Weblogic User password change in Clustered Environment (HA)

Prerequisite:

-          Take the backup for the domain, config.xml, data (ldap)/tmp/cache, boot.properties

-          Created a new user for the OIM team

o   username : OIM_Team

o   Password : xxxxxxx

Instruction Steps:

-          Log in to the console

-          Lock and Edit

-          Change the password for the AdminServer from the console

-          Release configuration from the console

-          Re login to the console with the new (changed) password

-          Verified : This is working fine

-          Stopped the Admin Server

-          Edited the boot.properties file (passing the username and password in the clear text)

-          Started the AdminServer

-          Logged in the Admin Console with the new user

-          Logged in AdminServer console.

-          Stopped the services on node 2 server’s (SOA,MS,OIM)

-          Removed the boot.properties for soa_servers2

-          Started the soa server2 with the startManaged.sh script (provided the credentials at runtime)

-          Once Started the soa_server2 stopped it again ctrl+c (reason behind this; it will generate ldap data for new credentials.)

-          Started the soa_server2 with the help of scripts after updating the boot.properties file (started from custom script)

-          SOA_Server2 got in ADMIN Mode, we resumed it.

-          updated the boot.proprties with the new credentials and started oms2 with the custom script(startMS.sh)

-          updated the boot.proprties with the new credentials and started oim_server2 with the custom script(startOIM.sh)

ONCE CONFIRMED ALL THE SERVICES ARE UP AND RUNNING ON NODE 2; WE CAN PROCEED TO NODE 1.

-          Logged in AdminServer console.

-          updated the boot.propeties file with the new credentials on soa_server1

-          Started server with custom start file

-          Resumed the Soa Server1 as it had gone to the ADMIN Mode (this is normal behaviour)

-          Starting the oim_server1 and oms1 using the custom script, after updating the boot.properties file.

-          All servers are up and running fine.

-          Password changed for the weblogic user in OIMDomain.

AFTER CHANGING THE PASSWORD TO ALL CONSOLES, change the user password in OID if user is present in OID.

PLEASE VERIFY ON ALL THE CONSOLES (EM,OIM,OAM,SOA)

NOTE: Password should be same for OIM, OAM, OID Admins console, as WEBLOGIC is the only user who is logging in to adminserver’s.

OID Replication Issue

There are however issues when using a replicated OID deployment. OIM uses a process called LDAPSync which is used to keep the entries inside its internal database in sync with the entries in LDAP. 

To prevent the process having to process every entry in LDAP each time, it uses a changelog which allocates a change number to every transaction in the directory. If you have an OID replicated environment, then the change numbers
in each OID cluster are different. 

 

This causes issues for failover. You can alleviate this by:

1. Ensuring LDAPSync (OIM reconciliation jobs) only run against a single OID cluster.
2. If you do need to failover to a second OID cluster, then you will need to:
a. Disable the incremental OIM reconciliation tasks.
b. Run a full Reconciliation against the new OID cluster.
c. Update the OIM change number to reflect that of the new OID cluster.
d. Re-enable incremental OIM reconciliation tasks.
This is not necessary for OUD based solutions which use a cookie based changelog.