5 Replies Latest reply: Sep 21, 2008 8:34 PM by 450470 RSS

    How can I change the Superuser PW?


      I changed every Userpassword who have admin rights but somewhere I have forgotten to change the superuser password.
      When I look in oidadmin I can see that the ES_Mail user have the old password.

      But is the ES_Mail user the superuser because when I run the following command on the host I have to take the old password of the superuser:

      (unlock orcladmin)
      $ORACLE_HOME/bin/oidpasswd connect=[database name] unlock_su_acct=true

      So I don't know who is the "superuser" and where I can change this PW.

      Thank you!
        • 1. Re: How can I change the Superuser PW?

          seems like you mix up things

          I guess the superuser you refer to is "cn=orcladmin" (not orcladmin, they are 2 different users) who is the OID superuser.

          To change his password use the oidpasswd tool the way you did it. But it will not change the ES_MAIL password, ES_MAIL is a database user, therefor to change his password you need to connect to the email database (as SYS or SYSTEM) and use an alter user command.
          • 2. Re: How can I change the Superuser PW?
            Thank you for your answer.

            Yes - I surly mix up things ;)

            How can I different the users?

            When I run the command as I have written I only can unlock the account.
            Which account will be unlocked?

            I am very confused...

            When I log in to oidadmin I take the orcladmin user and his new password (cn=orcladmin,cn=Users,dc=DOMAIN,dc=at).
            But when I run for example ldapsearch as shell command I need the old password but where I can change this and of which user is this PW?

            The ES_MAIL User Pw I can also find in oidadmin under:

            ENtry Management --> cn=OracleContext --> cn=Products --> cn=EmailServerContainer --> cn=um_systems --> cn=MailStores --> cn=databasename.domain.at

            In my opinion is this the Password which would placed at the install of OCS.

            • 3. Re: How can I change the Superuser PW?

              to explain things
              - cn=orcladmin is the OID superuser, it does not exist in the directory tree, it is the user you control with the oidpasswd command (and ONLY this one), you can unlock him, change his password (oidpasswd --help is your friend)

              - cn=orcladmin,cn=Users,dc=DOMAIN,dc=at is the realm administrator, it is a normal user in the directory tree who has administrative rights on the domain

              You can login using "cn=orcladmin" (it is a single string !) only using OIDADMIN, or ldap command lines (-D options), the orcladmin user that you use on OIDDAS or OCS is the realm administrator, not the superuser. -IMHO Oracle should have chosen 2 different names, it is confusing !

              There is also a OID database user (ODS who also has the same password as orcladmin by default). It is a data owner not an application administrator.

              The ES_MAIL has nothing to do with that (it is another data owner ), the password IS in the database and should be changed only with DBA alter user command. The entry in the OID that you point to is only a reference (you should change it if you change the DB ES-MAIL password !)

              Hope it helps
              • 4. Re: How can I change the Superuser PW?
                Ahhh... thank you very much 5 points!

                One additional question:

                When I want to change all old passwords which user should be not forgotten?

                I changed ias_admin, orcladmin but as I have written I saw it accidentally that the user ES_Mail has the old password.

                Thank you for your posting!
                • 5. Re: How can I change the Superuser PW?
                  Hmm, you really don't need to change the database passwords unless some people can access the database. This way you only need to change orcladmin, ias_admin(s), SYSOP (for calendar, unipasswd) and any other admin account you created.

                  If you touch any database password, just don't forget that some are registered in the directory