site that might help:
First look at:
Change/Reset password option on the login page
and:
Password Reset
Then check here:
http://help.sap.com/saphelp_nw04/helpdata/en/52/4c6c3e58d0d064e10000000a114084/frameset.htm
and look at the description for: <b>ume.logon.logon_help</b> -
Problem during the changing of Password in Active Directory
Hello All !
I am facing a problem during the password modification
in active directory, i got the same exception as other are getting i.e
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002077: SvcErr: DSID-03190959, problem 5003 (WILL_NOT_PERFORM), data 0
Can any body help me how i will come to know that 128 bit
Encryption is done successfully. Although i Installed the MS High Encryption Pack but it's registry is not done in Conrol Panel.
is this a problem(as i think) ?
I am giving the code please check it out->
import java.util.Hashtable;
import javax.naming.*;
import javax.naming.ldap.*;
import javax.naming.directory.*;
//import java.io.*;
//import javax.net.ssl.*;
//import java.security.*;
import java.io.UnsupportedEncodingException;
public class setpassword
public static void main (String[] args)
Hashtable env = new Hashtable();
String adminPassword = "";
String userName = "ou=MCA,ou=Trainee,dc=ControlsNet,dc=local";
String newPassword = "yadav";
String keystore = "D:\\j2sdk1.4.2_12\\jre\\lib\\security\\cacerts";
System.setProperty("javax.net.ssl.trustStore",keystore);
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,"[email protected]");
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
env.put(Context.SECURITY_PROTOCOL,"ssl");
String ldapURL = "ldap://gateway.ControlsNet.local:636/";
env.put(Context.PROVIDER_URL,ldapURL);
try {
LdapContext ctx = new InitialLdapContext(env,null);
ModificationItem[] mods = new ModificationItem[1];
String newQuotedPassword = "\"" + newPassword + "\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
ctx.modifyAttributes(userName, mods);
System.out.println("Reset Password for: " + userName);
ctx.close();
catch (NamingException e) {
System.out.println("Problem resetting password: " + e);
catch (UnsupportedEncodingException e) {
System.out.println("Problem encoding password: " + e);
Please reply me immideiately as soon as you see this problem.
I think some of u already solved this problem. thanks in advance.Believe it or not, looks similar to the problem in the post http://forum.java.sun.com/thread.jspa?threadID=580113&tstart=0
More unbelievable is the huge security hole in your network !String adminPassword = "";
env.put(Context.SECURITY_PRINCIPAL,"[email protected]");
env.put(Context.SECURITY_CREDENTIALS,adminPassword);An administrator with a blank password !
The ldap standard (rfc 2251) defines an anonymous user as a user with a null passsword. By default, Active Directory does not allow anonymous users to perform searches against the directory, let alone reset a user's password. -
Portal Password Reset Application In webdynpro for ABAP
Hello Friends,
I am new to WDA . I want to create a Password Reset application in WDA like this
[http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/f0c09b9d-52e0-2d10-3981-86bfa8e19dc3?quicklink=index&overridelayout=true]
Can someone pls give the solution , how to start??
Thanks in advance
HimaniI am afraid that this is not going to be possible for you. From WebDynpro for ABAP, you do not have portal API's to do that.
May be an idea ,If you have SSO in place you could try to call some FM's in r3 side to change the password in r3 system and this would synchronize the UME in portal. -
Portal password reset page text changes
Hello Experts,
We are using Portal 7.02 SP13. We use the standard password reset tool for allowing users to reset their passwords.
On the logon page there is a link Get Support which the user clicks to reset his/her password.
Following this user sees the below where they select the option Password Reset and click Submit button.
We want to change the text Are you a suuplier having trouble logging in?
I have tried looking in the portal logon page PAR file to locate this text in some properties file, but a unable to locate it. Where do I find this text? Is it present within the logon page PAR or is there some other component within which I can find this?
