Biee samplev207 OID Password Expiration solution from http://blog.csdn.net/lele5000)

Please refer to the following link for more information: http://blog.csdn.net/lele5000.

Today we met biee 11.1.1.6.2 sampleapplication v207 (Virtual Machine) built-in OID users (CN = orcladmin, Cn = users, Dc = us, Dc = Oracle, Dc = com) locked due to expiration

The error is as follows: Oracle. ODS. virtualization. service. virtualizationexception: Oracle. ODS. virtualization. engine. util. directoryexception: LDAP error 49: [LDAP: Error Code 49-Password Policy error: 9000: gsl_pwdexpired_excp: Your password has expired. please contact the Administrator to change your password.]

 

Common User

You can use the ldapmodify command to modify the password of the user as follows:

 

Create a new my. ldif file and save it to/home/Oracle/desktop. The content is as follows:

DN: Cn = orcladmin, Cn = users, Dc = us, Dc = Oracle, Dc = com
Changetype: Modify
Replace: userpassword
Userpassword: admin123

Run the following command:

$: CD/home/Oracle/OID/oracle_idm1/bin

$:./Ldapmodify-P 3060-H localhost-D Cn = orcladmin-Q-v-f/home/Oracle/desktop/My. ldif

Please enter bind password:
Replace userpassword:
Admin123
Modifying entry Cn = orcladmin, Cn = users, Dc = us, Dc = Oracle, Dc = com
Modify complete

After the modification is completed, test the following:

./Ldapbind-H localhost-P 3060-D Cn = orcladmin, Cn = users, Dc = us, Dc = Oracle, Dc = com-W admin123
Bind successful

Modified successfully!

 

In addition, we can modify the password policy configuration to increase the expiration time.

 

View existing password policy

$: CD/home/Oracle/OID/oracle_idm1/bin

$:./Ldapsearch-P 3060-H localhost-B ""-S Sub "(objectclass = pwdpolicy)"-D Cn = orcladmin-W admin123

 

CN = default, Cn = pwdpolicies, Cn = Common, Cn = products, Cn = oraclecontext
Pwdminlength = 5
Pwdmaxfailure = 10
Pwdmaxage = 10368000
Pwdlockoutduration = 86400
Pwdlockout = 1
Pwdexpirewarning = 604800
Pwdchecksyntax = 1
Orclpwdpolicyenable = 1
Orclpwdalphanumeric = 1
Objectclass = Top
Objectclass = pwdpolicy
CN = default
Pwdfailurecountinterval = 0
Pwdgraceloginlimit = 5
Orclpwdminalphachars = 0
Orclpwdminspecialchars = 0
Orclpwdminuppercase = 0
Orclpwdminlowercase = 0
Orclpwdmaxrptchars = 0
Orclpwdencryptionenable = 0

CN = repld, Cn = pwdpolicies, Cn = Common, Cn = products, Cn = oraclecontext
Pwdminlength = 0
Pwdmaxfailure = 0
Pwdmaxage = 0
Pwdlockoutduration = 0
Pwdlockout = 0
Pwdexpirewarning = 0
Pwdchecksyntax = 0
Orclpwdpolicyenable = 1
Orclpwdalphanumeric = 0
Objectclass = Top
Objectclass = pwdpolicy
CN = repld
Pwdfailurecountinterval = 0
Pwdgraceloginlimit = 5
Orclpwdminalphachars = 0
Orclpwdminspecialchars = 0
Orclpwdminuppercase = 0
Orclpwdminlowercase = 0
Orclpwdmaxrptchars = 0
Orclpwdencryptionenable = 0

