Google Search

Sunday, January 29, 2017

How to Unlock a User Account in Linux?

Some times on Linux boxes the user account will be locked due to issues such as wrong password entry, account expiry etc. 

In this post I will show how to unlock user account with different commands.

Example 1: Check if the password is disabled by viewing /etc/shadow file for user entry.

   $ grep ‘username’ /etc/shadow

If you are able to see ! in the second field starting that indicates that password is disabled, you have to enable it back by using passwd with -u option

  $passwd -u username

Example:

   passwd -u mani

Unlocking password for user mani.

passwd: Success

Hope this post helps you to resolve this issue.

Thank you for reading out my blog!!

java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=oim,keyName=OIMSchemaPassword" "read")

Issue:
java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=oim,keyName=OIMSchemaPassword" "read")
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366)
        at java.security.AccessController.checkPermission(AccessController.java:560)
        at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:458)
        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:518)
        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:544)
        Truncated. see log file for complete stacktrace
Caused By: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=oim,keyName=OIMSchemaPassword" "read")
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366)
        at java.security.AccessController.checkPermission(AccessController.java:560)
        at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:458)
        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:518)
        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:544)
        Truncated. see log file for complete stacktrace

Fix/Resolution:

1.       Take the backup of weblogic.policy file to recover easily in case of any issues.
a.        Go to $WLS_HOME/server/lib/weblogic.policy
b.       cp weblogic.policy weblogic.policy_backup

2.       Add the below lines(end of the file) into weblogic.policy file
                        grant codeBase "file:$MW_HOME/patch_wls1036/patch_jars/*" {
permission java.security.AllPermission;
};

3.       Take the backup of system-jazn-data.xml file to recover easily in case of any issues
a.        Go to $DOMAIN_HOME/config/fmwconfig/system-jazn-data.xml
b.       $cp system-jazn-data.xml system-jazn-data.xml_backup

4.       Add the below lines (end of the file) into $DOMAIN_HOME/config/fmwconfig/system-jazn-data.xml:

<grant>
  <grantee>
    <codesource>
      <url>file:${wls.home}/../../patch_wls1036/patch_jars/*</url>
    </codesource>
  </grantee>
        <permissions>
                        <permission>
 <class>oracle.security.jps.service.credstore.CredentialAccessPermission</class>
     <name>context=SYSTEM,mapName=oim,keyName=*</name>
     <actions>read,write</actions>
                        </permission>
   </permissions>
</grant>
5.        Restart Admin and managed servers.

            NOTE: Kindly note, MW_HOME will vary from environment to environment depends on your machine path.
                          Also, similar solution is applicable to any component like OAM/OIF/OID etc..

           Hope this post helps you to resolve this issue. 
          
           Thank you for reading out my blog !!

Saturday, December 31, 2016

OIM11g R2 PS2 (11.1.2.2) configuration steps throws Exception occurred while encrypting the configuration and database

Issue: 


When progressing through the Oracle Identity and Access Management Configuration, the 'Configure OIM Server' status would fail with the error Exception occurred while encrypting the configuration and database, step Configure OIM Server failed





Investigation: Try to find the error details from logs as per the screenshot. i.e... /home/oracle/app/oraInventory/logs/<latest log>.


As per log, (DEV_OIM.UK_MLS_LOCALE_MLS_LOCALE_CODE) violated error whilst accompanied with Caused by: java.lang.Exception: Exception occurred in updateMLSLocale method while updating Locale to OIM DB as well as Caused by: java.lang.Exception: Exception occurred while encrypting the database error

Fix: 

1. Simply take the backup of existing MLS_LOCALE table under DEV_OIM schema by following the below steps.
a.       Connect to your database using DEV_OIM schema(sql developer)
b.      Take the backup of MLS_LOCALE using below sql command
                Create table MLS_LOCALE_bkp as (select * from MLS_LOCALE);
c.       Truncate the original table name MLS_LOCALE
                Truncate table MLS_LOCALE;
2. Re-run the OIM configuration step
    Go to cd $OIM_HOME/bin (or) $MW_HOME/Oracle_IDM1/bin -> ./config.sh 

NOTE: If you are trying to connect to your database using sys account, then you have append Schema name before table. 

 
Eg: truncate table DEV_OIM.MLS_LOCALE;  --- If you are using sys account in DB


It should fix the issue. 

