The requirement of doing a bulk reset of all the oid user passwords as a post-processing steps when we clone or provision a new environment and use PROD data is a very normal requirement in today’s world but I could not find an easy way to do so via GUI. So in this post, I will cover steps to achieve the same.
a) First and foremost – take Backup. Ask your database team member to execute below command or if you know the oid database password, you can execute it yourself.
$ORACLE_HOME/ldap/bin/ldifwrite connect=oiddb basedn=”cn=users,dc=oraworld,dc=local” thread=3 verbose=true ldiffile=/home/OIDBackups/backup-[DATE].dat
b) Now with the help of ldap commands and sed utility, we will generate a ldif to reset all the passwords to a new Password = NewOraWorld (in our case)
$ORACLE_HOME/bin/ldapsearch -D "cn=orcladmin" -w "ILoveOraWorld" -h oidstore.oraworld.local -p 389 -b "cn=Users,dc=oraworld,dc=local" -L '(&(objectclass=*)(!(cn=SG_ADMIN_*)))' dn | sed 's/dc=local/dc=local\nchangetype:\ modify\nreplace:\ userpassword\nuserpassword:\ NewOraWorld/g' > Password_Reset.ldif
c) If you open the file created you should see something like this with many users:
d) You can manually remove all the users for which you don’t want the passwords to be updated. For Eg: orcladmin, weblogic_idm, xelsysadm etc
e) Now execute ldapmodify to execute the file created above.
ldapmodify -h oidstore.oraworld.local -p 389 -D cn=orcladmin -w "ILoveOraWorld" -c -v -f /home/Password_Reset.ldif
f) Now just for the confirmation sake test couple of users via ldapbind and you are good to go.
If you encounter any issues or need any help with Identity Management, feel free to contact me on Sumit@OraWorld.co.uk
If you want to know when I have shared new blog posts, you can Subscribe to Blog.