This content has been marked as final. Show 5 replies
seems like you mix up things
I guess the superuser you refer to is "cn=orcladmin" (not orcladmin, they are 2 different users) who is the OID superuser.
To change his password use the oidpasswd tool the way you did it. But it will not change the ES_MAIL password, ES_MAIL is a database user, therefor to change his password you need to connect to the email database (as SYS or SYSTEM) and use an alter user command.
Thank you for your answer.
Yes - I surly mix up things ;)
How can I different the users?
When I run the command as I have written I only can unlock the account.
Which account will be unlocked?
I am very confused...
When I log in to oidadmin I take the orcladmin user and his new password (cn=orcladmin,cn=Users,dc=DOMAIN,dc=at).
But when I run for example ldapsearch as shell command I need the old password but where I can change this and of which user is this PW?
The ES_MAIL User Pw I can also find in oidadmin under:
ENtry Management --> cn=OracleContext --> cn=Products --> cn=EmailServerContainer --> cn=um_systems --> cn=MailStores --> cn=databasename.domain.at
In my opinion is this the Password which would placed at the install of OCS.
Hello1 person found this helpful
to explain things
- cn=orcladmin is the OID superuser, it does not exist in the directory tree, it is the user you control with the oidpasswd command (and ONLY this one), you can unlock him, change his password (oidpasswd --help is your friend)
- cn=orcladmin,cn=Users,dc=DOMAIN,dc=at is the realm administrator, it is a normal user in the directory tree who has administrative rights on the domain
You can login using "cn=orcladmin" (it is a single string !) only using OIDADMIN, or ldap command lines (-D options), the orcladmin user that you use on OIDDAS or OCS is the realm administrator, not the superuser. -IMHO Oracle should have chosen 2 different names, it is confusing !
There is also a OID database user (ODS who also has the same password as orcladmin by default). It is a data owner not an application administrator.
The ES_MAIL has nothing to do with that (it is another data owner ), the password IS in the database and should be changed only with DBA alter user command. The entry in the OID that you point to is only a reference (you should change it if you change the DB ES-MAIL password !)
Hope it helps
Ahhh... thank you very much 5 points!
One additional question:
When I want to change all old passwords which user should be not forgotten?
I changed ias_admin, orcladmin but as I have written I saw it accidentally that the user ES_Mail has the old password.
Thank you for your posting!
Hmm, you really don't need to change the database passwords unless some people can access the database. This way you only need to change orcladmin, ias_admin(s), SYSOP (for calendar, unipasswd) and any other admin account you created.
If you touch any database password, just don't forget that some are registered in the directory