Hacking SAP PI Service user password

SAP PI Interview Questions and SAP PI Tutorials

SAP PI Interview Questions and SAP PI Tutorials

Hacking SAP PI Service user password

People who have worked since ramp-up XI3.0 or earlier generally know the Ins & Outs of XI3.0 administration. Back then, It was an all-in-one role (all-win roles we used to call it) where the 1 man army used to install, develop, take the objects all the way through production, go-live & support. But with SAP XI/PI widely accepted as integration broker & ESB, it became the responsibility of NW Administrors aka basis teams to maintain XI/PI systems and there was a clear distinction in the roles & responsibilities of PI developer and administrator.

When messages from Adapter engine just vanish in the vaccum without reaching integration server, IDOCs don’t reach the target systems, logs & traces not active, a seasoned XI/PI  consultant will be tempted to go to SXMB_ADM or IDX1/2 to check if the post-installations were performed properly. But with limited authorizations & per development process, have to raise an issue for NWAdmin to figure it out.

One such time, SLDCHECK failed and i had to wait for days but the issue was still un-resolved. I wanted to get to the roots of it and check the configuration but i didn’t have the authorization. So i started debugging SLDCHECK and i came across PIAPPLUSER password. [Generally Administrators try to keep the passwords consistent or atleast logical in the landscape. (un)luckily, they had the same password for PISUPER]. I jumped out in joy like a kid who found a bag of candies hidden right under his desk. I hacked-in, found the issue and requested NWAdmin to check this specific configuration and they fixed it.
Hacking in PI 7.0

LCR_LIST_BUSINESS_SYSTEMS uses the configuration maintained in SLDAPICUST (TCode) to access the SLD and get the list of Business Systems. For local SLD installations, it uses SLDAPIUSER. But for Central SLD’s, SAP recommends to replace SLDAPIUSER with PIAPPLUSER in SLDAPICUST. (as per configuration & post installation guides).

Refer to Section 2.4 Basic SAP System Parameters & Section 5.17.1 Performing PI-Specific Steps for SLD Configuration for more details on Maintaining SLD connection parameters.


Figure 1.0 SLDAPCUST Configuration in PI System

LCR_LIST_BUSINESS_SYSTEMS function Module can be hacked to get the PIAPPLUSER password& set a Breakpoint at line 67.


Figure 2. Breakpoint in LCR_LIST_BUSINESS_SYSTEMS

create object accessor.
accessor->set_tracelevel( tracelevel ). 


Figure 3.0 PIAPPLUSER password hacked

SAP PI Interview Questions and SAP PI Tutorials

SAP PI Interview Questions and SAP PI Tutorials

Caution:  Changing configurations by using the Hacked users/passwords is strongly discouraged.

Word to SAP: SAP can take it as a positive feedback & release a note to enrypt the password.

Links of Help

Change PI Service user passwords with caution

SAP NoteNo: 999962 : PI 7.10: Change passwords of PI service users
SAP NoteNo: 936093 : XI 7.0  : Changing the passwords of XI service users

SAP PI Interview Questions and SAP PI Tutorials

SAP PI Interview Questions and SAP PI Tutorials

Share this:
Share this page via Email Share this page via Stumble Upon Share this page via Digg this Share this page via Facebook Share this page via Twitter
   Send article as PDF   
This entry was posted in sap pi 7.1 tutorials. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *