Changing the Password of the ORCLADMIN Account

Changing the Password of the ORCLADMIN Account

We’ve all done it. Whether or not we had to do a Proof of Concept, a  demo or installing Fusion Middleware applications before integrating them with other Enterprise applications. When prompted to enter a password for the ORCLADMIN account we often quickly enter a password that is simple and quick to remember (and password policies are not enforced during the install).  S now we end up with an Oracle Internet Directory (for example) installation containing a simple password for superuser account, which creates potential security risks and comes to the attention of Security groups.

Hopefully, internal audit or your security group will catch the faux pa and demand the password comply with the organization’s standards thus requesting a password to be changed.
There are several ways to change the  password for ORCLADMIN.

  1. Run the LDAPMODIFY utility provided by the  installation (to utilize this you will have had to have created an LDIF file to be used by the utility).  If you  take this approach, the utility is located in the $ORACLE_HOME/bin folder.
  2. The simplest way to change the password is from the command line using the oidpasswd script.  The script is located in the $ORACLE_HOME/ldap/bin directory using the below:
    • SSH to the server containing OID installation
    • You must be sudo as oracle:
      sudo –iu oracle
    • Navigate to the directory containing script cd $ORACLE_HOME/ldap/bin
    • From the command line execute following
      oidpasswd conn=”<connection string for the DB>” reset_su_password=true
  • NOTE: the connection string for the DB can be found in the $ORACLE_INSTANCE/config/tnsnames.ora file.

Example below:

ORA11 =(DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 127.0.0.1)(PORT = 1521)) ) (CONNECT_DATA =  (SERVICE_NAME = ORA11) )

 

 

Questions, comments or concerns? Feel free to reach out to us below or at IDMWORKS