OID 11g Down : Unable to Start OID 11g using OPMN (ODS schema locked ORA-28002)
This post covers OID 11g start-up issue caused by password policy in OID database .
OID 11g : Oracle Internet Directory is LDAP (Lightweight Directory Access Protocol) compliant directory server with Oracle Database as repository and managed via OPMN (Oracle Process Manager and Notification) . For step by step installation on OID 11g click here
MW_HOME : This is directory under which you install WebLogic & Oracle Identity Management Product (OID, OVD, DIP, OIM, OAM, OIF ….). MW_HOME is created during weblogic installation.
ORACLE_HOME : This is directory under MW_HOME (usually MW_HOME/Oracle_IDM1) which contains software/binaries for OID/OVD/OIF/…
ORACLE_INSTANCE: This is directory (usually under $MW_HOME/asinst_1 but can be even outside MW_HOME) which contains runtime configuration file and log file .
.
Things good to know for OID
1.OID consist of middle tier processes oidldapd, oidmon process and Oracle Database as repository.
2. opmnctl (part of OPMN) is used to start/stop and manage OID 11g
3. OID 11g uses OIDDB (as tns alias) from $ORACLE_INSTANCE/config/tnsnames.ora
4. OID schema name is ODS
5. OID status is stored in ods_process_status table in ODS schema
6. OID 11g logs are in $ORACLE_INSTANCE/diagnostics/logs/OID/[oid1]/oidXXXXX.log
7. OID Middle Tier Processes connect to database (ODS schema) using password in $ORACLE_INSTANCE/OID/admin/oidpwdXXXXXX
8. Default Database Schema Password expiration policy in 11g database is 180 days (Change this database password policy or reset ODS & ODDSM password in database every 179 days)
9. Use Enterprise Manager ( /em) or $ORACLE_HOME/ldap/bin/oidpasswd to change ODS schema password.
10. OID schema (ODS) in grace period (PASSWORD_LIFE_TIME set to 180 days in database) will prevent OID start-up.
11. It is possible to install OID 11g without weblogic with NO ODSM & DIP (ODSM and DIP are J2EE application deployed on WebLogic Server)
.
Troubleshoot OID startup Issues
1. Check status of OID using “opmnctl status” or in ods.ods_process_status table. (If you are not sure about database location check $ORACLE_INSTANCE/config/tnsnames.ora on OID node)
____________
opmnctl status
Processes in Instance: asinst_1
———————————+——————–+———+———
ias-component | process-type | pid | status
———————————+——————–+———+———
ovd1 | OVD | 11843 | Alive
oid1 | oidldapd | N/A | Down
oid1 | oidldapd | N/A | Down
oid1 | oidmon | N/A | Down
EMAGENT | EMAGENT | 11844 | Alive
.
2. Look for error messages in OID log location $MW_HOME/[asinst_1]/diagnostics/logs/OID/[oid1]/oidmonXXXXX.log
In my case ODS schema password expired at it was account was in grace period
______________
[2010-09-12T10:03:09+01:00] [OID] [NOTIFICATION:16] [] [OIDMON] [host: XXXXXX] [pid: 8226] [tid: 0] Guardian: Connecting to database, connect string is oiddb
[2010-09-12T10:03:10+01:00] [OID] [NOTIFICATION:16] [] [OIDMON] [host: XXXXXXX] [pid: 8226] [tid: 0] Guardian: [gsdsiConnect]ORA-28002, ORA-28002: the password will expire within 7 days
[2010-09-12T10:03:10+01:00] [OID] [NOTIFICATION:16] [] [OIDMON] [host: xxxxxxxx] [pid: 8226] [tid: 0] Guardian: [oidmon]: Unable to connect to database,
will retry again after 10 sec
______________
3. Verify account status from database
SQL> select * from dba_users where username like ‘ODS’;
ODS 42
EXPIRED(GRACE) 19-SEP-10
OLTS_DEFAULT TEMP 05-MAR-10
DEFAULT DEFAULT_CONSUMER_GROUP
10G 11G N
.
Fix : Reset password using oidpasswd
1.export ORACLE_HOME=/oracle/apps/Middleware/Oracle_IDM1 (Change location as per your ORACLE_HOME)
2. On database reset password of ODS schema –
SQL>alter user ods identified by [new_password];
Check password column, it should not be locked or expired
SQL>select * from dba_users where username like ‘ODS’;
2. $ORACLE_HOME/ldap/bin/oidpasswd connect=OIDDB change_oiddb_pwd=true
current password : [password updated using sqlplus command] new password : [new password] new password : [new password]
Replication password file exists
password set
This command will reset password in database (ods schema) and middle tieon OID node ( $ORACLE_INSTANCE/OID/admin/oidpwdXXXXXX )
Now start OID using opmnctl
.
Q: How to reset ODS/ODSSM database profile from lock after 180 days to no lock ?
SQL> ALTER PROFILE ODS LIMIT PASSWORD_LIFE_TIME UNLIMITED;
SQL> ALTER PROFILE ODSSM LIMIT PASSWORD_LIFE_TIME UNLIMITED;
.
Related/References
- How to change OID Database Password
- 1064334.1 – OID does not start, log shows ORA-28002 the password will expire
- 1134954.1 – Error in Managed WebLogic Server Log – ORA-28001: the password has expired