Regards,
SaurabhHello Experts,
In the logon page PAR file I am able to find a JSP page umHelpPage.jsp which contains this line
<div class="urTxtH3" tabindex=0><%=logonLocale.get("HAVE_TROUBLE")%></div>
and when I do a View Source from the Password Reset page I can see the below line
<div class="urTxtH3" tabindex=0>Are you a suuplier having trouble logging in?</div>
I have looked at the logonLabels.properties and logonLabels_en.properties files under the umlogonbase.jar file within the portal logon PAR file, but for the key HAVE_TROUBLE I can see the text "Having trouble logging in?".
Howevert at runtime I see the text "Are you a suuplier having trouble logging in?", does this mean that this text is not getting picked up from the logon page PAR file?
Regards,
Saurabh -
Change (or add) a password to Active Directory with Java and JNDI
I've create a new account in LDAP with attributs, It's ok. But a can't initialize the password, i've tryed some samples without result.
Maybe it's a SSL problem (i don't know why, i read it somewhere).
my code :
import java.util.*;
import java.io.*;
import java.net.*;
import javax.naming.Context;
import javax.naming.NameAlreadyBoundException;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.ModificationItem;
public class addUser {
private static final String UNICODE = "Unicode";
private static final String UNICODE_PASSWORD = "unicodePwd";
public addUser() {}
private Hashtable env;
private DirContext ctx;
private void _initialize()
String jndiURL = "ldap://DOMAINSRV:389/";
String initialContextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
String authenticationMode = "simple";
String contextReferral = "ignore";
String principal = "[email protected]";
String credentials = "oce";
env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory);
env.put(Context.PROVIDER_URL, jndiURL);
env.put(Context.SECURITY_AUTHENTICATION, authenticationMode);
env.put(Context.SECURITY_PRINCIPAL, principal);
env.put(Context.SECURITY_CREDENTIALS, credentials);
env.put(Context.REFERRAL, contextReferral);
public boolean createUser()
try
ctx = new InitialDirContext(env);
ctx.destroySubcontext("cn=FBXX,cn=users,DC=gedeon,DC=fr");
BasicAttributes attrs = new BasicAttributes();
BasicAttribute ocs = new BasicAttribute("objectclass");
ocs.add("user");
attrs.put(ocs);
BasicAttribute sa = new BasicAttribute("sAMAccountName", "FBXX");
attrs.put(sa);
BasicAttribute na = new BasicAttribute("name", "FRANCOIS BERTOUX");
attrs.put(na);
BasicAttribute sn = new BasicAttribute("sn", "BERT");
attrs.put(sn);
BasicAttribute up = new BasicAttribute("userPrincipalName", "[email protected]");
attrs.put(up);
BasicAttribute ua = new BasicAttribute("userAccountControl", "512");
attrs.put(ua);
BasicAttribute dn = new BasicAttribute("displayName", "FRA BERT");
attrs.put(dn);
BasicAttribute gn = new BasicAttribute("givenName", "FRA");
attrs.put(gn);
BasicAttribute des = new BasicAttribute("description", "CECI EST MON TEST");
attrs.put(des);
BasicAttribute cp = new BasicAttribute("codePage", "0");
attrs.put(cp);
BasicAttribute cc = new BasicAttribute("countryCode", "0");
attrs.put(cc);
BasicAttribute it = new BasicAttribute("instanceType", "4");
attrs.put(it);
ctx.createSubcontext("cn=FBXX,cn=users,DC=gedeon,DC=fr", attrs);
changePassword ("cn=FBXX,cn=users,DC=gedeon,DC=fr", "TOTO" , "FBX");
ctx.close();
catch (NameAlreadyBoundException nex)
System.out.println("User ID is already in use, please select a different user ID ...");
catch (Exception ex)
System.out.println("Failed to create user account... Please verify the user information...");
ex.printStackTrace();
return true;
public final void changePassword(
String argRDN,
String argOldPassword,
String argNewPassword)
throws NamingException
ModificationItem modificationItem[] = new ModificationItem[2];
try
modificationItem[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE,new BasicAttribute("unicodePwd",(byte[])this.encodePassword(argOldPassword)));
modificationItem[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE,new BasicAttribute("unicodePwd",(byte[])this.encodePassword(argNewPassword)));
catch (UnsupportedEncodingException e1)
System.out.println("changePassword(String argOldPassword, String argNewPassword)" +
