jeudi 28 juillet 2011

Reset OBIEE 11g weblogic admin password

Oracle BI Enterprise Edition OBIEE 11g has been integrated into the Fusion Middleware and now runs on Weblogic server.  Therefore it also requires an administrator password to manage Weblogic server.  By default, the administrator account is called 'weblogic'.  the procedure to manage the weblogic administrator account password is similar to any other platform running on Weblogic server.

If for security reasons you ever want to change the administrator password at specific time intervals or you have to work on a platform you do not usually manage and the weblogic adminserver password is unknown (step 1 below would not apply) or any other weblogic server (for instance your forms and reports server 11g enterprise manager password), you can proceed with following steps to reset this password on Weblogic Server 10.3 (WLS 11g):


  1. Shutdown WebLogic server from a command line session:

    export MWHOME=[MiddlewareHome]
    export DOMAIN_HOME=[BI_DomainHome]
    export CLASSPATH=$CLASSPATH:$MWHOME/wlserver_10.3/server/lib/weblogic.jar
    cd $DOMAIN_HOME/bin
    ./stopWebLogic.sh

     (enter existing username [weblogic] and old password when prompted)


    Example values for these environment variables:

    export MWHOME=/u01/app/oracle/Middleware
    export DOMAIN_HOME=/u01/app/oracle/Middleware/user_projects/domains/bifoundation_domain


  2. Still in the same command line session, populate the correct values of the environment variables for your (OBI) Domain:

    cd $DOMAIN_HOME/bin
    ./setDomainEnv.sh

  3. To disable the default authenticator initialisation file and still retain a backup copy, rename it:

    cd $DOMAIN_HOME/security
    mv DefaultAuthenticatorInit.ldift DefaultAuthenticatorInit.ldift.bak

  4. Generate an administrator password for a new temporary (or permanent) administration account, e.g. called wlsadmin, into a new DefaultAuthenticatorInit.ldift file using the syntax below.  Please do not leave the security directory and mind the trailing dot:

    java weblogic.security.utils.AdminAccount [adminUserName] [adminPassword] .
  5. Backup and disable the boot properties file, if exists, as well as the 'DefaultAuthenticatormyrealmInit.initialized' file in the ldap directory of the domain:

    cd  $DOMAIN_HOME/servers/AdminServer/data/ldap
    mv DefaultAuthenticatormyrealmInit.initialized DefaultAuthenticatormyrealmInit.initialized.bak
    cd ../../security
    mv boot.properties boot.properties.bak


    Please never rename the directory 'ldap' where the 'DefaultAuthenticatormyrealmInit.initialized' file was disabled abovem nor its entire parent directory 'data'.  Doing this would cause the loss of all existing users and may even remove default OBI users and groups.  A safety copy of the directory 'data' is recommended:

    cd $DOMAIN_HOME/servers/AdminServer
    cp -R data data.bak


  6. Restart the Admin Server using the new administrator account.  If it is possible to start in the foreground, proceed as follows:

    cd $DOMAIN_HOME
    ./startWebLogic.sh


    If you operate the Weblogic server from a remote terminal session and want to run the server in the background, one can proceed like this (assuming boot.properties has not been configured previously):

    cd $DOMAIN_HOME/servers/AdminServer/security
    echo username=wlsadmin > boot.properties                       (1)
    echo password=******>>boot.properties                        
     (2)
    cd $DOMAIN_HOME
    nohup ./startWebLogic.sh >> Adminserver.log 2>&1 &             (3)
    tail -f Adminserver.log                                        (4)


    Please avoid blank lines in boot.properties file.  The clear text username and password will be encrypted the first time Weblogic server has been started.

    In WebLogic Server 11g Administration Console, logon using the new administration account, e.g. 'wlsadmin'.  Do not use the old account 'weblogic'.  By default, you can reach this console using your web browser at URL: 

    servername:7001/console

    Navigate through the domain structure to:

    bifoundation_domain/Security Realms
    select 'myrealm', press the command button 'Lock & Edit' and enable the tabs

    Users and Groups / weblogic

    to change the password of this old administration account.

    From now on, the Enterprise Manager Fusion Middleware Control 11g and the WebLogic Server 11g Administration Console can be accessed with the new administration account as well as using the new password for account 'weblogic'.

    Optionally, also grant the new 'wlsadmin' account OBI administration privileges by assigning the group 'BIAdministrators ' to it, save and press 'Release Configuration'.
_____________________
(1) Please use the WLS admin account "adminUserName" created above in step 4, this should not be "weblogic" when following this publication.
(2) Better add this password through a text editor as it may end up in history.
(3) To start WLS in the background and have it running when disconnecting your terminal session.
(4) To monitor the startup process.  You can send the Break signal with CTRL+C when reading the expected log entry:
       "<Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>"


These steps have been tested on both Oracle Fusion Middleware 11g Release 1 Business Intelligence Foundation OBIEE releases 11.1.1.3.0 and 11.1.1.5.0 deployed on x86-64 bit Linux, the latter being deployed on 64-bits generic Oracle WebLogic Server 11g Rel 1 (10.3.5).

Aucun commentaire:

Enregistrer un commentaire