Change/Reset OC4JADMIN Password

If you are maintaining Oracle Application Server 10g Release 3 (10g AS R3) or Oracle Apps R12 (which uses 10g AS R3 as tech. stack) and you wish to reset OC4JADMIN password here are few pointers

1. oc4jadmin is superuser account created during installation (Installer prompts for oc4jadmin password if this is 10g AS R3)

2. This password is stored in encrypted format in file  system-jazn-data.xml $ORACLE_HOME/j2ee/home/config (In R12 there are two ORACLE_HOME in middle tier one for Web Server and another for Forms (third one is on database tier) and configuration file is under $ORA_CONFIG_HOME/ 10.1.3/ j2ee/ [oc4j_name]/ config). There are three OC4J in R12 so change in all three oc4j config file i.e. oacore, forms, and oafm

3. You can reset this password using enterprise console http:// machine : http_port/em ,    follow exact steps from here

4. If you can’t remember original OC4JADMIN password you can reset it by using documentation here

5. If your 10g AS R3 or R12 is configured to use Oracle Identity Management (OID) then you have to update OC4JADMIN password using /oiddas screen (in OID).


Related
466246.1  How To Reset The Password Of The oc4jadmin Account For Enterprise Manager
576587.1  How to change the OC4Jadmin Password
556031.1  How To Have The Password In Clear Text In Jazn-data.xml?
403678.1  How To Change The Passwords For BPELADMIN / OC4JADMIN / SOA Suite

Question for Readers ?
What is default oc4jadmin password in R12 ?

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

18 comments
knvramam says July 9, 2008

Its a very good article Atul.

Can we do the same process for 10.1.2.0.2AS also and what are the differences between 10.1.2.0.2AS and 10.1.3.1.0AS

Ramam

Reply
Atul says July 9, 2008

Hi Raman,
I don’t think there was any oc4jadmin account in 10.1.2 OAS.

I’ll try to cover difference between 10.1.2 OAS & 10.1.3 OAS.

Major difference
– 10.1.2 uses JDK 1.4 where as 10.1.3 JDK1.5
– 10.1.2 has portal, BI with infrastructure tier like OID/SSO where as 10.1.3 is J2EE only release with no webcache & Infra tier is moved to new product called as Oracle Identity Management

Reply
knvramam says July 9, 2008

Hello Atul,

Thank you very much for your fast reply. After sending the post i realized that 10.1.2 OAS is having ias_admin user and today i have changed “orcladmin” password of Contentdb by following the below procedure.

Login to Content DB database as sysdba and run the following procedure.

SQL> execute orasso.WWSSO_OID_INTEGRATION.reset_passwd(‘ORCLADMIN’,null,’ramam123′);

If you add this to your posts this may help to your readers.

Thank you
Ramam

Reply
swapna says November 12, 2008

Hi Atul,

Is there any way to know when the orcladmin password has reset last time.

Reply
Atul Kumar says November 12, 2008

Swapna,
If you wish to track password change in OID (who changed password on which date) you need to enable tarcing in OID.

Login to oidadmin as orcladmin, click on

orcladmin@hostname:port in left pan and click on Audit Mask in right pan

Under Audit Mask Page , select “User Password Modification” checkbox.

I don’t know how to find when was last time orcladmin password changed without tracing on.

I hope you know there are two orcladmin accounts in oid , one under orclContext which is superuser for OID and one under realm->users

Reply
swapna says November 12, 2008

Hi Atul,
Thanks for your reply. If the password get expires then also can we trace when the orcladmin password got expired. And is there any way to just change the password expiration time only for orcladmin. we are mainly concern about realm->users orcladmin.

thanks,
swapna.

Reply
Atul Kumar says November 12, 2008

If you are on 10.1.4.X and higher versuion of OID, then create another password policy with No Password expiration.

Then attach this policy to user orcladmin.

To check password expiry, write simple shell script which checks

ldapbind -h hostname -p port -D “cn=orcladmin,dc=XXX, dc=XXX” -password

and mail in case bind fails

Put that shell script in cronjob

Reply
swapna says November 12, 2008

Hi Atul,

is there any way to set the orcladmin to be never expired, or never locked.

