JD Edwards Password Length Limitation

nkuebelbeck

nkuebelbeck

VIP Member
Currently the password length of a jd edwards password is 10 characters. doesn't matter if it's ldap or not.

E1: SEC: 10 Characters Password Limitation With LDAP Enabled (Doc ID 1995722.1)

Bug 17880031 : TT-E1 USER ID & PASSWORD LENGTH RESTRICTIONS

Has anyone gotten around this?
 
Last edited:
There are a number of solutions to get around this :

First of all - check into Everest Softwares SSO solution : http://www.everestsoftint.com/products_sso.php - this solution connects the user to the Active Directory quickly and simply, and stores an encrypted "key" in both the F98OWSEC and the active directory. Its incredibly simple to set up and works on all versions of JDE - including Xe.

Secondly, there is Oracles Access Manager and OID security tools. These can be extremely difficult to set up, but if you are a very large enterprise with a lot of different Oracle products - including SOA Suite, then this might be the option to look into.

There is still no plans to get around the 10 character password limitation as far as I understand - though I know that JDE have been working on a solution based on the Quest User Group making it a priority.
 
The buzz on the street is that with apps / tools 9.2 , the 10 character limitation on password ( not sure about User ID) , will be removed. Plans are always subject to change of course , so do not take this as the final word.
 
Yeah, at Collaborate they said they're fixing the limit on both username and password... a specific release that will be in wasn't promised, but I'm pretty sure they're aiming for 9.2.
 
How will they handle a change of length to the User ID field as it's used throughout E1. i.e in the F0092, F00950, F95921, F00926 tables etc.
 
Hi Scotti et al...

Yes - Oracle has promised to fix the 10 character password limit for some time now. I talked to them about this at least 2 years ago, and in fact I believe that its under my name that is sponsoring the Quest bug ! I certainly hope that they do, since integrating directly to LDAP works pretty well - BUT its a major data structure change that will have to occur to a very deep part of the system code.

On the subject of 9.2 - I really expected that applications release to have been launched at Collaborate, since they promised 9.2 at "some point in FY15". The 9.1.5.x tools release coming out last December seemed to support that BUT almost certainly would have ensured that the 10 character password limit has NOT been fixed for 9.2. However, we didn't see any information on 9.2 at all in Vegas - which both concerns me and provides some hope for the 10char password expansion. The next big event will be Openworld - which would absolutely make marketing sense for Oracle to start releasing JDE products at that event from now on AND is at the end of their FY (October 2015)- BUT to release 9.2 applications, we would have to have 9.2 Tools Release released ahead of time. Why ? Because Tools Releases have always supported prior-supported versions, and JDE would certainly want to "bed in" their Tools Release before releasing the functional changes.

Secondly, the 10 character password limitation is NOT viewed as a major "issue" at Oracle - since it supports the sale of the Oracle Security products - such as OAM. The answer from oracle has been "if you want to get around the issue, then buy OAM". So I don't see the pressure being applied at Oracle to resolve this.

Now, I am probably wrong about this - I hope I am wrong, and at Openworld they release a 9.2 Tools Release AND a 9.2 Application and they have the 10 character password limit removed and all the users rejoice and praise the great Oracle. I will be the first in line to rejoice ! But I'm also a realist when it comes to these kind of "announcements" - and since they haven't announced anything yet - my recommendation to customers is to look at alternatives so they can both correctly secure their implementation AND ensure they deliver SSO to their end-users.
 
Jon et al,

What I had heard at Collaborate was that the new longer usernames and passwords will be coming out with 9.2 (they wouldn't call it that, officially), and that it will be an optional new layer of passwords. You will have the option to continue using the existing username/passwords, or you can set up the new longer usernames and passwords, which will then translate into an existing "short user name". It is the existing "short user name" that will continue to be populated into the audit tables all over the place in JDE. If you wish to report on audit information but use the new longer username, you will need to join the new username table to get that.
 
Back
Top