How to Unlock/Reset Super User cn=orcladmin When the ODS's Password Has Been Forgotten or is Unknown?

Solution

If the ODS password has been lost then follow steps 1-7:

1. Shutdown the OID processes

% opmnctl stopproc ias-component=OID

2. Verify that there is no OID process running

% ps -ef | grep -i oidmon
% ps -ef | grep -i oidldapd
% ps -ef | grep -i odisrv

3. Go to the $ORACLE_HOME/ldap/admin directory and rename the files oidpwdlldap1 and oidpwdrxxxx

where xxxx is the instance name

4. Login to the OID database via sqlplus as an user with DBA privileges (example. SYS or SYSTEM) and reset the ODS schema password:

SQL> alter user ods identified by password;

Note: replace password for the desirable value.

5. Verify that you are able to login to the database using following command.

% sqlplus ods/password@connect_string

Where connect_string is the alias defined in the tnsnames.ora to connect to the OID database.

6. Execute the oidpasswd command to recreate the files renamed in step 3

%oidpasswd connect=connect_string create_wallet=true

Note: To use in this step the same password defined in step 4.

7. Verify that the files renamed in step 3 have been recreated under $ORACLE_HOME/ldap/admin directory

8. If the orcladmin account is locked then use following command

% oidpasswd connect=connect_string unlock_su_acct=true

9. If the password for orcladmin needs to be changed then use following command

% oidpasswd connect=connect_string reset_su_password=true

10. Start the OID process

% opmnctl startproc ias-component=OID

11. Verify that the account orcladmin has been unlocked or that the password has been changed successfully

% $ORACLE_HOME/bin/ldapbind -p port -D cn=orcladmin -w passwd

For example:

$ORACLE_HOME/bin/ldapbind -p 389 -D cn=orcladmin -w welcome1