Mass Reset Password -part2 – using OIM Apis

Introduction

Back in November, I wrote a blog about Mass Rest Password using OID. As mentioned there, and expected for this month, Oracle is now providing the same password change feature, but now using Java OIM API.

Main Article

In this case, for develoment and test environments customers usually want something that they can control by java exceptions to avoid any interruption, or a solution where they can have multiple options amid different use-cases. Using java, particularly, will allow more possibilities from the development perspective. Let’s return to the main example mentioned before, the P2T scenario. Here, critical data is coming from a production environment and is moved to a test environment and some critical data must be changed. This article provides step-by-step instructions to accomplish this task to make sure your production end-user’s passwords will not be available in the target environment.

Pre-requirements:

• Make sure you the OIM Design Console folder, xlclient , on the server where you are running the java code.

• Once you have finished the FA-IDM P2T process, the next step is to remove, or replace the key information that should be available only in production.
• Make sure all users have requested objectclasses to do this change through the API:
objectclass=orclIDXPerson
objectclass=oblixPersonPwdPolicy
objectclass=oblixOrgPerson
objectclass=OIMPersonPwdPolicy
objectclass=inetorgperson
objectclass=top
objectclass=organizationalPerson
objectclass=person

Steps

Step1) Open config.properties and update your search criteria.

config.properties

NOTE: Don’t remove or comment the all_except_logins unless you are sure that you want to change product admin users. Be aware that changing these may disrupt communications within the products.
Step2) Run reset_password.sh provided here.

Results expected for step2:

Running shell script-part1

Running shell script-part2

Conclusion

Well done, however, implementing FA+IDM Mass reset password solution for an organization is a proposition that should be done carefully, and an entire environment backup must be done before it starts. Using proper planning and understanding the various dimensions provided by this solution and its concepts allows an organization to discern how they handle copied passwords. It also highlights what of the enterprise is willing to protect end- user data from copied environments, and how best to offer Oracle protection in an integrated and effective manner.

Comments

  1. Download link for utility

  2. Where can we download this utility from?

    Thank you

Add Your Comment