• Find us:
    +1-669-900-5138   |   +44-203-372-5553
  • Free Newsletter

    Get Latest Updates

  • Make Training Enquiry


    Company

  • Categories

  • Archive

  • Change/Reset OC4JADMIN Password

    Posted by "" in "10gAS, soa, webcenter" on 2008-06-03

    Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInEmail this to someone

    If you are maintaining Oracle Application Server 10g Release 3 (10g AS R3) or Oracle Apps R12 (which uses 10g AS R3 as tech. stack) and you wish to reset OC4JADMIN password here are few pointers

    1. oc4jadmin is superuser account created during installation (Installer prompts for oc4jadmin password if this is 10g AS R3)

    2. This password is stored in encrypted format in file  system-jazn-data.xml $ORACLE_HOME/j2ee/home/config (In R12 there are two ORACLE_HOME in middle tier one for Web Server and another for Forms (third one is on database tier) and configuration file is under $ORA_CONFIG_HOME/ 10.1.3/ j2ee/ [oc4j_name]/ config). There are three OC4J in R12 so change in all three oc4j config file i.e. oacore, forms, and oafm

    3. You can reset this password using enterprise console http:// machine : http_port/em ,    follow exact steps from here

    4. If you can’t remember original OC4JADMIN password you can reset it by using documentation here

    5. If your 10g AS R3 or R12 is configured to use Oracle Identity Management (OID) then you have to update OC4JADMIN password using /oiddas screen (in OID).


    Related
    466246.1  How To Reset The Password Of The oc4jadmin Account For Enterprise Manager
    576587.1  How to change the OC4Jadmin Password
    556031.1  How To Have The Password In Clear Text In Jazn-data.xml?
    403678.1  How To Change The Passwords For BPELADMIN / OC4JADMIN / SOA Suite

    Question for Readers ?
    What is default oc4jadmin password in R12 ?

    18 Responses to “Change/Reset OC4JADMIN Password”

    1. knvramam says:

      Its a very good article Atul.

      Can we do the same process for 10.1.2.0.2AS also and what are the differences between 10.1.2.0.2AS and 10.1.3.1.0AS

      Ramam

    2. Atul says:

      Hi Raman,
      I don’t think there was any oc4jadmin account in 10.1.2 OAS.

      I’ll try to cover difference between 10.1.2 OAS & 10.1.3 OAS.

      Major difference
      – 10.1.2 uses JDK 1.4 where as 10.1.3 JDK1.5
      – 10.1.2 has portal, BI with infrastructure tier like OID/SSO where as 10.1.3 is J2EE only release with no webcache & Infra tier is moved to new product called as Oracle Identity Management

    3. knvramam says:

      Hello Atul,

      Thank you very much for your fast reply. After sending the post i realized that 10.1.2 OAS is having ias_admin user and today i have changed “orcladmin” password of Contentdb by following the below procedure.

      Login to Content DB database as sysdba and run the following procedure.

      SQL> execute orasso.WWSSO_OID_INTEGRATION.reset_passwd(‘ORCLADMIN’,null,’ramam123′);

      If you add this to your posts this may help to your readers.

      Thank you
      Ramam

    4. swapna says:

      Hi Atul,

      Is there any way to know when the orcladmin password has reset last time.

    5. Atul Kumar says:

      Swapna,
      If you wish to track password change in OID (who changed password on which date) you need to enable tarcing in OID.

      Login to oidadmin as orcladmin, click on

      orcladmin@hostname:port in left pan and click on Audit Mask in right pan

      Under Audit Mask Page , select “User Password Modification” checkbox.

      I don’t know how to find when was last time orcladmin password changed without tracing on.

      I hope you know there are two orcladmin accounts in oid , one under orclContext which is superuser for OID and one under realm->users

    6. swapna says:

      Hi Atul,
      Thanks for your reply. If the password get expires then also can we trace when the orcladmin password got expired. And is there any way to just change the password expiration time only for orcladmin. we are mainly concern about realm->users orcladmin.

      thanks,
      swapna.

    7. Atul Kumar says:

      If you are on 10.1.4.X and higher versuion of OID, then create another password policy with No Password expiration.