"Passwordchange failed: " + e1.toString());
throw new RuntimeException(e1.toString());
try
ctx.modifyAttributes(argRDN, modificationItem);
catch (NamingException e1)
System.out.println(
"changePassword(String argOldPassword, String argNewPassword)" +
"Passwordchange failed : " + e1.toString());
throw e1;
private byte[] encodePassword(String pass) throws UnsupportedEncodingException
final String ATT_ENCODING = "Unicode";
// Agree with MS's ATTRIBUTE_CONSTRAINT
String pwd = "\"" + pass +"\"";
byte bytes[] = pwd.getBytes(ATTENCODING);
// strip unicode marker
byte bytes[] = new byte [_bytes.length - 2];
System.arraycopy(_bytes, 2, bytes, 0,_bytes.length - 2);
return bytes;
public static void main(String[] args)
addUser testUser = new addUser();
testUser._initialize();
testUser.createUser();
And the result is :
changePassword(String argOldPassword, String argNewPassword)Passwordchange failed : javax.naming.OperationNotSupportedException: [LDAP: erro
r code 53 - 00002077: SvcErr: DSID-03190ADF, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'cn=FBXX,cn=users,DC=gedeon,DC=fr'
Failed to create user account... Please verify the user information...
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002077: SvcErr: DSID-03190ADF, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'cn=FBXX,cn=users,DC=gedeon,DC=fr'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2804)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2677)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2483)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1285)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:253)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:170)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:159)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:144)
at addUser.changePassword(addUser.java:129)
at addUser.createUser(addUser.java:92)
at addUser.main(addUser.java:167)
And with "userPassword" no error but no change.
Please, help.
ThanksHello!
I have a new variant of the set password problem, and as i did not get any longer with a big running application i wrote a small standalone program to connect to an Active Directory server, and, hm, it works! I can login with a account which has administrator priveledges, i can set passwords, works fine, unless, and now it gets a little bit curious, unless i change the VM.
Everything works fine with a jdk 1.5.0_07, but if i switch over to the fine new 1.6.0_16, the login works still but the change of a password leads to a not so fine javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0.
As i use the same cacerts file, i do not really understand what is failing here, anyone who has an idea? -
Changing user password in Active Directory using the JNDI GSS-API/Kerberos5
Hello,
I am trying to the JNDI GSS-API to change a user password on an Active Directory Server 2003. I have seen a variation of this using SSL on the thread [*http://forums.sun.com/thread.jspa?threadID=592611&start=0&tstart=0*|http://forums.sun.com/thread.jspa?threadID=592611&start=0&tstart=0]
but I can't seem to make this work using the GSS-API. I can successfully create a javax.security.auth.login.LoginContext.LoginContext and then call the login method on it to log in as a user. I then call the javax.security.auth.Subject.doAs() method which calls the run method in a class extending the javax.security.PrivilegedActionClass. But when I actually try to change the password using InitialDirContext.modifyAttributes(), I get the exception:
*javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002077: SvcErr: DSID-03190DC9, problem 5003 (WILL_NOT_PERFORM), data 0*
*If anyone can help me figure out why it doesn't work, that would be great!*
P.S: I know the error seems to suggest that there might be some active directory setting that is preventing this from working, but I've checked all relevant settings on the Windows 2003 server Active Directory that I can think of: In the User properties->Account->Account options, I've made sure the user can change password. Also, in the Group Policy->Computer Configuration->Windows Settings->Security Settings->Account Policies->Password Policy, Maximum password age is zero and so is minimum password age.
