R/3 Users of Type system Change Passwords

Similar Messages

• How can I give an user the right to change passwords

  I'm still absolute server beginner, so I have to ask here.
  How can I give users the right to change passwords or to view calendars?
  I didn't find it, yet.
  I've found an option to change rights, when I click on the user with two fingers (right mouse button). But all options in this menue are grey.

  Hi Holger,
  These are two fundamentally different issues. I'll try to address them each. For both you will need to have OpenDirectory set up (see the Users Next Steps list in the Server app). Once that is done. Additionally you will need the Server Admin Tools 10.7. Once you have them installed, you can specify the OpenDirectory password requirements for users
  User Passwords in OpenDirectory
  On the server, open Server Admin app.
  Connect to you server, then click on the OpenDirectory service.
  Click on the Settings icon.
  Click on the Policies tab.
  Click on the Passwords sub-tab, and you can set all the criteria for password requirements here.
  Resetting Passwords
  Users must log in as network users on the client computer.
  Once logged in, to change the password, open System Preferences.
  Click on Users & Groups.
  The user icon will be a silhouette with stars in the background. This means it is a network user. Click on the Password tab at the top.
  Click the Change Password ... button to change the password.
  Calendars in iCal are much like RSS feeds: users need to subscribe to them, like we discussed in our other posting. Network users will automatically be given a network iCal calendar, and will be automatically subscribed to it. However, if you want to automatically add subscribed calendars to network user's accounts, you will need to use ProfileManager.
  On the server, open Server app.
  Click on the Profile Manager menu item.
  Make sure that iCal service is running (green indicator next to it). Click on the "Include configuration for services: ...". Make sure the iCal icon is listed there.
  Click the "Sign configuration profiles" checkbox.
  Turn Profile Manager on.
  Once Profile Manager has loaded (the gear at the bottom right will no longer be spinning), go ahead and click the Open Profile Manager link.
  Log into Profile Manager as your directory admin user.
  Click on the Groups menu item to give all users of a specific group access to the wiki calendar. This is best if you have a wiki for a group and want to share that calendar. Use the Everyone group to add this calendar for all users.
  Click on Users to give access to only specific users.
  Edit the profile for the group(s) or user(s) you selected by highlighting that group and clicking the edit button.
  Scroll down and select the CalDav item on the left.
  Click configure. Here you will need to enter the specific details for that callendar based on the subscription details you get when subscribing to the calendar via the wiki.
  After all that you still need to configure each client computer to be set up for profile management, which really is a topic of its own. I recommend the following tutorials:
  Installing OS X Lion Server
  OS X Lion Server Administration Tool Tour
  Setting Up Profile Manager on OS X Lion Server
  Using Profile Manager on OS X Lion Server
  Hope this helps, good luck!
  ~Mike

• Com.sap.db.jdbc.exceptions.JDBCDriverException:user is forced to change password

  Hi all
  I am trying to connect hana using jdbc code
  here is my code
            Class.forName("com.sap.db.jdbc.Driver");
              String url = "jdbc:sap://host:30015/?";
              String user = "Mujadid";
              String password = "Cloud123";
              System.out.println("try to connect to HANA !");
              Connection cn = java.sql.DriverManager.getConnection(url, user, password);
              System.out.println("Connection to HANA successful!");
              ResultSet rs = cn.createStatement().executeQuery("select * from _SYS_STATISTICS.STATISTICS_ALERTS");
              rs.next();
              System.out.println(rs.getString(1));
  I am facing following exception
  com.sap.db.jdbc.exceptions.JDBCDriverException: SAP DBTech JDBC: [414]: user is forced to change password: alter password required for user MUJADID
    at com.sap.db.jdbc.exceptions.SQLExceptionSapDB.createException(SQLExceptionSapDB.java:345)
  Any suggestion?

  Hi Mathan!
  now above error is esolved
  But i m facing following error when i try to read connections table from live2 schema
  com.sap.db.jdbc.exceptions.JDBCDriverException: SAP DBTech JDBC: [259] (at 20): invalid table name:  Could not find table/view CONNECTIONS in schema LIVE2
  and this table exist in LIVE2 schema
  Any suggestion?

