Tuesday, March 6, 2012

OBIEE 11g weblogic admin password Reset

Oracle BI Enterprise Edition OBIEE 11g has been integrated into the Fusion Middleware and now runs on Weblogic server. Therefore it also requires an administrator password to manage Weblogic server. By default, the administrator account is called 'weblogic'. the procedure to manage the weblogic administrator account password is similar to any other platform running on Weblogic server.

If for security reasons you ever want to change the administrator password at specific time intervals or you have to work on a platform you do not usually manage and the weblogic adminserver password is unknown (step 1 below would not apply) or any other weblogic server (for instance your forms and reports server 11g enterprise manager password), you can proceed with following steps to reset this password on Weblogic Server 10.3 (WLS 11g):

1. Shutdown WebLogic server from a command line session:

export MWHOME=[MiddlewareHome]
export DOMAIN_HOME=[BI_DomainHome]
export CLASSPATH=$CLASSPATH:$MWHOME/wlserver_10.3/server/lib/weblogic.jar
cd $DOMAIN_HOME/bin
./stopWebLogic.sh

(enter existing username [weblogic] and old password when prompted)

Example values for these environment variables:

export MWHOME=/u01/app/oracle/Middleware
export DOMAIN_HOME=/u01/app/oracle/Middleware/user_projects/domains/bifoundation_domain
2. Still in the same command line session, populate the correct values of the environment variables for your (OBI) Domain:

cd $DOMAIN_HOME/bin
./setDomainEnv.sh
3. To disable the default authenticator initialisation file and still retain a backup copy, rename it:

cd $DOMAIN_HOME/security
mv DefaultAuthenticatorInit.ldift DefaultAuthenticatorInit.ldift.bak
4. Generate an administrator password for a new temporary (or permanent) administration account, e.g. called wlsadmin, into a new DefaultAuthenticatorInit.ldift file using the syntax below. Please do not leave the security directory and mind the trailing dot:

java weblogic.security.utils.AdminAccount [adminUserName] [adminPassword] .
5. Backup and disable the boot properties file, if exists, as well as the 'DefaultAuthenticatormyrealmInit.initialized' file in the ldap directory of the domain:

cd $DOMAIN_HOME/servers/AdminServer/data/ldap
mv DefaultAuthenticatormyrealmInit.initialized DefaultAuthenticatormyrealmInit.initialized.bak
cd ../../security
mv boot.properties boot.properties.bak

Please never rename the directory 'ldap' where the 'DefaultAuthenticatormyrealmInit.initialized' file was disabled abovem nor its entire parent directory 'data'. Doing this would cause the loss of all existing users and may even remove default OBI users and groups. A safety copy of the directory 'data' is recommended:

cd $DOMAIN_HOME/servers/AdminServer
cp -R data data.bak
6. Restart the Admin Server using the new administrator account. If it is possible to start in the foreground, proceed as follows:

cd $DOMAIN_HOME
./startWebLogic.sh

If you operate the Weblogic server from a remote terminal session and want to run the server in the background, one can proceed like this (assuming boot.properties has not been configured previously):

cd $DOMAIN_HOME/servers/AdminServer/security
echo username=wlsadmin > boot.properties (1)
echo password=******>>boot.properties (2)
cd $DOMAIN_HOME
nohup ./startWebLogic.sh >> Adminserver.log 2>&1 & (3)
tail -f Adminserver.log (4)


Please avoid blank lines in boot.properties file. The clear text username and password will be encrypted the first time Weblogic server has been started.

In WebLogic Server 11g Administration Console, logon using the new administration account, e.g. 'wlsadmin'. Do not use the old account 'weblogic'. By default, you can reach this console using your web browser at URL:

servername:7001/console

Navigate through the domain structure to:
bifoundation_domain/Security Realms
select 'myrealm', press the command button 'Lock & Edit' and enable the tabs

Users and Groups / weblogic

to change the password of this old administration account.

From now on, the Enterprise Manager Fusion Middleware Control 11g and the WebLogic Server 11g Administration Console can be accessed with the new administration account as well as using the new password for account 'weblogic'.

Optionally, also grant the new 'wlsadmin' account OBI administration privileges by assigning the group 'BIAdministrators ' to it, save and press 'Release Configuration'.
_____________________
(1) Please use the WLS admin account "adminUserName" created above in step 4, this should not be "weblogic" when following this publication.
(2) Better add this password through a text editor as it may end up in history.
(3) To start WLS in the background and have it running when disconnecting your terminal session.
(4) To monitor the startup process. You can send the Break signal with CTRL+C when reading the expected log entry:
" "


These steps have been tested on both Oracle Fusion Middleware 11g Release 1 Business Intelligence Foundation OBIEE releases 11.1.1.3.0 and 11.1.1.5.0 deployed on x86-64 bit


Reference : http://linora64.blogspot.com/2011/07/reset-obiee-11g-weblogic-admin-password.html

No comments:

Post a Comment