Saturday, June 25, 2016

OPSS Unable to start WL Server XML20108 Fatal Error JPS02592 Failed To Push Ldap Config Data To LibOvd

Issue:

 Jun 21, 2016 7:03:16 PM oracle.security.jps.internal.igf.ovd.OvdIGFServiceProvider pushLdapNamesTolibOvd SEVERE: JPS-02592
<Jun 21, 2016 7:03:16 PM SGT> <Error> <Security> <BEA-090892> <The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-02592: Failed to push ldap config data to libOvd for service instance "idstore.ldap" in JPS context "default", cause: org.xml.sax.SAXException: Error Parsing at line #1: 1.org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; <Line 1, Column 1>: XML-20108: (Fatal Error) Start of root element expected.>
<Jun 21, 2016 7:03:16 PM SGT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-02592: Failed to push ldap config data to libOvd for service instance "idstore.ldap" in JPS context "default", cause: org.xml.sax.SAXException: Error Parsing at line #1: 1.org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; <Line 1, Column 1>: XML-20108: (Fatal Error) Start of root element expected.
weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-02592: Failed to push ldap config data to libOvd for service instance "idstore.ldap" in JPS context "default", cause: org.xml.sax.SAXException: Error Parsing at line #1: 1.
org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; <Line 1, Column 1>: XML-20108: (Fatal Error) Start of root element expected.
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1402)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
        at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
        at weblogic.security.SecurityService.start(SecurityService.java:141)
        at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
        Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.JpsRuntimeException: JPS-02592: Failed to push ldap config data to libOvd for service instance "idstore.ldap" in JPS context "default", cause: org.xml.sax.SAXException: Error Parsing at line #1: 1.
org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; <Line 1, Column 1>: XML-20108: (Fatal Error) Start of root element expected.
        at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:172)
        at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:375)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        Truncated. See log file for complete stacktrace


Resolution:



1.       Please verify whether your file system having disk space issues ($df -h in case of Linux). One of the causes of XML files corruption is seen when there is a filesystem full condition.
2.       If it is not relates to file system space issues, then it might be because of corrupted adapters.os_xml
3.       As additional symptom $DOMAIN_HOME/config/fmwconfig/ovd/default/server.os_xml was detected as zero (0) bytes.
Corruption of the adapters.os_xml or server.os_xml under this LibOVD location file may lead to Weblogic server startup failure.
Please navigate to the fmwconfig folder and check the adapters.os_xml or server.os_xml file or both
$DOMAIN_HOME/config/fmwconfig/ovd/default/adapters.os_xml
There are chances the any of those xml file could be corrupted due to which the Weblogic server fails to start.
4.       In case the file is corrupted, please perform the following steps:
a.       Take a backup of $DOMAIN_HOME/config/fmwconfig/ovd/default/adapters.os_xml  or  server.os_xml
b.      Delete corrupted adapters.os_xml or server.os_xml files under
 $DOMAIN_HOME/config/fmwconfig/ovd/default/adapters.os_xml
c.       Copy adapters.os_xml or server.os_xml from
         $MW_HOME/oracle_common/modules/oracle.ovd_11.1.1/templates/ to
         $DOMAIN_HOME/config/fmwconfig/ovd/default/. Or restore files from backup.
5.        Restart the server. It should works!!

 Hope this post helps you to resolve this issue.

Monday, February 8, 2016

org.eclipse.persistence.exceptions.DatabaseException Internal Exception: java.sql.SQLRecoverableException: IO Error: The Network Adapter could not establish the connection

Issue:

****** weblogic startup log ******

INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used.
[EL Severe]: 2015-12-06

03:35:08.961--ServerSession(1577131615)--Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.3.1.v20111018-r10243):

org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLRecoverableException: IO Error: The Network Adapter

could not establish the connection
Error Code: 17002
Dec 6, 2015 3:35:08 AM

oracle.security.jps.internal.credstore.ldap.LdapCredentialStore init
WARNING: Could not create credential store instance. Reason

oracle.security.jps.service.policystore.PolicyStoreConnectivityException: JPS-10000: There was an internal error in the policy store.
JPS-01055: Could not create credential store instance. Reason oracle.security.jps.service.policystore.PolicyStoreConnectivityException:

JPS-10000: There was an internal error in the policy store.
Error: Diagnostics data was not saved to the credential store.
Error:

Validate operation has failed.
Need to do the security configuration first!

Solution:

1. Verify Database listener is up & running or not


2. Take the backup of jpsconfig.xml file


3. Start the database listener


$$ORACLE_HOME/bin

$lsnrctrl status listener  -- Verify Listener status

$lsnrctrl start listener   -- Start the listener,if already not started


4. Start the weblogic from command prompt


$DOMAIN_HOME/bin

$nohup ./startWeblogic.sh > AdminServer.log &

$tail -f AdminServer.log

5. Weblogic Admin Server will start normally.