Leave a Comment:
18 comments
Its a very good article Atul.
Can we do the same process for 10.1.2.0.2AS also and what are the differences between 10.1.2.0.2AS and 10.1.3.1.0AS
Ramam
ReplyHi Raman,
I don’t think there was any oc4jadmin account in 10.1.2 OAS.
I’ll try to cover difference between 10.1.2 OAS & 10.1.3 OAS.
Major difference
– 10.1.2 uses JDK 1.4 where as 10.1.3 JDK1.5
– 10.1.2 has portal, BI with infrastructure tier like OID/SSO where as 10.1.3 is J2EE only release with no webcache & Infra tier is moved to new product called as Oracle Identity Management
Hello Atul,
Thank you very much for your fast reply. After sending the post i realized that 10.1.2 OAS is having ias_admin user and today i have changed “orcladmin” password of Contentdb by following the below procedure.
Login to Content DB database as sysdba and run the following procedure.
SQL> execute orasso.WWSSO_OID_INTEGRATION.reset_passwd(‘ORCLADMIN’,null,’ramam123′);
If you add this to your posts this may help to your readers.
Thank you
Ramam
Hi Atul,
Is there any way to know when the orcladmin password has reset last time.
ReplySwapna,
If you wish to track password change in OID (who changed password on which date) you need to enable tarcing in OID.
Login to oidadmin as orcladmin, click on
orcladmin@hostname:port in left pan and click on Audit Mask in right pan
Under Audit Mask Page , select “User Password Modification” checkbox.
I don’t know how to find when was last time orcladmin password changed without tracing on.
I hope you know there are two orcladmin accounts in oid , one under orclContext which is superuser for OID and one under realm->users
ReplyHi Atul,
Thanks for your reply. If the password get expires then also can we trace when the orcladmin password got expired. And is there any way to just change the password expiration time only for orcladmin. we are mainly concern about realm->users orcladmin.
thanks,
swapna.
If you are on 10.1.4.X and higher versuion of OID, then create another password policy with No Password expiration.
Then attach this policy to user orcladmin.
To check password expiry, write simple shell script which checks
ldapbind -h hostname -p port -D “cn=orcladmin,dc=XXX, dc=XXX” -password
and mail in case bind fails
Put that shell script in cronjob
ReplyHi Atul,
is there any way to set the orcladmin to be never expired, or never locked.
ReplyHi Atul,
Thanks for your reply. I didnt get this statement in ur reply ‘and mail in case bind fails’. Is there any provision from oidadmin that can send mail if password expiration warning time comes.
thanks,
swapna soni.
No I was talking about shell script to check expired orcladmin password
Here is sample checkpasswd.sh
#!/bin/sh
ldapbind -h hostname -p port -D “cn=orcladmin,dc=XXX, dc=XXX” -password >> bind.log
grep -i “bind failed” bind.log > bindfailed
COUNTS=`cat bindfailed | wc -l`
if [ $LINES -ne 0 ]
then
mailx -s “Script thinks orcladmin password confirm” mymail@mymailserver.com << EOF
check your orcladmin password
.
EOF
fi
rm bindfailed
exit
Now add this script in crontab like
07 * * * * /Path/checkpasswd.sh
to run everyday at 7 AM
There is no way in OID to notify users for expired accounts.
ReplySwapna,
Ignore my previous comments, here is step to identify when was password last changed
$ORACLE_HOME/ldap/bin/ldifwrite connect=”[SID]” basedn=”cn=orcladmin,cn=users,dc=mydomain,dc=com” ldiffile=”/tmp/orcladmin.ldif”
Replace SID with connect string of OID database and mydomain,com with your domain .
When prompted for password enter ods schema password or orcladmin password
Above command will create ldif file in /tmp
open that file and look for entry like
orclsamaccountname: orcladmin
pwdchangedtime: 20080807135508z
Here password was changed on 07 Aug 2008
ReplyHi Atul,
Can we know how to get password expiration warning period, so that we can send email to user. Please reply soon its urgent for us. If you dont mind, could you please give us ur contact number so that i can explain the issue.
ReplyHi Atul,
oid password for orcladmin got expired and after that we ran this command from 10.1.2AS/bin directory
ldapbind -h bluejays.appsassociates.com -p 389 -D “cn=orcladmin” -w iasadmin123
but it was giving bind successful message.
but i think it should give bind failed right? may i know why its happening.
thanks,
swapna soni.
Are you sure you want to test “cn=orcladmin” and not one in your domain i.e. “cn=orcladmin,dc=oracle,dc=com”
If Password is expired, you should get output like
ldap_compare_s: Invalid credentials
ldap_compare_s: additional info: Password Policy Error :9000: GSL_PWDEXPIRED_EXCP :Your Password has expired. Please contact the
[…] If you don’t remember oc4jadmin password you can reset oc4jadmin password check here […]
Reply[…] 4.oc4jadmin password (for 10.1.3 HOME) is stored in xml file $INST_TOP/ ora/ 10.1.3/ j2ee/ forms/ config/ system-jazn-data.xml , If you don’t know oc4jadmin password or wish to change it use steps mentioned here […]
Reply[…] password : If you don’t remember oc4jadmin password for SOA then you can reset using steps here and here DB Server: Database Server Name, Port Number and username/password for user with sysdba […]
ReplyAtul,
I did’nt remember the oc4jadmin pwd. And I have changed the credentials in all 3 files for system-jazn-data.xml ( oacore,forms,oafm) but still I am unable to login as oc4jadmin . Any clue how to troubleshoot?