BIEE SampleV207 OID密码过期解决办法(转自http://blog.csdn.net/lele5000)

以下内容转自:http://blog.csdn.net/lele5000,对其表示感谢大笑

今天遇到BIEE 11.1.1.6.2 SampleApplication V207(虚拟机)的内置OID用户(cn=orcladmin,cn=Users,dc=us,dc=oracle,dc=com)由于过期被锁定了的问题

错误如下:oracle.ods.virtualization.service.VirtualizationException: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 49 : [LDAP: error code 49 - Password Policy Error :9000: GSL_PWDEXPIRED_EXCP :Your Password has expired. Please contact the Administrator to change your password.]

 

普通用户

我们可以使用ldapmodify这个命令来修改该用户的密码,方法如下:

 

新建一个my.ldif文件保存到/home/oracle/Desktop下,内容如下:

dn: cn=orcladmin,cn=Users,dc=us,dc=oracle,dc=com
changetype: modify
replace: userpassword
userpassword: Admin123

然后执行如下命令:

$:cd /home/oracle/oid/Oracle_IDM1/bin

$:./ldapmodify -p 3060 -h localhost -D cn=orcladmin -q -v -f /home/oracle/Desktop/my.ldif

Please enter bind password: 
replace userpassword:
        Admin123
modifying entry cn=orcladmin,cn=Users,dc=us,dc=oracle,dc=com
modify complete

 修改完毕,下面测试一下

./ldapbind -h localhost -p 3060 -D cn=orcladmin,cn=Users,dc=us,dc=oracle,dc=com -w Admin123
bind successful

修改成功!

 

另外我们可以修改密码策略配置,加大过期时间

 

查看现有的password policy

$:cd /home/oracle/oid/Oracle_IDM1/bin

$:./ldapsearch -p 3060 -h localhost -b " " -s sub "(objectclass=pwdpolicy)" -D cn=orcladmin -w Admin123

 

cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext
pwdminlength=5
pwdmaxfailure=10
pwdmaxage=10368000
pwdlockoutduration=86400
pwdlockout=1
pwdexpirewarning=604800
pwdchecksyntax=1
orclpwdpolicyenable=1
orclpwdalphanumeric=1
objectclass=top
objectclass=pwdpolicy
cn=default
pwdfailurecountinterval=0
pwdgraceloginlimit=5
orclpwdminalphachars=0
orclpwdminspecialchars=0
orclpwdminuppercase=0
orclpwdminlowercase=0
orclpwdmaxrptchars=0
orclpwdencryptionenable=0

cn=repld,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext
pwdminlength=0
pwdmaxfailure=0
pwdmaxage=0
pwdlockoutduration=0
pwdlockout=0
pwdexpirewarning=0
pwdchecksyntax=0
orclpwdpolicyenable=1
orclpwdalphanumeric=0
objectclass=top
objectclass=pwdpolicy
cn=repld
pwdfailurecountinterval=0
pwdgraceloginlimit=5
orclpwdminalphachars=0
orclpwdminspecialchars=0
orclpwdminuppercase=0
orclpwdminlowercase=0
orclpwdmaxrptchars=0
orclpwdencryptionenable=0

cn=rocpolicy,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext
pwdminlength=5
pwdmaxfailure=10
pwdmaxage=10368000
pwdlockoutduration=86400
pwdlockout=1
pwdexpirewarning=604800
pwdchecksyntax=1
orclpwdpolicyenable=1
orclpwdalphanumeric=1
objectclass=top
objectclass=pwdpolicy
cn=rocpolicy
pwdfailurecountinterval=0
pwdgraceloginlimit=5
orclpwdminalphachars=0
orclpwdminspecialchars=0
orclpwdminuppercase=0
orclpwdminlowercase=0
orclpwdmaxrptchars=0
orclpwdencryptionenable=1

cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,dc=us,dc=oracle,dc=com
displayname=Password Policy for Realm dc=us,dc=oracle,dc=com
orclpwdminalphachars=0
pwdfailurecountinterval=0
orclpwdmaxrptchars=0
pwdlockoutduration=86400
objectclass=top
objectclass=pwdpolicy
pwdmaxfailure=10
orclpwdminuppercase=0
orclpwdencryptionenable=0
pwdminlength=5
orclpwdalphanumeric=1
cn=default
pwdlockout=1
pwdchecksyntax=1
orclpwdpolicyenable=1
pwdgraceloginlimit=5
pwdexpirewarning=604800
pwdmaxage=10368000
orclpwdminspecialchars=0
orclpwdminlowercase=0

我们只关心Password Policy for Realm dc=us,dc=oracle,dc=com这部分,可以看到pwdmaxage为10368000,也就是120天

5184000 = 60 days

7776000 = 90 days

10368000 = 120 days

15552000 = 180 days

31536000 = 1 year

 

假设我们想把pwdmaxage改成1年,方法如下:

新建一个my.ldif文件保存到/home/oracle/Desktop下,内容如下:

dn: cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,dc=us,dc=oracle,dc=com
changetype: modify
replace: pwdmaxage
pwdmaxage: 31536000

然后执行如下命令即可:

$:cd /home/oracle/oid/Oracle_IDM1/bin

$:./ldapmodify -p 3060 -h localhost -D cn=orcladmin -q -v -f /home/oracle/Desktop/my.ldif
Please enter bind password: 
replace pwdmaxage:
        31536000
modifying entry cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,dc=us,dc=oracle,dc=com
modify complete

 

 

 超级用户

另外,如果是OID的超级用户(cn=orcladmin)过期了,那么我们可以使用下面的方法来解锁

 

由于SampleApplication安装的是IDM,所以在解锁前我们需要设置几个环境变量:

 

export ORACLE_HOME=/home/oracle/oid/Oracle_IDM1/

export ORACLE_INSTANCE=/home/oracle/oid/bioid2/

export TNS_ADMIN=/home/oracle/app/oracle/product/11.2.0/dbhome_1/network/admin

 

由于SampleApplication虚拟机将数据库和IDM都安装在同一台机器上,默认的ORACLE_HOME是数据库的主目录,所以这里需要指向IDM的主目录,

另外由于更改了ORACLE_HOME那么也要同时将TNS_ADMIN的值进行更改,以便之后oidpasswd能找到TNS_ADMIN下的tnsnames.ora

 

设置好环境变量之后,就可以使用oidpasswd来解锁了

 

$:cd /home/oracle/oid/Oracle_IDM1/ldap/bin

$: ./oidpasswd connect=orcl unlock_su_acct=true

OID DB user password:

OID super user account unlocked successfully.

注:connect后面的orcl就是tnsnames.ora里的服务名,OID DB user password是安装IDM使用的数据库用户密码,在SampleApplication的部署文档中有说明,是Admin123

  

你可能感兴趣的:(BIEE SampleV207 OID密码过期解决办法(转自http://blog.csdn.net/lele5000))