Reply
swapna says November 12, 2008

Hi Atul,

Thanks for your reply. I didnt get this statement in ur reply ‘and mail in case bind fails’. Is there any provision from oidadmin that can send mail if password expiration warning time comes.

thanks,
swapna soni.

Reply
Atul Kumar says November 12, 2008

No I was talking about shell script to check expired orcladmin password

Here is sample checkpasswd.sh

#!/bin/sh

ldapbind -h hostname -p port -D “cn=orcladmin,dc=XXX, dc=XXX” -password >> bind.log

grep -i “bind failed” bind.log > bindfailed
COUNTS=`cat bindfailed | wc -l`
if [ $LINES -ne 0 ]
then
mailx -s “Script thinks orcladmin password confirm” mymail@mymailserver.com << EOF
check your orcladmin password

.
EOF

fi

rm bindfailed

exit

Now add this script in crontab like
07 * * * * /Path/checkpasswd.sh

to run everyday at 7 AM

There is no way in OID to notify users for expired accounts.

Reply
Atul Kumar says November 12, 2008

Swapna,
Ignore my previous comments, here is step to identify when was password last changed

$ORACLE_HOME/ldap/bin/ldifwrite connect=”[SID]” basedn=”cn=orcladmin,cn=users,dc=mydomain,dc=com” ldiffile=”/tmp/orcladmin.ldif”

Replace SID with connect string of OID database and mydomain,com with your domain .

When prompted for password enter ods schema password or orcladmin password

Above command will create ldif file in /tmp
open that file and look for entry like

orclsamaccountname: orcladmin
pwdchangedtime: 20080807135508z

Here password was changed on 07 Aug 2008

Reply
swapna says November 13, 2008

Hi Atul,

Can we know how to get password expiration warning period, so that we can send email to user. Please reply soon its urgent for us. If you dont mind, could you please give us ur contact number so that i can explain the issue.

Reply
swapna says November 13, 2008

Hi Atul,

oid password for orcladmin got expired and after that we ran this command from 10.1.2AS/bin directory

ldapbind -h bluejays.appsassociates.com -p 389 -D “cn=orcladmin” -w iasadmin123

but it was giving bind successful message.

but i think it should give bind failed right? may i know why its happening.

thanks,
swapna soni.

Reply
Atul Kumar says November 13, 2008

Are you sure you want to test “cn=orcladmin” and not one in your domain i.e. “cn=orcladmin,dc=oracle,dc=com”

If Password is expired, you should get output like

ldap_compare_s: Invalid credentials
ldap_compare_s: additional info: Password Policy Error :9000: GSL_PWDEXPIRED_EXCP :Your Password has expired. Please contact the

Reply
» How to Upgrade Oracle Application server 10g (10.1.3) in R12 (12i/EBS) Online Apps DBA: One Stop Shop for Apps DBA’s says March 17, 2009

[…] If you don’t remember oc4jadmin password you can reset oc4jadmin password check here […]

Reply
» How to Upgrade Oracle Application Server 10g R2 (10.1.2) forms/reports in R12/12i - 5983622 Online Apps DBA: One Stop Shop for Apps DBA’s says May 22, 2009

[…] 4.oc4jadmin password (for 10.1.3 HOME) is stored in xml file $INST_TOP/ ora/ 10.1.3/ j2ee/ forms/ config/ system-jazn-data.xml , If you don’t know oc4jadmin password or wish to change it use steps mentioned here  […]

Reply
» Oracle Application Integration Architecture (AIA) Foundation Pack 2.5 Installation Online Apps DBA: One Stop Shop for Apps DBA’s says March 29, 2010

[…] password : If you don’t remember oc4jadmin password for SOA then you can  reset using steps here and here DB Server: Database Server Name, Port Number and username/password for user with sysdba […]

Reply
sbganji says March 15, 2012

Atul,
I did’nt remember the oc4jadmin pwd. And I have changed the credentials in all 3 files for system-jazn-data.xml ( oacore,forms,oafm) but still I am unable to login as oc4jadmin . Any clue how to troubleshoot?

Reply
Add Your Reply

Not found