Description: This post will show you how to setup the OIM Schema user to have no password expiration date. You've probably seen the following errors during OIM managed server start up:
[EL Severe]: 2014-06-15 19:55:22.713--ServerSession(514521790)--Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.3.1.v20111018-r10243): org.eclipse.persistence.exceptions.DatabaseException Internal Exception: java.sql.SQLException: ORA-28001: the password has expired Error Code: 28001 Jun 15, 2014 7:55:22 PM oracle.security.jps.internal.credstore.ldap.LdapCredentialStore <init> WARNING: Could not create credential store instance. Reason oracle.security.jps.service.policystore.PolicyStoreException: javax.persistence.PersistenceException: Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.3.1.v20111018-r10243): org.eclipse.persistence.exceptions.DatabaseException Internal Exception: java.sql.SQLException: ORA-28001: the password has expired Error Code: 28001 JPS-01055: Could not create credential store instance. Reason oracle.security.jps.service.policystore.PolicyStoreException: javax.persistence.PersistenceException: Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.3.1.v20111018-r10243): org.eclipse.persistence.exceptions.DatabaseException Internal Exception: java.sql.SQLException: ORA-28001: the password has expired Error Code: 28001 Error: Diagnostics data was not saved to the credential store. Error: Validate operation has failed. Need to do the security configuration first!
The errors are caused by expired schema password and the OIM server will fail to start up.
 |
| Expired Schema Owner |
After changing several database parameters that are responsible for password expiration and resolving expired accounts, you'll notice the accounts will have a NULL password expiration date. Thus, these accounts have no password expiration date.
 | |
| No Password Expiration After Changing DB Parameters |
Given below are some useful SQL queries related to password management. You must have database administrator privileges (E.g. SYS) to execute the following queries.
/*Check all account statuses and expiration date*/
SELECT username, account_status, expiry_date FROM dba_users ORDER BY expiry_date DESC;
/*Query parameters responsible for password expiration*/
SELECT * FROM dba_profiles WHERE profile ='DEFAULT' AND resource_name IN ('PASSWORD_LIFE_TIME', 'PASSWORD_GRACE_TIME');
/*Set parameters for no password expiration*/
ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED; /*Default Value: 180 days until password expiration*/
ALTER PROFILE DEFAULT LIMIT PASSWORD_GRACE_TIME UNLIMITED; /*Default Value: 7 days grace period to change password*/
/*Resolve Expired OIM, MDS, and OPSS Schema Password*/
/*ALTER USER [username] IDENTIFIED BY [new_password]*/
ALTER USER DEV_OIM IDENTIFIED BY Password1;
ALTER USER DEV_MDS IDENTIFIED BY Password1;
ALTER USER DEV_OPSS IDENTIFIED BY Password1;
No comments:
Post a Comment