Sunday, June 15, 2014

No Password Expiration Date For OIM Schema

Oracle Database Version: 11g R2
Description: This post will show you how to setup the OIM Schema user to have no password expiration date. You've probably seen the following errors during OIM managed server start up:

[EL Severe]: 2014-06-15 19:55:22.713--ServerSession(514521790)--Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.3.1.v20111018-r10243): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLException: ORA-28001: the password has expired

Error Code: 28001
Jun 15, 2014 7:55:22 PM oracle.security.jps.internal.credstore.ldap.LdapCredentialStore <init>
WARNING: Could not create credential store instance. Reason oracle.security.jps.service.policystore.PolicyStoreException: javax.persistence.PersistenceException: Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.3.1.v20111018-r10243): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLException: ORA-28001: the password has expired

Error Code: 28001
JPS-01055: Could not create credential store instance. Reason oracle.security.jps.service.policystore.PolicyStoreException: javax.persistence.PersistenceException: Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.3.1.v20111018-r10243): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLException: ORA-28001: the password has expired

Error Code: 28001
Error: Diagnostics data was not saved to the credential store.
Error: Validate operation has failed.
Need to do the security configuration first!

The errors are caused by expired schema password and the OIM server will fail to start up.
Expired Schema Owner

After changing several database parameters that are responsible for password expiration and resolving expired accounts, you'll notice the accounts will have a NULL password expiration date. Thus, these accounts have no password expiration date.

No Password Expiration After Changing DB Parameters