Because Oracle has put reasonable security limits into the default profile of the 11g database, when the OIM RCU runs it put the schema accounts into the default profile. These account passwords will expire if you do not explicitly set them to not expire. Assuming a Prefix of EDG the procedure will look like this:
$ sqlplus / as sysdba
SQL> CREATE PROFILE SERVICE_ACCOUNT
2 LIMIT PASSWORD_LIFE_TIME UNLIMITED
3 FAILED_LOGIN_ATTEMPTS UNLIMITED;
Profile created.
SQL> ALTER USER EDG_MDS PROFILE SERVICE_ACCOUNT;
User altered.
SQL> ALTER USER EDG_OIM PROFILE SERVICE_ACCOUNT;
User altered.
SQL> ALTER USER EDG_SOAINFRA PROFILE SERVICE_ACCOUNT;
User altered.
SQL> ALTER USER EDG_OPSS PROFILE SERVICE_ACCOUNT;
User altered.
SQL> ALTER USER EDG_ORASDPM PROFILE SERVICE_ACCOUNT;
User altered.
If the user passwords are due to or already have expired, go through all 5 of them (as sysdba) and re-set the password by entering (example for user EDG_OIM):
SQL> ALTER USER EDG_OIM IDENTIFIED BY <password>
Where <password> is the password of record, or a new password if you want to make those changes
Some updates 2015-June:
Use this script to get the list of profiles:
clear breaksset linesize 120
set pagesize 10000
select * from dba_profiles;
Use this script to get the list of users:
clear breaks
set linesize 120
set pagesize 10000
select username, profile, account_status from dba_users;
For some systems you may have additional users to add to the profile.
No comments:
Post a Comment