Resetting The expired OIM database schema Password in OAM
We need to reset the Password for the OIM in the OAM when the password is expired the managed server will go to the admin mode
Step1
Check the database default profile for the password expiry days parameter if we needed it we can change it to the unlimited or you can continue with the 180 days ..if it is 180 days the default value we have to reset the password before 180 days every time
To Check the profile
SELECT * from dba_profiles WHERE profile='DEFAULT' and resource_type='PASSWORD'
PROFILE RESOURCE_NAME RESOURCE LIMIT
------------------------------ -------------------------------- -------- ----------------------------------------
DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD 10
DEFAULT PASSWORD_LIFE_TIME PASSWORD 180
DEFAULT PASSWORD_REUSE_TIME PASSWORD UNLIMITED
DEFAULT PASSWORD_REUSE_MAX PASSWORD UNLIMITED
DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD NULL
DEFAULT PASSWORD_LOCK_TIME PASSWORD 1
DEFAULT PASSWORD_GRACE_TIME PASSWORD 7
Connect as sys as sysdba and execute the following command to identify the status of the db user and the component
SELECT owner, comp_name, version, status, upgraded
FROM schema_version_registry
WHERE comp_name like '%Oracle%'
ORDER BY 1 2 3 4 ;
OWNER COMP_NAME VERSION STATUS U
-------------------- ------------------------------ ------------------------------ ----------- -
FA_OAM Oracle Access Manager 11.1.1.3.0 VALID N
FA_OIM Oracle Identity Manager 11.1.1.5.0 VALID N
Verify the status of the user
SQL> select USERNAME,EXPIRY_DATE,LOCK_DATE,ACCOUNT_STATUS from dba_users
2 where username like '%FA%';
USERNAME EXPIRY_DA LOCK_DATE ACCOUNT_STATUS
------------------------------ --------- --------- --------------------------------
FA_IAU_APPEND 25-AUG-12 OPEN
FA_IAU_VIEWER 25-AUG-12 OPEN
FA_IAU 25-AUG-12 OPEN
FA_ORASDPM 01-SEP-12 EXPIRED
FA_MDS 01-SEP-12 EXPIRED
FA_OIM 01-SEP-12 EXPIRED
FA_SOAINFRA 01-SEP-12 EXPIRED
FA_OAM 17-SEP-12 EXPIRED(GRACE)
8 rows selected.
Due to the Password expiry the managed server switch to the admin mode when we restart the manged servers in idm
normally the managed server goes to the admin mode when some of the application deployed inside the managed server was not up... as the same when the password ex pair than some of the applications will not come up when up restart due to not able to connect to the database
If you need to change to the run mode than you can click the resume then the managed servers than it goes to the running mode
 |
| The wls_oim and wls_soa serves are in admin mode as this two servers connect with the OAM database and the wla_oim and wls_ods connect with the OIDM database |
Check the IDM em for the more information on what are the applications which went down
Check the wls_oim manager server logfile for the password expairy
####<Sep 10, 2012 5:54:18 AM GST> <Warning> <JDBC> <hostname> <wls_oim1> <DmsThread-1> <<anonymous>> <> <ba0dbab1bd57560b:6d05bab5:139ac982dbd:-8000-0000000000000003> <1347242058362> <BEA-001129> <Received exception while creating connection for pool "mds-owsm": ORA-28001: the password has expired
####<Sep 10, 2012 5:54:18 AM GST> <Info> <JDBC> <hostname> <wls_oim1> <DmsThread-1> <<anonymous>> <> <ba0dbab1bd57560b:6d05bab5:139ac982dbd:-8000-0000000000000003> <1347242058362> <BEA-001156> <Stack trace associated with message 001129 follows:
java.sql.SQLException: ORA-28001: the password has expired
Caused By: oracle.mds.config.MDSConfigurationException: MDS-01330: unable to load MDS configuration document
MDS-01329: unable to load element "persistence-config"
MDS-01370: MetadataStore configuration for metadata-store-usage "MAR_TargetRepos" is invalid.
MDS-01377: Unable to get database connection from data source configured with JNDI name "jdbc/mds/MDS_REPOS".
