Skip Headers
Oracle® Identity Management User Reference
10g Release 2 (10.1.2)
B15883-01
  Go To Documentation Library
Home
Go To Product List
Solution Area
Go To Table Of Contents
Contents
Go To Index
Index

Previous
Previous
Next
Next
 

3.1 oidpasswd

The Oracle Internet Directory Database Password Utility (oidpasswd) is used to:

3.1.1 Syntax for oidpasswd

oidpasswd [connect=connect_string] [change_oiddb_pwd=true | create_wallet=true | unlock_su_acct=true| reset_su_password=true | manage_su_acl=true]

3.1.2 Arguments for oidpasswd

connect=connect_string

Optional. The directory database connect string. If you already have a tnsnames.ora file configured, then this is the net service name specified in that file, which is located in $ORACLE_HOME/network/admin. If not provided, defaults to the value of $ORACLE_SID environment variable.

change_oiddb_pwd=true | unlock_su_acct=true | reset_su_password=true | manage_su_password=true

Required. The operation you want to perform. Depending on the operation you choose, the Oracle Internet Directory Database Password Utility will prompt you for additional information. The following choices are available:

  • change_oiddb_pwd=true - Changes the password to the Oracle Internet Directory database. You will be prompted to provide the current database password, enter a new database password, and confirm the new password.

  • create_wallet=true - Create a wallet named oidpwdlldap1 for the Oracle Internet Directory database password, and a wallet, named oidpwdrsid, for the Oracle directory replication server password.

    The sid is obtained not from the environment variable SID but from the connected database.

    You need to provide the ODS password to authenticate yourself to the ODS database before the ODS wallet can be generated. Note that the default ODS password is the same as that for the Oracle Application Server administrator.

  • unlock_su_acct=true - Unlocks a super user account that has been locked.

  • reset_su_password=true - Resets the password for the Oracle Internet Directory super user account. You will be prompted to provide the Oracle Internet Directory database password, enter a new super user password, and confirm the new super user password.

  • manage_su_acl=true - Manages the restricted super user ACL.

3.1.3 Tasks and Examples for oidpasswd

Using Oracle Internet Directory Database Password Utility, you can perform the following tasks:

3.1.3.1 Changing the Password to the Oracle Internet Directory Database

The following example shows how to change the Oracle Internet Directory database password, assuming the database in on the same machine.

Example:

oidpasswd
current password: oldpassword
new password: newpassword
confirm password: newpassword
password set.

The Oracle Internet Directory Database Password Utility prompts you for the current password. Type the current password, then the new password, then a confirmation of the new password.

The utility assumes by default that the password being changed is that of the local database (as defined by ORACLE_HOME and ORACLE_SID). If you are changing the password on a remote database, you must use the connect=connect_string option.


Note:

  • User responses are not echoed to the screen when you enter a password.

  • Whenever you change the password to the Oracle Internet Directory database by using the OID Database Password Utility, you should also run the oidemdpasswd utility. This enables the Oracle Enterprise Manager Daemon (a component of Oracle Enterprise Manager) to properly cache that password and contact the ODS schema upon starting up. Once you have run the oidemdpasswd utility, you can monitor Oracle Internet Directory processes from the Oracle Enterprise Manager.


3.1.3.2 Creating Wallets for Oracle Internet Directory Database and Oracle Directory Replication Server Passwords

The following example shows how to create wallets for the Oracle Internet Directory database password and the Directory Replication server password.

Example:

oidpasswd connect=dbs1 create_wallet=true 

The argument create_wallet=true is mandatory in this case. Except for the connect string, no other option can be specified.

3.1.3.3 Unlocking the Super User Account

The following example shows how to unlock the Oracle Internet Directory super user account, cn=orcladmin.

Example:

oidpasswd connect=dbs1 unlock_su_acct=true

The argument unlock_su_acct is mandatory. Except for connect string, no other option can be specified.

3.1.3.4 Resetting the Super User Password

If you forget the Oracle Internet Directory super user password, you can use the oidpasswd tool to reset it. You must provide the Oracle Internet Directory database password. When you first install Oracle Internet Directory, the super user password and Oracle Internet Directory database password are the same. After installation, however, you can change the Oracle Internet Directory super user password using ldapmodify. You can change the Oracle Internet Directory super user password using the oidpasswd tool separately.

The following example shows how to reset the Oracle Internet Directory super user password. The oidpasswd tool prompts you for the Oracle Internet Directory database password.

Example:

oidpasswd connect=dbs1 reset_su_password=true
OID DB user password: oid_db_password
        	password: new_su_password
confirm password: new_su_password
OID super user password reset successfully

3.1.3.5 Managing Super User Access Control Points

When an access control point (ACP) is set with an access control item (ACI) that has the keyword DenyGroupOverride, neither the Oracle Internet Directory super user nor members of DirectoryAdminGroup can access the subtree under that ACP. If necessary, you can use the oidpasswd tool to reset that ACP so that the subtree is accessible by the Oracle Internet Directory super user.

The following example shows how to reset a restricted ACP. The oidpasswd utility prompts you to enter the Oracle Internet Directory database password and to choose which super user restricted ACPs to reset.

Example:

oidpasswd conn=dbs1 manage_su_acl=true
OID DB user password: oid_db_password

The super user restricted ACP list
[1] o=oracle,c=us
[2] ou=personnel,o=oracle,c=us

Enter 'resetall' or the number(s) of the ACP to be reset separated by [,]
resetall

Once you have reset some ACPs so that the super user can access them, you can use ldapmodify to make the subtrees inaccessible to the super user again.

3.1.4 Related Command-Line Tools for oidpasswd