• Communication user is not requested change password

  Hi
  We have set a general rule, that users must change password every 90 days (login/password_expiration_time). We have now had a communication user in the system for more than 5 months, and the password is still not expired.
  How can this be? Shouldn't communication users be forced to change the password?
  In table USR02 I can see a field XUPWDSTATE - "Password Change Mandatory / Optional (See Domain XUPWDSTATE)", but I can't find any documentation on this field. The values are 0,1,254,255. Does anybody know what these values mean and how/when they are set.
  Thank you for your help.
  Regards, Morten

  >
  Morten Ellgaard wrote:
  > Hi
  >
  > We have set a general rule, that users must change password every 90 days (login/password_expiration_time). We have now had a communication user in the system for more than 5 months, and the password is still not expired.
  >
  > How can this be? Shouldn't communication users be forced to change the password?
  >
  > In table USR02 I can see a field XUPWDSTATE - "Password Change Mandatory / Optional (See Domain XUPWDSTATE)", but I can't find any documentation on this field. The values are 0,1,254,255. Does anybody know what these values mean and how/when they are set.
  >
  > Thank you for your help.
  >
  > Regards, Morten
  Well, that's a common misunderstanding:
  accounts of type "COMMUNICATION user" are subject of password expiration - however the password change requirement is not enforced (since the server cannot interact with the user). Actually that's not mainly caused by the user type but by the communication protocol being used: RFC and HTTP allow both, interactive and non-interactive system usage. Only the DIAG protocol (used by SAPGUI) ensures that an interaction with the user is possible - and in this case the system is enforcing a password change (when required).
  Note 622464 provides an overview on the user types and the ability / requirement to change passwords (and other impacts).
  Side-remark: modifying the USR02 field would not have any impact on the password change handling (beside the fact that such direct table manipulations are risky and strongly discouraged).
  As reported by other SDN community members (and stated in note 320991, quite at the end) there are some profile parameters that will cause RFC and HTTP based logon to fail for passwords which are expired / initial. Setting those profile parameters will result in a downwards-incompatible system behavior - for this reason the default setting is "off".
  Indeed, if you intend to use "technical accounts" for (automated) system-to-system communication, then kindly use the user type "SYSTEM". In that case, the password is neither "expired" nor "initial" - no password change is required nor can it be performed by the SYSTEM user itself. Only an user administrator can set a new password (in systems as of NWAS 7.0: even a downwards-compatible one - despite the password policy, see notes referenced by note 622464).

• Using Jackrabbit User Manager programmatically for changing passwords and getting user data.

  I am trying to do a change password request using the Jackrabbit User Manager with the REST URL /system/userManager/user/<username>.changePassword.json.  The problem I am having is that this request requires an oldPwd form param in the request.  The issue is that when I am trying to do this request it is in response to the user selecting "Forgot Password" so our logic has created a random password which we then email to the user so they can use that the next time they want to login.  We need to change that user's password in CRX so they can log in using it next time.  Since they haven't logged in there is no session, NOT the problem.  THE PROBLEMS, I don't know 1. how to use the userManager to get that user's old password, since /system/userManager/user/<username>.json doesn't appear to return the password and 2. if I could get the old password it most certainly will be encoded, some how, so I will need some decoding algorithm to pass it through in order to get the actual password to set as the oldPwd form param to my change password request.  Please let me know if you require any further explanation.  Any assistance would be greatly appreciated.  Thank you, in advance, for your assistance.
  Sincerely,
  Mike Sucena
  [email protected]

  Hi Mike,
  msucena wrote:
  Justin:
  Does your response mean that until version 2.1.2 of Jackrabbit User Manager is released I cannot change the password without knowing the old password?
  No. It means that this feature is not available in version 2.1.0 of the Sling Jackrabbit User Manager bundle. It was added after that release. You have a number of options:
  Build the bundle from source.
  Use one of the SNAPSHOT bundles available from the Apache Snapshots repository.
  Use the release which is being voted upon now (https://repository.apache.org/content/repositories/orgapachesling-175/org/apache/sling/org .apache.sling.jcr.jackrabbit.usermanager/2.2.0/). (Note - we decided to use 2.2.0 as the version number rather than 2.1.2 as originally planned due to the scope of this release).
  Write a different servlet which performs the same actions.
  Meaning that being able to use either the credentials of the "Admin" user or using the credentials of a member of the "UserAdmin" group is not supported in the current released version 2.1.0?
  Correct. It was added after the 2.1.0 release.
    If I currently need the old password is there any Sling REST - Jackrabbit API call I can use in order to get the old password since using /system/userManager/user/<username>.json doesn't appear to return the password?
  -Mike
  The plain text password is not stored. And this should be considered a good thing.
  If you have questions about the development process we follow in Sling (or at Apache as a whole), by all means ask on the Sling users mailing list. It is reasonably well-established and we love to talk about it.