weblogic.common.resourcepool.ResourceDeadException: 0:weblogic.common.ResourceException: Could not create pool connection. The DBMS driver exception was: ORA-28001: the password has expired
Check the wls_soa server for the password expiry
####<Sep 10, 2012 2:54:29 AM GST> <Warning> <JDBC> <hostname> <wls_soa1> <DmsThread-1> <<anonymous>> <> <ba0dbab1bd57560b:-7b50b7:139ac9823b1:-8000-0000000000000004> <1347231269517> <BEA-001129> <Received exception while creating connection for pool "EDNDataSource": ORA-28001: the password has expired
####<Sep 10, 2012 2:54:29 AM GST> <Info> <JDBC> <hostname > <wls_soa1> <DmsThread-1> <<anonymous>> <> <ba0dbab1bd57560b:-7b50b7:139ac9823b1:-8000-0000000000000004> <1347231269518> <BEA-001156> <Stack trace associated with message 001129 follows:
java.sql.SQLException: ORA-28001: the password has expired
<Sep 10, 2012 8:54:59 AM GST> <Warning> <JDBC> <BEA-001129> <Received exception while creating connection for pool "SOADataSource": ORA-28001: the password has expired
<Sep 10, 2012 8:54:54 AM GST> <Warning> <JDBC> <BEA-001129> <Received exception while creating connection for pool "SOALocalTxDataSource": ORA-28001: the password has expired
<Sep 10, 2012 8:54:50 AM GST> <Warning> <JDBC> <BEA-001129> <Received exception while creating connection for pool "oimOperationsDB": ORA-28001: the password has expired
<Sep 10, 2012 8:54:45 AM GST> <Warning> <JDBC> <BEA-001129> <Received exception while creating connection for pool "mds-owsm": ORA-28001: the password has expired
.>
####<Sep 10, 2012 5:54:18 AM GST> <Info> <JDBC> <hostname> <wls_oim1> <DmsThread-1> <<anonymous>> <> <ba0dbab1bd57560b:6d05bab5:139ac982dbd:-8000-0000000000000003> <1347242058362> <BEA-001156> <Stack trace associated with message 001129 follows:
java.sql.SQLException: ORA-28001: the password has expired
Caused By: oracle.mds.config.MDSConfigurationException: MDS-01330: unable to load MDS configuration document
MDS-01329: unable to load element "persistence-config"
MDS-01370: MetadataStore configuration for metadata-store-usage "MAR_TargetRepos" is invalid.
MDS-01377: Unable to get database connection from data source configured with JNDI name "jdbc/mds/MDS_REPOS".
weblogic.common.resourcepool.ResourceDeadException: 0:weblogic.common.ResourceException: Could not create pool connection. The DBMS driver exception was: ORA-28001: the password has expired
Check the wls_soa server for the password expiry
####<Sep 10, 2012 2:54:29 AM GST> <Warning> <JDBC> <hostname> <wls_soa1> <DmsThread-1> <<anonymous>> <> <ba0dbab1bd57560b:-7b50b7:139ac9823b1:-8000-0000000000000004> <1347231269517> <BEA-001129> <Received exception while creating connection for pool "EDNDataSource": ORA-28001: the password has expired
####<Sep 10, 2012 2:54:29 AM GST> <Info> <JDBC> <hostname > <wls_soa1> <DmsThread-1> <<anonymous>> <> <ba0dbab1bd57560b:-7b50b7:139ac9823b1:-8000-0000000000000004> <1347231269518> <BEA-001156> <Stack trace associated with message 001129 follows:
java.sql.SQLException: ORA-28001: the password has expired
<Sep 10, 2012 8:54:59 AM GST> <Warning> <JDBC> <BEA-001129> <Received exception while creating connection for pool "SOADataSource": ORA-28001: the password has expired
<Sep 10, 2012 8:54:54 AM GST> <Warning> <JDBC> <BEA-001129> <Received exception while creating connection for pool "SOALocalTxDataSource": ORA-28001: the password has expired
<Sep 10, 2012 8:54:50 AM GST> <Warning> <JDBC> <BEA-001129> <Received exception while creating connection for pool "oimOperationsDB": ORA-28001: the password has expired
<Sep 10, 2012 8:54:45 AM GST> <Warning> <JDBC> <BEA-001129> <Received exception while creating connection for pool "mds-owsm": ORA-28001: the password has expired
.>
Connect to the OAM database and by using the alter user command change the password for all the user which is expired
IF IT is expired and locked then you need to give the new password for that only expired give the same password don't change the password for all the user's change only for the OIM user and remaining you can use the same one
alter user FA_OIM identified by <password>;
SQL> select USERNAME,EXPIRY_DATE,LOCK_DATE,ACCOUNT_STATUS from dba_users
2 where username like '%FA%';
USERNAME EXPIRY_DA LOCK_DATE ACCOUNT_STATUS
------------------------------ --------- --------- --------------------------------
FA_SOAINFRA 09-MAR-13 OPEN
FA_OIM 09-MAR-13 OPEN
FA_MDS 09-MAR-13 OPEN
FA_IAU 25-AUG-12 OPEN
FA_OAM 09-MAR-13 OPEN
FA_IAU_VIEWER 25-AUG-12 OPEN
FA_IAU_APPEND 25-AUG-12 OPEN
FA_ORASDPM 09-MAR-13 OPEN
We need to change the password in the data source of the managed server login in into the idm weblogic console
navigate to services and to the data sources under the domain structure
Click the data source and select the data-sources to be modified with the password
Select the data source and the change to the Connection pool and go to the password section and reset the password the new password which is given in the database
save the configuration and repeat steps for second and third data source under the oim cluster
change the password for all three data source
We need to change the Password in the IDM EM also to take effect
navigate to the IDM domain and then click the IDM domain and then go the the security and Credentials
Navigate to the Credentials and go to oim and select the oim schema password
Edit the OidmSchemaPasswrord with the new password
once you change the password you will receive the conformation message
we need to change the password in the Mbean also to take effect
navigate to Configuration MBeans->Security->myrealmOIMAuthenticationProvider
Change the Password in the DBPassword
Restart the managed server's and admin server ...
Check the status of the managed server's after restarting
No comments:
Post a Comment