As a business policy we need to change the password of the admin user in weblogic after a cycle of specific period.
Please let us now how can we do that without losing the other existing users in 'my realm.'
I understand that we can use the weblogic.utils.security.AdminAcoount utility to give the new password, which will create a new DefaultAuthenticatorInit.ldift file in +<domain-home>/security+ folder (according to Doc ID 1082299.1).
The password will change but the users in 'my realm' will be lost. (there are many users and it is a production environment so recreation is out-of- question)
Is there a way we can retain the users and still proceed with the password change?
This can be doen by followin the standard procedure by login to console and navigate to :-
DOMAIN_STRUCTURE--->Security Realm--->myrealm--->Users and Groups---->User tab click on the user weblogic
--click on the password tab and put the new password there and save (password is changed for the user here)
---Logout from the console and login to the console again using the new password
But when the server starts it do not read the password for the user directly from the realm rather it picked the same from the $DOMAIN_HOME/servers/AdminServer/security/boot.properties
Now in order to make this change available when the server starts change the values for the username and password in boot.properties and specify them in plain-text and save the same.
Now next time whenever the server will start it will pick up the new values from the boot.properties and once the same had been accepted those will be encrypted again.
You might have to make the change for the boot.properties for all the Managed Server if you have the Managed Servers in the domain which will be located at the location $DOMAIN_HOME/servers/<<Managed Server Name>>/data/nodemanager/boot.properties
You can test the steps on some lower environment first and try the same in Critical environment once the testing goes successful.
But after trying this in test environments, we lost the other users in 'my realm' which were present earlier.
So is it true that recreation of users is the only option?
What if the users are large in number.
Resetting the password from console do not regenerate the DefaultAuthneticator.ldift so that should not cause the deletion of any of teh exsiting users rather it only updates the user password in the ldift file.