Symantec IGA

Hi,

Identity Manager - 12.6 sp2

When password is changed by IDM it is updating password in SAP but if password is changed by Password Sync Agent through windows machine then SAP password is not getting updated and fails Error is :

Cause: SAP R3 Account 'E003255' on 'SAPPROD01 Endpoint' modification failed: Connector Server Modify failed: code 1 (OPERATIONS_ERROR): failed to modify entry: eTSAPAccountName=E003255,eTSAPAccountContainerName=Accounts,eTSAPDirectoryName=SAPPROD01 Endpoint,eTNamespaceName=SAP R3,dc=im,dc=etasa: JCS@NHPIDMP01: SAP: SAP JCO exception - PASSWORD_NOT_ALLOWED (ldaps://nhpidmp01.dt.inc:20411) Action: Synchronize user "Renuka Singh (n700678)" attributes with accounts: Failed to execute SynchronizeAttributesWithAccountsEvent.

Please suggest what is causing this issue.

Thanks

Sagi_Gabay - Can you help here?

Thanks for the follow up but figured out that it is because of SAP password policy not aligned with IdM .

SAP has history settings as 5 and if IdM will be updated with any of previous SAP password then it will set for IdM but failed on SAP.

Ok - thanks! I will mark this question as answered then.

Hi Renus

One type of user in SAP "system" does not accept a variety of caracateres for password complexity: The user type "dialog" is more open and probably need to sync the password only for these type of account.

Consider user management type "dialog" to synchronize the password only and of course check that password policies are aligned.

regards

Efren