Monday, August 1, 2016

Apps DN Password Expired


To provide an update on AppsDN password expiration in applications environments, and whether the AppsDN password can be set to never expire.

 Applicable OID 11.1.1.7.0  & OAM 11.1.2.3.1 Versions

 Error:
Unable to Call fnd_ldap_wrapper.create_user due to following reason.
ORA-20001: The LDAP APPS DN 
"orclApplicationCommonName=test,cn=EBusiness,cn=Products,cn=OracleContext,dc=com"
password has expired. Please contact the administrator to change the Password.
(USER_NAME=SCTEST101)
Check the original password in two different ways:

 Using the query from DB:

SQL> select fnd_preference.eget('#INTERNAL', 'LDAP_SYNCH','EPWD','LDAP_PWD') Apps_Password from dual;

APPS_PASSWORD
--------------------------------------------------------------------------------

 welcome123
Confirm whether it is working / expired.
Source the OID env

 $ldapbind -h host -p <ldapPort> -D  "orclApplicationCommonName=test,cn=ebusiness,cn=products,cn=oraclecontext,dc=com" -w welcome123

 bind successful


If the password expired and if you do not want to change password, you can follow below procedure to unlock the password.


Login into ODSM > Navigate to the Subtree till the Dn > "orclApplicationCommonName=test,cn=ebusiness,cn=products,cn=oraclecontext,dc=com" >
(The order is recursive here)




Click on Manage Attributes > Show all > Goto the Bottom 
You will see Update Password > Enter same password > "welcome123"



Retest the issue.

You can also disable to password expiration to the subtree or Extend the password lock time.

Login into ODSM > Navigate to Security > Password Policy > Check the Effective Subtree for the respective policy "cn=default"


Now Goto General, Change the Password Expire time to "0" to disable

    5184000 = 60 days (default)
    7776000 = 90 days 
    10368000 = 120 days 
    15552000 = 180 days 
    31536000 = 1 year



If you want to create separate policy for each user or for a separate sub tree please refer here:
How To Avoid the AppsDN Account Password From Expiring, and Steps to Create a Password Policy to Ensure AppsDN Account Password Never Expires (Doc ID 2148811.1)

 Best Regards,
Srikanth
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)