Here's my java code:
{code}import javax.naming.*;
import javax.security.auth.*;
import java.security.PrivilegedAction;
import java.io.UnsupportedEncodingException;
public void changeSecret((String uid, String oldPassword, String newPassword)
throws NamingException, ACException{
try {
K5CallbackHandler cb = new K5CallbackHandler(uid, oldPassword);
LoginContext lc = new LoginContext("marker", cb);
lc.login();
Subject.doAs(lc.getSubject(), new ChangePasswordAction(rz.getName(), oldPassword, newPassword));
catch(LoginException e) {
try {
lc.logout();
catch(LoginException e) {
}ChangePasswordAction.java is:import javax.naming.*;
import javax.naming.naming.directory.*;
import java.io.UnsupportedEncodingException;
private class ChangePasswordAction implements PrivilegedAction {
private String uid;
private String quotedOldPassword;
private String quotedNewPassword;
public ChangePasswordAction(String uid, String oldPassword, String newPassword) {
this.uid = uid;
quotedOldPassword = "\"" + oldPassword + "\"";
quotedNewPassword = "\"" + newPassword + "\"";
public Object run() {
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://ad2k3:389");
env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
try {
DirContext ctx = new InitialDirContext(env);
ModificationItem[] mods = new ModificationItem[2];
byte[] oldPasswordUnicode = quotedOldPassword.getBytes("UTF-16LE");
byte[] newPasswordUnicode = quotedNewPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldPasswordUnicode));
mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newPasswordUnicode));
ctx.modifyAttributes(uid, mods);
ctx.close();
} catch (NamingException e) {
} catch (UnsupportedEncodingException e) {
return null;
}K5CallbackHandler is:import javax.security.auth.callback.*;
final class K5CallbackHandler
implements CallbackHandler {
private final String name;
private final char[] passwd;
public K5CallbackHandler(String nm, String pw) {
name = nm;
if(pw == null) {
passwd = new char[0];
else {
passwd = pw.toCharArray();
public void handle(Callback[] callbacks)
throws java.io.IOException, UnsupportedCallbackException {
for(int i = 0; i < callbacks.length; i++) {
if(callbacks[i] instanceof NameCallback) {
NameCallback cb = (NameCallback) callbacks;
cb.setName(name);
else {
if(callbacks[i] instanceof PasswordCallback) {
PasswordCallback cb = (PasswordCallback) callbacks[i];
cb.setPassword(passwd);
else {
throw new UnsupportedCallbackException(callbacks[i]);
}The relevant entry in the JAAS.conf file that is referred to as "marker" in the LoginContext constructor is:
marker {
com.sun.security.auth.module.Krb5LoginModule required client=TRUE;This is one of the two Active Directory operations I have never solved using Java/JNDI. (FYI the other one is Cross Domain Move).
My gut feel is that the underlying problem (which happens to be common to both Change Password & X-Domain Move) is that Java/JNDI/GSSAPI does not negotiate a sufficiently strong key length that allows Active Directory to change passwords or perform cross domain moves when using Kerberos & GSSAPI.
Active Directory requires at a minimum, 128 bit key lengths for these security related operations.
In more recent Kerberos suites and Java versions, support for RC4-HMAC & AES has been introduced, so it may be possible that you can negotiate a suitably string key length.
Make sure that your Kerberos configuration is using either RC4-HMAC or AES and that Java is requesting a strong level of protection. (You can do this by adding //Specify the quality of protection
//Eg. auth-conf; confidentiality, auth-int; integrity
//confidentiality is required to set a password
env.put("javax.security.sasl.qop","auth-conf");
//require high strength 128 bit crypto
env.put("javax.security.sasl.strength","high"); in your ChangePasswordAction class.
You may also want to enable sasl logging in your app to see what exactly is going on and you may also want to check on the Java Security forum how to configure/enforce/check both RC4-HMAC or AES is used as the Kerbeos cipher suite and that a string key length is being used.
Good luck. -
How to change password in Active Directory from a Mac
When loggin into Active Directory I can enter my password without a problem, but I am required to change it periodically and I can't see an option for changing the password. Does anyone have experience with this on their Mac when accessing Active Directory?
ThanksIn the accounts section of system preferences there should be a Change Password… button next to to your account picture. That's how we do it in Tiger, but it should work in Leopard too.
-
Problems with OSX ja Active Directory (urgent!)
