Unlocking locked Accounts in Oracle Internet Directory (OID)

From time to time you may have to unlock an account in Oracle Internet Directory (OID) which isn't IDM/OIM-controlled (so no selfservice is available, for example for technical users).

There are at least two ways to achieve this:

1. Use OIDDAS (OID Delegated Administration Service)
Login to OIDDAS (this depends on which version of OID you are using), search and find the user and unlock it.

2. Use LDAP-Tools
I recommend this way, because it is much faster (for example if you have multiple accounts to unlock) and you see whats going on under the hood. It should work with all recent version of OID (from 10.1.2.0.2). Determine the distinguished name of the user (for example cn=lisa,cn=Users,dc=example,dc=com) and create a ldif file which sets the Attribute orclpwdaccountunlock to 1:

cn=lisa,cn=Users,dc=example,dc=com
changetype: modify
add: orclpwdaccountunlock
orclpwdaccountunlock: 1

Apply this via ldapmodify and the account is unlocked again. You also can set orclpwdaccountunlock directly via your favorite LDAP-Browser.

After that, the attributes pwdaccountlockedtime and pwdfailuretime (which mark the account as locked) will be gone.

And, by the way, you can find all locked accounts in your directory with executing the following ldap-search:

(pwdaccountlockedtime=*)

upgradeADF (ADF 11.1.2.3.0)

If you try to upgrade an ADF-Domain to ADF 11.1.2.3.0 you may encounter the following error:

wls:/offline> upgradeADF('/oracle/weblogic1/projects/domains/adfdomain0/')

Error: readDomain() failed. Do dumpStack() to see details.

com.oracle.cie.domain.script.jython.WLSTException: com.oracle.cie.domain.script.ScriptException: The domain directory must exist and contain config/config.xml

at com.oracle.cie.domain.script.jython.CommandExceptionHandler.handleException(CommandExceptionHandler.java:51)

at com.oracle.cie.domain.script.jython.WLScriptContext.handleException(WLScriptContext.java:1538)

at com.oracle.cie.domain.script.jython.WLScriptContext.readDomain(WLScriptContext.java:396)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:597)

at org.python.core.PyReflectedFunction.__call__(Unknown Source)

at org.python.core.PyMethod.__call__(Unknown Source)

at org.python.core.PyObject.__call__(Unknown Source)

at org.python.core.PyInstance.invoke(Unknown Source)

at org.python.pycode._pyx3.readDomain$18(/tmp/WLSTOfflineIni130404370312075564.py:83)

at org.python.pycode._pyx3.call_function(/tmp/WLSTOfflineIni130404370312075564.py)

at org.python.core.PyTableCode.call(Unknown Source)

at org.python.core.PyTableCode.call(Unknown Source)

at org.python.core.PyFunction.__call__(Unknown Source)

at org.python.pycode._pyx22.upgradeADF$1(/oracle/wls2/mwh/oracle_common/common/wlst/adfWLSTCommands.py:24)

at org.python.pycode._pyx22.call_function(/oracle/wls2/mwh/oracle_common/common/wlst/adfWLSTCommands.py)

at org.python.core.PyTableCode.call(Unknown Source)

at org.python.core.PyTableCode.call(Unknown Source)

at org.python.core.PyTableCode.call(Unknown Source)

at org.python.core.PyFunction.__call__(Unknown Source)

at org.python.pycode._pyx49.f$0(<console>:1)

at org.python.pycode._pyx49.call_function(<console>)

at org.python.core.PyTableCode.call(Unknown Source)

at org.python.core.PyCode.call(Unknown Source)

at org.python.core.Py.runCode(Unknown Source)

at org.python.core.Py.exec(Unknown Source)

at org.python.util.PythonInterpreter.exec(Unknown Source)

at org.python.util.InteractiveInterpreter.runcode(Unknown Source)

at org.python.util.InteractiveInterpreter.runsource(Unknown Source)

at org.python.util.InteractiveInterpreter.runsource(Unknown Source)

at weblogic.management.scripting.WLST.main(WLST.java:188)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:597)

at weblogic.WLST.main(WLST.java:29)

Caused by: com.oracle.cie.domain.script.ScriptException: The domain directory must exist and contain config/config.xml

at com.oracle.cie.domain.script.ScriptExecutor.readTemplate(ScriptExecutor.java:448)

at com.oracle.cie.domain.script.jython.WLScriptContext.readDomain(WLScriptContext.java:388)

... 35 more

 

This can be caused by specifying the wrong domain (or type in path), but also appears when not having write access to domain home.

Weblogic Server 10.3.6 Silent Install fails because of wrong formatting of silent.xml

Today I tried to silent install a Weblogic Server 10.3.6. As documentation recommends, I used the sample silent.xml and modified some parameters.

Then I tried to start the installation, but it fails:

[weblogic@linux silent]$ $JAVA_HOME/bin/java -jar /net/share/ofm11g/wls1036_generic.jar -Djava.io.tmpdir=$TMPDIR -mode=silent -silent_xml=./silent.xml
Extracting 0%....................................................................................................100%
[Fatal Error] :3:6: The processing instruction target matching "[xX][mM][lL]" is not allowed.
org.xml.sax.SAXParseException: The processing instruction target matching "[xX][mM][lL]" is not allowed.
at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:246)
at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:284)
at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:124)
at com.bea.plateng.wizard.installer.common.parsers.TemplateParser.parserWrapper(TemplateParser.java:53)
at com.bea.plateng.wizard.installer.common.parsers.TemplateParser.getTemplateInfo(TemplateParser.java:71)
at com.bea.plateng.wizard.installer.common.parsers.TemplateParserHelper.getTemplateInfo(TemplateParserHelper.java:96)
at com.bea.plateng.wizard.installer.utils.SilentXmlHelper.loadSilentXml(SilentXmlHelper.java:75)
at com.bea.plateng.wizard.installer.silent.tasks.ReadSilentXMLTask.execute(ReadSilentXMLTask.java:43)
at com.bea.plateng.wizard.silent.tasks.AbstractSilentTask.run(AbstractSilentTask.java:28)
at java.lang.Thread.run(Thread.java:662)
Silent Install Failed!! Reason: null

The problem with the sample silent.xml is that it uses comments before the XML prolog. According to the XML spec, you can't have anything at all before the XML prolog. So the file must start with "<?xml version...".

After deleting all the comment lines above XML prolog, silent install works fine.