Unlocking orcladmin

Hi Everyone!!

Here is a piece of information to unlock OID super user orcladmin.
One of my dba had tried too many times running ldapsearch with wrong password caused orcladmin account to be locked.

myhost> ldapsearch -h myhost.mydomain.com -p 389 -b cn=slakshma,cn=users,dc=mydoamin,dc= com -D cn=orcladmin -w secretpwd -s sub "objectclass=*"
ldap_bind: DSA is unwilling to perform
ldap_bind: additional info: Password Policy Error :9001: cn=orcladmin : Your account is locked. Please contact the Administrator.
myhost>

I ran oidpasswd utility from OID mid tier $ORACLE_HOME/bin

myhost> oidpasswd connect=OIDDB unlock_su_acct=true
OID DB user password:****
OID super user account unlocked successfully.
myhost>

After unlock I was successfully able to run ldapsearch command.

myhost> ldapsearch -h myhost.mydomain.com -p 389 -b cn=slakshma,cn=users,dc=mydomain,dc=com -D cn=orcladmin -w secretpwd -s sub "objectclass=*"
cn=slakshma, cn=users,dc=sun,dc=com
sn=lakshmanan
uid=SLAKSHMA@MYDOMAIN.COM
givenname=SURESH
description=SURESH LAKSHMANAN
mail=SLAKSHMA@MYDOMAIN.COM
orclactivestartdate=20071203000000z
orclisenabled=ENABLED
cn=SLAKSHMA@MYDOMAIN.COM
objectclass=orclUserProvStatus
objectclass=inetOrgPerson
objectclass=orclUserV2
objectclass=organizationalPerson
objectclass=top
objectclass=person
krbprincipalname=uid=slakshma@mydomain.com,ou=people,o=self_registered_users,dc=mydomain,dc=com
orcluserprovfailurecount;wireless_wireless=0
orcluserapplnprovstatusdesc;wireless_wireless=1244050432398_PROVISIONING_SUCCESSFUL
orcluserapplnprovstatus;wireless_wireless=PROVISIONING_SUCCESSFUL
myhost>

12 comments:

nabeelhassan said...

very nice blog
it was impressive
:)

Indira Karnati said...

Suresh, oidpasswd will be there in $ORACLE_HOME/ldap/bin. You want to correct your post.

Indira.

Indira Karnati said...

Suresh,

Good job on maintaining the blog with good articles.

oidpasswd will be there in $ORACLE_HOME/ldap/bin. You want to correct your post.

Indira.

Indira Karnati said...

Suresh,

Good job on maintaining the blog with good articles.

oidpasswd will be there in $ORACLE_HOME/ldap/bin. You want to correct your post.

Indira.

Suresh Lakshmanan said...

Hi Indira,

Thanks for the comment.
sorry for the late reply. Had no access to internet. I will not be able to change the post as changing will cause another email to readers.

It is a good comment, it will be with comment section.

Thanks
Suresh

mariola said...

Hi Suresh,
Good job!!,... what happens if orcladmin becomes locked because some user is trying to connect n-times with orcladmin but with incorrect password?? How can stablish the IP of this computer (for cut one hand,...hahaha).
And how can disable "locked" parameter,... and disable the possibility of hand off my system.

Thanks... and Best Regards from Barcelona !!!
Mariola.

Suresh Lakshmanan said...

Hi Mariola,

thanks for the comment. good question !! allowing only few IP's for changing orcladmin password. I do not have answer, Oracle support should be able to give answer for that.

Thanks
Suresh

Jayaprakash DuraisamyPalaniammal said...

Hi, Very nice command

Daniel Cruz Garcia said...

Hi all, regards from México, I have a question,

What OID DB user ??

Sys, system, other ??

Suresh Lakshmanan said...

Daniel,

it is OIDDB .

suresh

Anonymous said...

Thank you very much!

sachin nethi said...

After unlocking the user (cn=orcladmin) using above steps, it is working fine but after 10 min automatically cn=orcladmin is getting locked.