You should use the "oidpasswd" utility to unlock the orcladmin account. Do not confuse this account with the default realm administrator "cn=orcladmin,cn=users,dc=xxxxx,dc=yyyyy".
1. Unlock the orcladmin
$ oidpasswd connect=your-database-sid unlock_su_acct=true
OID DB user password:
OID super user account unlocked successfully.
This unlocks the OID Super User account, cn=orcladmin ONLY. They are two separate accounts. After resetting the orcladmin super user account, you will still not be able to login to SSO using the orcladmin account until you perform the next step.
2. Launch the Oracle Directory Manager:
On unix: run the oidadmin command
On Windows: Start/Programs/Oracle AS10g/Integrated Management Tools/Oracle Directory Manager
Note: the ODM tool must be a 10g client.
login as orcladmin i.e superuser
Using the left menu tree, navigate to Password Policy Management. You will see TWO entries:
cn=PwdPolicyEntry
Password Policy for Realm
3. Edit each of these and change the Password Expiry Time (pwdmaxage) to an appropriate value
5184000 = 60 days (default)
7776000 = 90 days
10368000 = 120 days
15552000 = 180 days
31536000 = 1 year
999999999 = never expire
4. Launch the Oracle Directory Manager and navigate to the realm specific orcladmin account... Entry Management > your_realm > cn=Users where all the users a
re located. Click on the + next to cn=Users. The list is in alphabetical order.
Locate the cn=orcladmin entry. Find the userpassword attribute and reset the value.
5. Try the ldapbind again.
$ldapbind -p 13061 -D cn=orcladmin,cn=Users,dc=organization,dc=gov -w xxxxxxx7orcl
bind successful
$ldapbind -p 13061 -D cn=orcladmin -w xxxxxxx7ias
bind successful
6. Know after testing all binding is successful you can add an entry to OID.
Note#
Changing the Oracle Internet Directory Database Password
===============================================================
The Oracle Internet Directory uses a password when connecting to its own designated Oracle database.
The default for this password when you install Oracle Internet Directory is the same as that for the Oracle Fusion Middleware administrator. You can change this password by using oidpasswd.
The following example shows how to change the Oracle Internet Directory database password,
assuming the database in on the same machine.
oidpasswd connect=dbs1 change_oiddb_pwd=true
current password: oldpassword
new password: newpassword
confirm password: newpassword
password set.
Resetting the Superuser Password
==================================
If you forget the Oracle Internet Directory superuser (cn=orcladmin) password, you can
use the oidpasswd tool to reset it. You must provide the Oracle Internet Directory database password.
When you first install Oracle Internet Directory, the superuser password and Oracle Internet Directory database
password are the same. After installation, however, you can change the Oracle Internet Directory superuser password using ldapmodify.
If you forget the Oracle Internet Directory superuser password, you can reset it using the oidpasswd tool separately.
The following example shows how to reset the Oracle Internet Directory superuser password.
The oidpasswd tool prompts you for the Oracle Internet Directory database password.
Example:
oidpasswd connect=dbs1 reset_su_password=true
OID DB user password: oid_db_password
password: new_su_password
confirm password: new_su_password
OID superuser password reset successfully