CN = rocpolicy, Cn = pwdpolicies, Cn = Common, Cn = products, Cn = oraclecontext
Pwdminlength = 5
Pwdmaxfailure = 10
Pwdmaxage = 10368000
Pwdlockoutduration = 86400
Pwdlockout = 1
Pwdexpirewarning = 604800
Pwdchecksyntax = 1
Orclpwdpolicyenable = 1
Orclpwdalphanumeric = 1
Objectclass = Top
Objectclass = pwdpolicy
CN = rocpolicy
Pwdfailurecountinterval = 0
Pwdgraceloginlimit = 5
Orclpwdminalphachars = 0
Orclpwdminspecialchars = 0
Orclpwdminuppercase = 0
Orclpwdminlowercase = 0
Orclpwdmaxrptchars = 0
Orclpwdencryptionenable = 1

CN = default, Cn = pwdpolicies, Cn = Common, Cn = products, Cn = oraclecontext, Dc = us, Dc = Oracle, Dc = com
Displayname = password policy for realm Dc = us, Dc = Oracle, Dc = com
Orclpwdminalphachars = 0
Pwdfailurecountinterval = 0
Orclpwdmaxrptchars = 0
Pwdlockoutduration = 86400
Objectclass = Top
Objectclass = pwdpolicy
Pwdmaxfailure = 10
Orclpwdminuppercase = 0
Orclpwdencryptionenable = 0
Pwdminlength = 5
Orclpwdalphanumeric = 1
CN = default
Pwdlockout = 1
Pwdchecksyntax = 1
Orclpwdpolicyenable = 1
Pwdgraceloginlimit = 5
Pwdexpirewarning = 604800
Pwdmaxage = 10368000
Orclpwdminspecialchars = 0
Orclpwdminlowercase = 0

We only care about password policy for realm Dc = us, Dc = Oracle, Dc = com. We can see that pwdmaxage is 10368000, that is, 120 days.

5184000 = 60 days

7776000 = 90 days

10368000 = 120 days

15552000 = 180 days

31536000 = 1 year

 

Suppose we want to change pwdmaxage to one year. The method is as follows:

Create a new my. ldif file and save it to/home/Oracle/desktop. The content is as follows:

DN: Cn = default, Cn = pwdpolicies, Cn = Common, Cn = products, Cn = oraclecontext, Dc = us, Dc = Oracle, Dc = com
Changetype: Modify
Replace: pwdmaxage
Pwdmaxage: 31536000

Run the following command:

$: CD/home/Oracle/OID/oracle_idm1/bin

$:./Ldapmodify-P 3060-H localhost-D Cn = orcladmin-Q-v-f/home/Oracle/desktop/My. ldif
Please enter bind password:
Replace pwdmaxage:
31536000
Modifying entry Cn = default, Cn = pwdpolicies, Cn = Common, Cn = products, Cn = oraclecontext, Dc = us, Dc = Oracle, Dc = com
Modify complete

 

 

Superuser

In addition, if the super user (CN = orcladmin) of the oId expires, we can use the following method to unlock it.

 

Because sampleapplication is installed with IDM, we need to set several environment variables before unlocking:

 

Export ORACLE_HOME =/home/Oracle/OID/oracle_idm1/

Export oracle_instance =/home/Oracle/OID/bioid2/

Export tns_admin =/home/Oracle/APP/Oracle/product/11.2.0/dbhome_1/Network/admin

 

Because the sampleapplication virtual machine installs the database and IDM on the same machine, the default ORACLE_HOME is the home directory of the database, so you need to point to the Home Directory of IDM,

In addition, because ORACLE_HOME is changed, the value of tns_admin must be changed at the same time, so that the oidpasswd can find tnsnames. ora under tns_admin.

 

After setting environment variables, you can use oidpasswd to unlock them.

 

$: CD/home/Oracle/OID/oracle_idm1/ldap/bin

$:./Oidpasswd connect = orcl unlock_su_acct = true

Oid dB user password:

Oid Super User Account unlocked successfully.

Note: The orcl after connect is the service name in tnsnames. ora. The OID dB user password is the database user password used to install IDM. It is described in the deployment document of sampleapplication and admin123.