Symantec IGA

 View Only
  • 1.  PSA-Password Not Allowed on SAP

    Posted Jun 19, 2014 02:08 PM



    Identity Manager - 12.6 sp2

    When password is changed by IDM it is updating password in SAP but if password is changed by Password Sync Agent through windows machine then SAP password is not getting updated and fails Error is :


    Cause: SAP R3 Account 'E003255' on 'SAPPROD01 Endpoint' modification failed: Connector Server Modify failed: code 1 (OPERATIONS_ERROR): failed to modify entry: eTSAPAccountName=E003255,eTSAPAccountContainerName=Accounts,eTSAPDirectoryName=SAPPROD01 Endpoint,eTNamespaceName=SAP R3,dc=im,dc=etasa: JCS@NHPIDMP01: SAP: SAP JCO exception - PASSWORD_NOT_ALLOWED (ldaps:// Action: Synchronize user "Renuka Singh (n700678)" attributes with accounts: Failed to execute SynchronizeAttributesWithAccountsEvent.



    Please suggest what is causing this issue.



  • 2.  Re: PSA-Password Not Allowed on SAP

    Posted Jul 29, 2014 02:51 PM

    Sagi_Gabay - Can you help here?

  • 3.  Re: PSA-Password Not Allowed on SAP
    Best Answer

    Posted Jul 29, 2014 03:15 PM


    Thanks for the follow up but figured out that it is because of SAP password policy not aligned with IdM .


    SAP has history settings as 5 and if IdM will be updated with any of previous SAP password then it will set for IdM but failed on SAP.


  • 4.  Re: PSA-Password Not Allowed on SAP

    Posted Jul 29, 2014 03:19 PM

    Ok - thanks! I will mark this question as answered then.

  • 5.  Re: PSA-Password Not Allowed on SAP

    Posted Aug 01, 2014 11:24 AM

    Hi Renus


    One type of user in SAP "system" does not accept a variety of caracateres for password complexity: The user type "dialog" is more open and probably need to sync the password only for these type of account.

    Consider user management type "dialog" to synchronize the password only and of course check that password policies are aligned.