Hello, I'm newbie Mac user and I have a problem with integrating OSX to our company MS Active Directory. This MacBook Pro is a only Apple here, so this is quite difficult...
So far I have made following things:
- I made "Bind" succesfull (it pings from others computers and I can see it from AD tools)
- to AD account I changed my profile to include home folder (\\Adserver\user.account$). When I log on to AD via PC, home folders etc. are done with Logon script (Logon.bat) and I can see those shared folder fine.
- then I rebooted my Mac and on logon screen there is option Other --> there I input my AD username and password. After that OSX log in normally.
- But on Dock there is no Home folder, there is only a big question mark (?) and it says "User X X network home folder" (or something like that). And there is nothing behind this ?-mark
- I have checked from Gerberos that I have a valid ticket to AD-server
I have also tried to map network folder (apple + K), but there will error message that "Server couldn't reach, because user name or password is wrong"
I have spend a couple of days to solve this problem, but nothing seems to solve it. Could someone please help me? I really need those shared folders (yes, there are at leat two I need from AD), because on those folder are documents that I need daily at my work.
thanks,
-zooropa
MacBook Pro Mac OS X (10.4.5)My admin username of Mac is "firstnamesurname" and AD account is "firtsname.surname". So the "dot" is only difference. Is that enough?
I made binding with Mac admin account and after that I used "other" on login screen of OSX. As I wrote, I can login fine with AD username and password, but the problem is that I can't map home folders from Windows Server 2003. -
Error when synchronising data with Active Directory - URGENT
Hi,
We are currently running on ECC 6, and have a CUA implemented. I am attempting to synch my user data on the CUA with the Active Directory, I'm only updating the SAP database and not writing back to AD.
I have mapped the fields in LDAPMAP, and using the find function through transaction LDAP I'm able to read the data for the relevant fields so the AD user id does have the correct read access to AD
However when I run the RSLDAPSYNC_USER program, the user is created but only the Surname field is populated. Does someone perhaps now what could cause this problem?
Thanks in advance
SujeetI think I know what you're problem may be.. There is a hard limit or 1000 results for a LDAP search against active directory. And I think you're hitting this limit. One way to test is to narrow your search to one small OU with only 10 users in the OU.
This setting can be changed at the controller and is called "MaxValRange". here's a link to more info <a href="http://support.microsoft.com/kb/315071">http://support.microsoft.com/kb/315071</a>
Before you make this change on your domain controller I'd try narrowing the search to a single OU first. -
Portal Authentication using Active Directory
I am trying to set up authentication using Active Directory. Can anyone provide me with instructions on what to do ? I know that I have to go to System Admin - > System Configuration - > UM configuration and change the Data Source. What else do I need to do...How do specify which domain to authenticate against. Do I have to change the XML file. Please help.
It depends on what you wanna do with the AD server. If you want to read/write on the AD then you have to first setup SSL connection between the two boxes.Else if you just want to read from AD server you don't require a SSL connection. Then you have to select the hierarchy type in the System Admin - > System Configuration - > UM configuration. Save.
Next thing you do is to open the config tool and modify your xml file accordingly.
And restsart the server.
Hope this helps.
Regards,
Hassan -
Portal: Password reset and unlock User via UME?
I'm new to Portal and SAP. I'm trying to find options to have a username unlocked and password sent to user based on a userid from our Portal logon page.
The end user needs only to know their user ID, and based on this user ID I need their username to be unlocked, and a temporary password to be emailed to them (Looked up from their user ID via Database)
From what I've been reading UME can do this, but when I look into configuration of it I'm not seeing anything that can define this to show up on the Portal logon page. Does this have to be developed and built in or linked as a separate page or is there a prefab one made already(nothing I could find showed evidence of this, although the documentation regarding UME hinted at this)?
The end user doesn't need to answer security questions because to get access to the portal they already have to be on my secured network.
Any help would be great!