      Then attach this policy to user orcladmin.

      To check password expiry, write simple shell script which checks

      ldapbind -h hostname -p port -D “cn=orcladmin,dc=XXX, dc=XXX” -password

      and mail in case bind fails

      Put that shell script in cronjob

    8. swapna says:

      Hi Atul,

      is there any way to set the orcladmin to be never expired, or never locked.

    9. swapna says:

      Hi Atul,

      Thanks for your reply. I didnt get this statement in ur reply ‘and mail in case bind fails’. Is there any provision from oidadmin that can send mail if password expiration warning time comes.

      thanks,
      swapna soni.

    10. Atul Kumar says:

      No I was talking about shell script to check expired orcladmin password

      Here is sample checkpasswd.sh

      #!/bin/sh

      ldapbind -h hostname -p port -D “cn=orcladmin,dc=XXX, dc=XXX” -password >> bind.log

      grep -i “bind failed” bind.log > bindfailed
      COUNTS=`cat bindfailed | wc -l`
      if [ $LINES -ne 0 ]
      then
      mailx -s “Script thinks orcladmin password confirm” mymail@mymailserver.com << EOF
      check your orcladmin password

      .
      EOF

      fi

      rm bindfailed

      exit

      Now add this script in crontab like
      07 * * * * /Path/checkpasswd.sh

      to run everyday at 7 AM

      There is no way in OID to notify users for expired accounts.

    11. Atul Kumar says:

      Swapna,
      Ignore my previous comments, here is step to identify when was password last changed

      $ORACLE_HOME/ldap/bin/ldifwrite connect=”[SID]” basedn=”cn=orcladmin,cn=users,dc=mydomain,dc=com” ldiffile=”/tmp/orcladmin.ldif”

      Replace SID with connect string of OID database and mydomain,com with your domain .

      When prompted for password enter ods schema password or orcladmin password

      Above command will create ldif file in /tmp
      open that file and look for entry like

      orclsamaccountname: orcladmin
      pwdchangedtime: 20080807135508z

      Here password was changed on 07 Aug 2008

    12. swapna says:

      Hi Atul,

      Can we know how to get password expiration warning period, so that we can send email to user. Please reply soon its urgent for us. If you dont mind, could you please give us ur contact number so that i can explain the issue.

    13. swapna says:

      Hi Atul,

      oid password for orcladmin got expired and after that we ran this command from 10.1.2AS/bin directory

      ldapbind -h bluejays.appsassociates.com -p 389 -D “cn=orcladmin” -w iasadmin123

      but it was giving bind successful message.

      but i think it should give bind failed right? may i know why its happening.

      thanks,
      swapna soni.

    14. Atul Kumar says:

      Are you sure you want to test “cn=orcladmin” and not one in your domain i.e. “cn=orcladmin,dc=oracle,dc=com”

      If Password is expired, you should get output like

      ldap_compare_s: Invalid credentials
      ldap_compare_s: additional info: Password Policy Error :9000: GSL_PWDEXPIRED_EXCP :Your Password has expired. Please contact the

    15. […] If you don’t remember oc4jadmin password you can reset oc4jadmin password check here […]

    16. […] 4.oc4jadmin password (for 10.1.3 HOME) is stored in xml file $INST_TOP/ ora/ 10.1.3/ j2ee/ forms/ config/ system-jazn-data.xml , If you don’t know oc4jadmin password or wish to change it use steps mentioned here  […]

    17. […] password : If you don’t remember oc4jadmin password for SOA then you can  reset using steps here and here DB Server: Database Server Name, Port Number and username/password for user with sysdba […]

    18. sbganji says:

      Atul,
      I did’nt remember the oc4jadmin pwd. And I have changed the credentials in all 3 files for system-jazn-data.xml ( oacore,forms,oafm) but still I am unable to login as oc4jadmin . Any clue how to troubleshoot?

    Leave a Reply



  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.
  • CONTACTS

    K21 Technologies
    8 Magnolia Place, Harrow,
    London, HA2 6DS

    UK: +44(0)7476444481
    USA: +1-888-414-1821

  • 2014, K21 Technologies. All rights reserved DMCA.com
  • TOP