• Users getting forced to change password at least twice when expired

  Has anyone else experienced this?? A user expired yesterday, was prompted to change password and went into application. Tried to go in today and was prompted again to change password. The pwdchangetime is set to yesterday and the modifier is the user so pwdMustChange, (which is set to true), should not kick in.
  Using OID version 9.0.4.1
  thanks

  I've since found out that this is how Oracle has coded an expiration. If you change your password with a grace login, the modifiers stamp isn't your own. So you must change you password again if you have force change password set in your password policy.

• User not able to Change Password in Webaccess

  We are running GroupWise 7.0.3 HP3. We have one user who is not able to change her password in Webaccess. Whenever she tries, she get the following error message in Webaccess
  Ldap Password Change Failed. Contact your system administrator.
  When I look at the POA screen on the server, I see the following error message.
  LDAP Error: 53.
  Her account is not disabled, expired or locked. I get the same error message when the account has an unlimited number of network aconnections.
  If I change the password in ConsoleOne and log into the account, I get prompted change my password because it has expired.
  Thanks

  n,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• User accounts locked when changing password

  I have tried searching an answer to this for a while but have not found an answer yet. So have decided to see if anyone can shed some light on it.
  Basic issue is that a user changes their password on their client machine which then locks their Open Directory account so can not login.
  Users authenticate against the Open Directory hosted on a 10.5.8 server. Clients are 10.6.8. No I can not update servers to 10.6 as I only have one licensed copy of it. I syncronise RAID data between the two using PresStore. File sizes are not seen as being the same between OSs so complete backup made each time, not just the changes. Not ready for Lion or Mountain Lion server as I am within a very restrictive environment behind proxy servers, still testing and ironing out issues.
  Clients are mobile users and the whole user area is synced on Login, Log out and every three hours when logged in. Fundamentally Mobile accounts work great, except when it comes to changing the password. When doing this the logout sync does not connect and then during the next login the account is locked. Even when unlocking the account it says the account is locked, appearing like a conflict between the local machine and open directory. Home folder is still on client machine.
  The only way to remedy this is to delete the user plist through ARD and terminal command run as root
  rm /var/db//dslocal/nodes/Default/users/usershortname.plist
  Once this is done the user can then log in and it does a full sync.
  DNS resolves fine, browsing and connecting to AFP shares is fine (although will not connect to the home directory on logout sync after the password change when shutting down. User can before this point stay connected to the shared volumes, save and work from them but can not automitically connect to the home folder share)
  Just don't quite not know where to go now...

  Please refer below link on same topic, i hope you will get your answer.
  http://cn.forums.oracle.com/forums/thread.jspa?threadID=2172418&tstart=0&start=15

• How to restrict changing password for user ?

  Hi All experts ,
  We have created users . Users should not change their password without permission of Administrator . How to restrict them by setting Permissions / Authorizations ? 
  Thanks.
  KISHORE SATPUTE

  Hi,
  In "USER MAINTENANCE- SU01" --> in the "logon tab" there are 5 different "user type"
  1. dialog
  2. system
  3. communication
  4. service
  5. reference
  Kindly mention the function and role of all the above mentioned user types specifically and hows is one user type different from another.
  These are as follows:-
  1. Dialogue:-
  For this kind of users:-
  GUI login is possible.
  Initial password and expiration of passowrd are checked.
  Multi GUI logins are checked.
  Usage:- These are used for GUI logins.
  2. System
  For this kind of users:-
  GUI login is not possible.
  Initial password and expiration of passowrd are not checked.
  Usage:- These are used for internal use in system like background jobs.
  3. Communication
  For this kind of users:-
  GUI login is not possible.
  Users are allowed to change password through some software in middle tier.
  Usage:- These are used for login to system through external systems like web application
  4. Service
  For this kind of users:-
  GUI login is possible.
  Initial password and expiration of passowrd are not checked.
  Multiple logins are allowed.
  Users are not allowed to change the password. Only admin can change the password
  Usage:- These are used for anonymous users. This type of users should be given minimum authorization.
  5. Reference
  For this kind of users:-
  GUI login is not ible.
  Initial password and expiration of passowrd are not checked.
  Usage:- These are special kind of users which are used to give authorization to other users.
  Rewads point if helpful
  Thanks
  Pankaj Kumar

• Change password for a user

  Hello, I just added a new user to my system, when I set the user's password, the two passwords didn't match, the problem is that adduser didn't let me retype my password the, it just completed, and I can't log in with this user I can't change password with the passwd utility, what options do I have?

  This can work:
  1. as root, edit /etc/passwd and remove the line for the messed up user
  2. remove the users dir, from /home
  3. recreate the user

• Be careful of "Prompt user to change password before expiration" policy -- it's counting the days wrong!!

  After several tests, I'm pretty sure that the policy "Interactive logon: Prompt user to change password before expiration" is counting the wrong days. (Note: this policy is in Windows Settings > Security Settings > Local Policies > Security
  Options)  So I think I should post this in the forum in the hope that it could be helpful to others in the same case as me, esp if the policy is pushed out as a domain-wide policy.
  First, the context of the test, ie domain-wide policy settings:
  1. Password minimum age = 2 days
  2. Password maximum age = 4 days
  3. Prompt user to change password before expiration = 2 days
  If everything is going fine, users will be asked to change password when it is changeable (ie it has reached the minimum age).  However, it turns out that users are prompted BEFORE they can change password.  Look at the image below that I got in
  Win7:
  (In WinXP, we have similar prompt when user has just logged in)
  Look at the clock: it's 13:16 (04/12/2013).  Then look at the DOS window in which I ran the "net user /domain" command and read the line "Password expires": it's shown
  06/12/2013 18:09:04.
  A little math would tell me that if users are prompted to change password *2 days* before expiration, the dialog will appear
  ONLY AFTER 04/12/2013 18:09:04.  But since the prompt is shown at 13:16 (ie well before 18:09), that mean the "prompt user...." policy makes mistakes in calculating the moment to show the prompt.
  In other words, if we have the policy set like this:
       Prompt user to change password before expiration =
  N days
  The prompt will actually appear from N+1 days before expiration.
  I would consider this as a bug, but I also suppose it's hard to make Microsoft fix it.  So that's why I make this post to warn others.  In my case, I have received several calls from users complaining that they were prompted to change password
  but their new passwords were always refused and they had no idea what went wrong.  And it took me a lot of effort to sort out what really went wrong.  And in order to work around this stupid bug, I have to change the "Prompt user...." policy
  to N-1 days (before expiration) instead of N days previously.
  Hope this help

  Hi,
  Based on my research, you are right that the prompt policy is implemented by date, which is by design.
  “Set
  Interactive logon: Prompt user to change password before expiration to 5 days. When their password expiration
  date is 5 or fewer days away, users will see a dialog box each time they log on to the domain”, I quoted this sentence from the article below:
  Interactive logon: Prompt user to change password before expiration
  http://technet.microsoft.com/en-us/library/jj852243.aspx
  The problem is consistency!  For Minimum/Maximum password age properties, they are also defined for
  days as well.  But for them, days are exact days, ie a
  multiple of exactly 24 hours.  There is an "Explain" tab for every parameter, but even if you read them through, you can't tell if day means strict multiple of 24 hours or loose definition of days.  I'll leave the exercise to you to read
  them if you like and spare me the article from your KB library.
  As for the password minimum age part, what I mean is that is why users can’t not change their password within 2 days when the prompt appears before the changeable time.
  Anyway, I agree with you that we need to be careful when we configure the password policy because the Prompt policy is not doing calculation by hours.
  Miss, the 2 days is just a TEST EXAMPLE.  Let's say it's
  N days if you was unable to understand.  I wouldn't change N days to N-1 days because of this stupid GUI bug.  As I said earlier and let me repeat it once more,
  Minimum password age = N days is a security policy and it is more important than the user prompt and no security officer with sane mind will change this.

• User forced to change password on 1st login

  Hi,
  I have created users on ACS local database and assigned password to the account.
  Is it possible user changes the password on his 1st login ( user is forced to change password on 1st login ), I couldnt see this option on ACS version 4.0

  Hi Ronald,
  Please see link below
  http://tinyurl.com/qurqm9
  Under this documentation look for Password Aging Rules.
  The reason you are unable to see 1st time password change is because by default it is disable, please look for this option click Interface Configuration: Advanced Options: Group-Level Password Aging.
  If you have any question do not hesitate to contact me.

