|
| Changing the ODS schema password in OAS !!!!! |
| Monday, September 7, 2009 |
OID Database Schema Owner
The Oracle Internet Directory runs on an Oracle database and creates two database users: ODS and ODSCOMMON. ODS is the schema owner that contains all of the database objects (tables, views, objects, etc.) used for OID functionality and directory storage. When the OID needs to login to the database, it uses the ODS database account which has a default password of ODS. You should secure this database user account before putting the LDAP directory into production.
1. Change the ODS password to the desired value, and create the new wallet:
oidpasswd connect= change_oiddb_pwd=true
oidpasswd connect= create_wallet=true
2. Restart OID:
opmnctl stopproc process-type=OID
opmnctl status
opmnctl startproc process-type=OID
3. Change the password in Enterprise Manager:
1. Login to EM
2. Click Targets tab > Click All Targets tab
3. Find the Name reported in the emagent.trc file (e.g., 10_1_2_portoidd.libby.oracle.com_LDAP) > click on it
4. Click Monitoring Configuration at the bottom right
5. Enter:
Username = ods
Password =
Using the OID Database Password Utility
The DBA can change this password by using the OID Database Password Utility (included with the OID installation). The following example uses this utility to change the database password for ODS:
# $ORACLE_HOME/bin/oidpasswd
current password: ods
new password: new_secret_password
confirm password: new_secret_password
password set.
How oidpasswd Works
The oidpasswd utility connects as the ODSCOMMON user and uses the role ODS_SERVER with the original password to perform the following:
1. Changes the password for the ODS user for the OID schema database.
2. Updates the SYSTEM.ODSINSTANCES table with the new, encrypted password for ODS.
3. Changes the password for the ODS_SERVER role to the new password.
4. Updates the $ORACLE_HOME/ldap/admin/oidpwdr file with the encrypted password.
NOTE: Some Oracle OID patches and scripts may assume the user ODS/ODS. It is advised to change the password for ODS back to its default of ODS during application of patches or when running OID scripts.
But what about ODSCOMMON?
When connecting to the database schema, the OID executables, such as oidctl or oidldapd servers connect as the database user ODSCOMMON. The password for ODSCOMMON is ODSCOMMON, and that password cannot be changed. It is hardcoded in the executables and changing it on the database level will cause an ORA-01017 error. There is no security risk, however, not being able to change the ODSCOMMON password, as it has only CONNECT privilege. Once connected as ODSCOMMON, the executable will obtain the privileges it needs via the role ODS_SERVER, which is protected by the ODS password. The password is obtained by the executable from the SYSTEM.ODSINSTANCES table. This is the password encrypted and set by the oidpasswd utility.
Reference :
Note 316177.1 |
posted by Jaswinder Singh @ 7:52 PM   |
|
| 1 Comments: |
-
The next group of iasdb schemas includes those that are registered in OID. Because the OID manages the passwords for these schemas, you should never attempt to alter any of these schema owner passwords with the alter user command. Instead, you should use the OEM facility for changing these passwords. When using OEM to alter these passwords, OEM will change the password inside the iasdb database and also update the appropriate OID system tables.
|
| |
| << Home |
| |
|
|
|
|
The next group of iasdb schemas includes those that are registered in OID. Because the OID manages the passwords for these schemas, you should never attempt to alter any of these schema owner passwords with the alter user command. Instead, you should use the OEM facility for changing these passwords. When using OEM to alter these passwords, OEM will change the password inside the iasdb database and also update the appropriate OID system tables.