Unlocking the XELSYSADM account in OIM with the fusion applications
when the XELSYSADM account is Locked if you have implemented the IDM and OAM with the fusion applications then you can unlock it with the help of back end access to the database ..In the Fusion applications oracle Stores the Users Identity Related data with the IDM database Which uses the LDAP there are most interesting features you can find in the Fusion applications with IDM and OAM
This features we will explain the later Posts
In the IDM there are two components the [OVD] oracle virtual directory and the oracle internet directory [OID] check Whether you are using the OVD or OID
the difference between the OID and the OVD are the oracle virtual directory supports to integrate the other identity man agent software Which is used in your organization to the oracle's IDM
In the Fusion applications there are two database separately created for the user management ..
The access details of the users,roles and the status , session information are stored in the [oracle access manager][OAM ]
The Users group's password policy and and other are stored in the IDM [oracle identity management database]
If you are using the OID you can follow the below steps to unlock the user Account
Lo gin into the OAM database and check for the USR table which holds the user access details for the fusion applications for the OAM or OIM
Query the database to check the table name and the owner of the table the owner of the table can be different according to the different environment this owner name[schema name] is created when you are creating the RCU in the OAM database
TABLE_NAME OWNER
------------------------------ ------------------------------
TTS_USR$ SYS
USR_BKUP FA_OIM
USR_CONFIG_HISTORY FA_OIM
UPA_USR FA_OIM
USR_ATTRIBUTE_RESERVATIONS FA_OIM
BULKLOAD_USR FA_OIM
USR FA_OIM
MLS_USR FA_OIM
Run the below query to find the status of the user which is locked .. it the query return the value as zero then proceed to the next step if it is non zero then you have to update the records to zero
SQL> select USR_LOCKED,USR_LOGIN_ATTEMPTS_CTR,USR_LOCKED_ON,USR_MANUALLY_LOCKED from FA_OIM.USR where UPPER(USR_LOGIN) = 'XELSYSADM';
USR_LOCKED USR_LOGIN_ATTEMPTS_CTR USR_LOCKED_ON USR_MANUAL
-------------------- ---------------------- -------------------- ----------
0 0
If the above select command return the non zero value then you have to run the update statement to change the values to zero and check the account is unlocked now ..
SQL> UPDATE FA_OIM.USR SET USR_LOCKED=0, USR_LOGIN_ATTEMPTS_CTR=0, USR_LOCKED_ON=NULL, USR_MANUALLY_LOCKED=NULL WHERE UPPER(USR_LOGIN) = 'XELSYSADM';
1 row updated.
SQL> commit;
Commit complete.
1 row updated.
SQL> commit;
Commit complete.
if it is still the account is locked then login into the ODSM and browse to the username check whether the account is locked .. there may be surprise the account may be unlocked in the ODSM but locked in the OAM ... This may be due to the password policy expiry.. for the xelsysadm ..Follow the below steps to unlock the account
Query the user password from the OAM database the password will be in the encrypted format
SQL> SELECT USR_PASSWORD FROM FA_OIM.USR where USR_LOGIN='XELSYSADM';
USR_PASSWORD
--------------------------------------------------------------------------------
9317:rNhlefP4CPAkADTHKKuLpw==
SQL> SELECT USR_PASSWORD FROM FA_OIM.USR where USR_LOGIN='XELSYSADM';
USR_PASSWORD
--------------------------------------------------------------------------------
9317:rNhlefP4CPAkADTHKKuLpw==
Query the status of the account in the OAM database
SQL> SELECT USR_LOCKED_ON,USR_LOCKED,USR_STATUS from FA_OIM.USR where UPPER(USR_LOGIN) = 'XELSYSADM';
USR_LOCKE U USR_STATUS
--------- - -------------------------
0 Active
Please review My Oracle Support Note 374873.1. This note outlines a method to remove a lock on the xelsysadm user account if the account is locked due to the failure but the account may be locked due the other reasons also
Browse in the ODSM and then get the account detail and verify the parameters
SQL> SELECT USR_LOCKED_ON,USR_LOCKED,USR_STATUS from FA_OIM.USR where UPPER(USR_LOGIN) = 'XELSYSADM';
USR_LOCKE U USR_STATUS
--------- - -------------------------
0 Active
Please review My Oracle Support Note 374873.1. This note outlines a method to remove a lock on the xelsysadm user account if the account is locked due to the failure but the account may be locked due the other reasons also
Browse in the ODSM and then get the account detail and verify the parameters
1] oblockouttime 2] oblogintrycount and verify the value in it
XELSYSADM User account Lock then follown the steps to unlock the account
Check the Status of the XELSYSADM status in the ODSM it will be in the unlocked stage ..
In the odsm go to attributes and click show all
and check for the values of the
oblockouttime
4494692191
oblogintrycount 5
oblogintrycount 5
These are the default values you will find in the odsm for the two attributes then change it to zero
according to your environment the values may differ if the value is non zero then change it to zero
according to your environment the values may differ if the value is non zero then change it to zero
The lockout time and the Login try count time parameters value shroud be zero
Then try to login to the XELSYSADM from the idm
No comments:
Post a Comment