• Windows 7 Expired Password - Recvd Warning prompts but not forced to change password

  Our Windows 7 users are prompted when their passwords will expire in 14 Days, however They are not forced to change thier password before it expires. If the users ignore the expiration warning they can only get logged into the network after having the helpdesk
  reset thier password.
  Is there a way to force Windows 7 users to change thier passwords on the day it expires. Our WinXP users get the 14 day warning and are forced to change thier passwords on day 14.
  I have the GPO configured to notifiy users when thier passwords will expire in 14 days
  Thank you,
  Glen

  Hi,
  After applying above settings, the user can change the password by default at the expire day. Please create a new domain profile and test the issue on several Windows
  7 machines. Can the user be enforced to change password at expire day? If not, please refer to the following steps to collect the information for research.
  1. On the DC, open GPMC, right-click Group Policy Results, choose Group Policy Results Wizard, follow the wizard to collect a Group Policy result for problematic
  Windows 7 client.
  2. On the Windows 7 machine where GPO failed to apply, please perform the following steps to collect log files:
  a) Please add the specified registry key to enable group policy log (%windir%\debug\usermode\gpsvc.log), and remove or rename it to disable group policy log after
  collecting data. You may need to create the Diagnostics key if it is not there.
  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
  Type: DWORD
  Value: GPSvcDebugLevel
  Data: 0x30002 (hexadecimal)
  b) Then on the problematic Win7 machine, run command “gpupdate /force”.
  c) Then on the problematic Win7 machine, run command “gpresult /v > gpr_win7.txt”, send me gpr_win7.txt file.
  d) On the problematic Win7 machine, run command “eventvwr”, then expand to Applications and service logs -> Microsoft -> windows -> groupPolicy
  -> Operational. Right-click on it and click “save event as”. Save the file as .evtx format and send it to me.
  e) After that, please send me the above output files. (please zip them first and then send them to me).
  - %windir%\debug\usermode\gpsvc.log
  - gpr_win7.txt
  - win7.evtx
  Please use Windows Live SkyDrive (http://www.skydrive.live.com/) to upload the GPMC
  result and the zip files, and then give us the download address.
  Thanks,
  Novak
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

• Change password on the first use - does not work

  Change password on the first use - does not work.
  Created a user and specified 'Change password on the first use' - when user logs in - the 'Change password' window does not pop- up.
  Please advise.

  (APEX 4.0.2) I am running into this same issue - if you don't set the password expiration and locking to 'Yes', the user gets into the app without being asked to change the pw.
  When you do set expiration and locking - after the user logs on with their temporary password, it does take them to the change password page (4155:50) but the username is blank. Because the username didn't get to the page the old password will never match and you get the "Invalid password" message.
  What am I missing? Anyone successful doing this?
  Simple application, default authentication, no javascript, HTTP_SERVER, no ssl.
  Thanks,
  Steve

• Unable to view "Change password" page in other lang than English

  Hello,
  We have a stange problem:
  Installed APEX 3.0.1 over 10.2.0.3 Database, no errors.
  Applied Spanish and French translations (load_es and load_fr), no errors.
  Create a new Workspace.
  Create a single application (blank page).
  Create a new user (no developer, no admin) and checked "Require Change of password on first use"
  Default language in Browser English, try to login into single app with the new user and redirected to change password correctly.
  If the Default language in browser is Spanish or French, trying to log into single app next error appears:
  Error: El elemento "P50_USER_NAME" no aparece porque la pantalla HTML todavía no estaba abierta.
  Same error for elements "P50_ENTER_CURRENT_PASSWORD", "P50_PASSWORD" ,"P50_CONFIRM_PASSWORD" and "P50_SESSION".
  A simple error translation into English will be something like that:
  Error.The element (or item) "P50_USER_NAME" does not appear because the HTML screen were not open yet.
  If I try to enter with and admin user into /pls/apex app in Spanish...work fine!!!
  Any ideas....to desperate with this error. I tried to translate the application.
  Thanks in advanced.

  Hi Scott,
  Are you saying that when you run your application using an end-user account whose password must be changed, but that user is also an admin, that the change password page works fine?
  No, the application fails using end-user and admin user.
  When I said /pls/apex I was talking about the page that has "Application Builder", "SQL Workshop"...etc in this page it works fine.
  Any ideas???
  Regards.