Edited by: Andrew Urban on Aug 7, 2008 12:09 AM
Edited by: Andrew Urban on Aug 7, 2008 12:10 AM
Edited by: Andrew Urban on Aug 7, 2008 12:16 AMAndrew,
This link might help explain what is possible with SAP Portal in terms of allowing the user to reset their password from the logon screen.
http://help.sap.com/saphelp_nw04s/helpdata/en/45/7e6313d8780dece10000000a11466f/frameset.htm
As for allowing a user to unlock their account from the logon page, there is no such functionality that I know of. This would need to be developed. We are doing something similar. In our case, we are developing a module that allows user to retreive their user ID if they forget it. This also is not functionality that SAP provides. The user can specify their email address, and it emails them their user ID. This is being developed in Web Dynpro for Java utilizing the UME APIs.
- Andrew Castillo -
after upgraded to windows 2008 server, our mac os x wiki server can't authenticate user password anymore. How can I re-bind the wiki server to the AD again? thanks in advance.
Solved it by deleting the user and creating a new one with the same userID.
Maybe it occured because I marked the "user has to change password after first login" box when resetting the password but didn't yet allow him to do so in the webpages menu?!? -
Change password in Active Directory using the JNDI GSS-API/Kerberos
Hi
I am trying to the JNDI GSS-API to change a user password.
When I actually try to change the password using ctx.modifyAttributes(userName, mods), I get the exception:
09:39:38,163 ERROR [STDERR] javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 ]; remaining name 'CN=USER,OU=Usuarios,DC=testead,DC=br'
Here's my java code:
public class ChangePasswordLDAPCommand implements Command {
static Logger logger = Logger.getLogger(ChangePasswordLDAPCommand.class.getName());
@SuppressWarnings("unchecked")
public boolean execute(org.apache.commons.chain.Context context) throws ApplicationException {
logger.info("Início - execute");
try {
CoreConfig config = CoreConfig.getInstance();
String userName = config.getProperty(CoreConfig.PARAM_CONFIG_LDAP_ADMIN_NAME);
char[] password = config.getProperty(CoreConfig.PARAM_CONFIG_LDAP_ADMIN_PASSWORD).toCharArray();
Subject subject = new Subject();
Krb5LoginModule krb5LoginModule = new Krb5LoginModule();
Map<String, String> map = new HashMap<String, String>();
Map<String, String> shared = new HashMap<String, String>();
map.put("com.sun.security.auth.module.Krb5LoginModule","required");
map.put("client","true");
map.put("useTicketCache","true");
map.put("doNotPrompt","true");
map.put("useKeyTab","true");
map.put("useFirstPass","true");
map.put("refreshKrb5Config","true");
logger.info(">>>>> map.toString(): "+map.toString());
shared.put("javax.security.auth.login.name", config.getProperty(CoreConfig.PARAM_CONFIG_LDAP_ADMIN_NAME));
shared.put("javax.security.auth.login.password", config.getProperty(CoreConfig.PARAM_CONFIG_LDAP_ADMIN_PASSWORD));
shared.put("javax.net.debug","SSL,handshake,trustmanager");
shared.put("sun.security.krb5.debug","true");
shared.put("com.sun.jndi.ldap.connect.pool.timeout","30000");
logger.info(">>>>> shared.toString(): "+shared.toString());
krb5LoginModule.initialize(subject, new UserNamePasswordCallbackHandler(userName,password),shared,map);
krb5LoginModule.login();
if(krb5LoginModule.commit()){
//Recupera o usuario a ser alterado
UsuarioTOLDAP usuarioTO = (UsuarioTOLDAP) context.get(CoreConfig.USUARIO_TO_LDAP);
logger.info(">>>>>>>>>>>>>>>>>>>>>> subject.toString(): "+subject.toString());
Subject.doAsPrivileged(subject, new JndiAction(usuarioTO), null);
} catch (LoginException e) {
e.printStackTrace();
} catch (PrivilegedActionException e) {
e.printStackTrace();
logger.info("Fim - execute");
return Command.CONTINUE_PROCESSING;
@SuppressWarnings("unchecked")
public class JndiAction implements java.security.PrivilegedExceptionAction{
