Hey everyone,
Today III give you a good tip on how to unlock superuser orcladmin into OID 11g version.
1)First of all the behavior, doing a simple ldapsearch:
[oracle@thiagoleoncioserver ~]$ ldapsearch -p 3060 -D cn=orcladmin -w **** -b "" -s base "(objectclass=*)"
ldap_bind: DSA is unwilling to perform
ldap_bind: additional info: Password Policy Error :9001: cn=orcladmin : Your account is locked. Contact your OID administrator.
2) Then let's unlock this guy. Go to [$ORACLE_HOME]/ldap/bin and run command oidpasswd as below:
./oidpasswd connect=OIDDBInstance unlock_su_acct=true
OID super user account unlocked successfully.
NOTE: this connect parameter is the OID DB Instance that you have for your Pmon("Process Monitor") ldap.
3)Then, after successfully unlock it, try to bind your superuser again, as below:
ldapbind -p 3060 -D "cn=orcladmin" -w *****
bind successful
That's it! I hope it helps you,
THiago Leoncio.
Sunday, August 11, 2013
Sunday, August 4, 2013
How to include or exclude encryption into OID pwd policies
Hi everybody,
Today III show you more about OID pwd policies.
1-Check if it is encrypted:
[oracle@thiagoserver ~]$ ldapsearch -p 6501 -D cn=orcladmin -w ***** -b " " "uid=superthiagoleoncio" userpassword
Return:
cn=superthiagoleoncio,cn=Users,dc=thiago,dc=leoncio,dc=com
userpassword={SSHA}X9+5VDn2cjY/i81Sg4A4tzoDWymWxzi6crMzYA==
2-Check policy related:
ldapsearch -p 3060 -q -D "cn=orcladmin" -b "cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,dc=thiago,dc=leoncio,dc=com" -s base "objectclass=*" orclpwdencryptionenable
Return:
orclpwdencryptionenable=1
3-To decrypt run this ldapmodify command:
ldapmodify -p 3060 -D cn=orcladmin -w ***** <<EOF
dn: cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,dc=thiago,dc=leoncio,dc=com
changetype: modify
replace: orclpwdencryptionenable
orclpwdencryptionenable: 0
EOF
4-then search the userpwssword again
[oracle@thiagoserver ~]$ ldapsearch -p 6501 -D cn=orcladmin -w ***** -b " " "uid=superthiagoleoncio" userpassword
Return:
cn=superthiagoleoncio,cn=Users,dc=thiago,dc=leoncio,dc=com
userpassword=blablabla12345
NOTE: Alternatively, if you are doing encryption(orclpwdencryptionenable=1), if users were provisioned before you set orclpwdencryptionenable,
all users must reset their user passwords to trigger the generation of the encrypted value.
I hope this article will be helpful for you guys,
Thiago Leoncio.
Today III show you more about OID pwd policies.
1-Check if it is encrypted:
[oracle@thiagoserver ~]$ ldapsearch -p 6501 -D cn=orcladmin -w ***** -b " " "uid=superthiagoleoncio" userpassword
Return:
cn=superthiagoleoncio,cn=Users,dc=thiago,dc=leoncio,dc=com
userpassword={SSHA}X9+5VDn2cjY/i81Sg4A4tzoDWymWxzi6crMzYA==
2-Check policy related:
ldapsearch -p 3060 -q -D "cn=orcladmin" -b "cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,dc=thiago,dc=leoncio,dc=com" -s base "objectclass=*" orclpwdencryptionenable
Return:
orclpwdencryptionenable=1
3-To decrypt run this ldapmodify command:
ldapmodify -p 3060 -D cn=orcladmin -w ***** <<EOF
dn: cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,dc=thiago,dc=leoncio,dc=com
changetype: modify
replace: orclpwdencryptionenable
orclpwdencryptionenable: 0
EOF
4-then search the userpwssword again
[oracle@thiagoserver ~]$ ldapsearch -p 6501 -D cn=orcladmin -w ***** -b " " "uid=superthiagoleoncio" userpassword
Return:
cn=superthiagoleoncio,cn=Users,dc=thiago,dc=leoncio,dc=com
userpassword=blablabla12345
NOTE: Alternatively, if you are doing encryption(orclpwdencryptionenable=1), if users were provisioned before you set orclpwdencryptionenable,
all users must reset their user passwords to trigger the generation of the encrypted value.
I hope this article will be helpful for you guys,
Thiago Leoncio.
Subscribe to:
Posts (Atom)