private static Logger logger = Logger.getLogger(JndiAction.class.getName());
private UsuarioTOLDAP usuarioTOLDAP = null;
public JndiAction(UsuarioTOLDAP usuarioTO) {
this.usuarioTOLDAP = usuarioTO;
public Object run() {
performJndiOperation(usuarioTOLDAP);
return null;
@SuppressWarnings("unchecked")
private static void performJndiOperation(UsuarioTOLDAP usuarioTOLDAP){
logger.info(">>>>> entrei na JndiOperation");
try {
CoreConfig config = CoreConfig.getInstance();
String distinguishedName = "";
String keystore = "C:/Documents and Settings/user/.keystore";
System.setProperty(CoreConfig.JAVAX_NET_SSL_TRUSTSTORE,keystore);
System.setProperty("com.sun.jndi.ldap.connect.pool.timeout","30000");
System.setProperty("javax.net.debug","all");
System.setProperty("sun.security.krb5.debug","true");
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, CoreConfig.INITIAL_CONTEXT_FACTORY);
env.put(Context.PROVIDER_URL, config.getProperty(CoreConfig.PARAM_CONFIG_LDAP_URL));
env.put(Context.SECURITY_AUTHENTICATION, CoreConfig.SECURITY_PROTOCOL_GSSAPI);
env.put(Context.SECURITY_PRINCIPAL, config.getProperty(CoreConfig.PARAM_CONFIG_LDAP_ADMIN_NAME));
env.put(Context.SECURITY_CREDENTIALS, config.getProperty(CoreConfig.PARAM_CONFIG_LDAP_ADMIN_PASSWORD));
env.put(CoreConfig.JAVAX_NET_SSL_TRUSTSTORE,keystore);
env.put("javax.security.sasl.qop","auth-int");
env.put("javax.security.sasl.strength","high");
env.put("javax.security.sasl.server.authentication","true");
String userName = "CN=USER,"+config.getProperty(CoreConfig.PARAM_CONFIG_LDAP_BASE_DN);
// Cria o contexto inicial de acesso ao LDAP
//DirContext ctx = new InitialDirContext(env);
// Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,null);
//set password is a ldap modfy operation
ModificationItem[] mods = new ModificationItem[1];
//Replace the "unicdodePwd" attribute with a new value
//Password must be both Unicode and a quoted string
String newQuotedPassword = "\"" + usuarioTOLDAP.getNovaSenha() + "\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
// Perform the update
ctx.modifyAttributes(userName, mods);
ctx.close();
} catch (NamingException e1) {
e1.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}Edited by: c0m4nch3 on Jan 21, 2010 12:13 PMRefer to my response for a similar question in http://forums.sun.com/thread.jspa?threadID=5416736
Also the following may be related: http://forums.sun.com/thread.jspa?threadID=5196192
Good luck.
Maybe you are looking for
-
Best Regards I would like to know which site I can download the sample application called Pet Store, I searched the web and all links lead me to the java.net site, but can not find where to download the. jar. I appreciate the attention.
-
How do I get Word Styles to come over to PDF as Bookmarks?
Using MS 2010 Word with Adobe X......When creating a PDF from Word, I use bookmarks and styles from the word document. Only the Bookmarks (Headings) come over ..... NOT the styles (i.e., Figure and Table Titles, and all other pertinent styles that
-
Can't add connection. + sign grayed out.
Hello, I am running IIS on a remote machine on the network. My site, files, and db file is also located on this remote machine. DW CS4 is running locally. I setup the SystemDNS for the access db file. However, I am not able to create a connection to
-
Flat file upload error message
Hi Friends I have designed an infocube and when i try to load data after selecting the option of flat file upload, i get the following error message," You have no authorization for basic types(activity 03)". Please clarify what it means. regards kris
-
Oracle 11g SQL Fundamentals pass score
Hi, Can anybody confirm what the pass score is. The page (http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=41&p_exam_id=1Z0_051&p_org_id=28&lang=US) says it is 60% out of 70 questions but this page (http://www.oracle.com/glob