Appendix E Changing the Database Repository Password

If you are using a DBMS (such as MySQL, Oracle, DB2, or SQL Server) as the location for the Identity Manager repository, it may be necessary to change the database connection password or username periodically. The procedure for changing these values depends on how Identity Manager connects to the database.

• If you connect with a JDBC Driver, follow the procedure described in Changing a Repository Password Stored in a Database.

• If you connect using a JDBC DataSource object as your IDM repository location, and the connection username and password are stored in the DataSource object, follow the procedure described in Changing a Repository Password Stored in a Data Source.

• If you connect using a JDBC DataSource object but do not store the connection username and password in the DataSource object, follow the procedure described in Changing a Repository Password Stored in a Database.

Changing a Repository Password Stored in a Database

Use the following procedure to:

• Change the repository password

• Update the application to use the modified repository information

It is recommended that you perform each of these steps in the order presented. If you change the repository password at a time other than when directed in this sequence, problems can occur.

If Identity Manager connects to the repository with a JDBC driver, or if it connects to the repository using a Data Source that does not contain the connection user name and password, then use the following procedure to change the user or password:

To Change a Repository Password Stored in a Database

Before You Begin

The examples used in this procedure are for a MySQL repository. Some steps may vary depending on the specific repository used.

1. Archive a copy of the existing ServerRepository.xml file, in case you need to revert to it. By default, this file is located in $WSHOME/WEB-INF.

   If you have deployed Identity Manager in an application server cluster, you should operate on the main source folder for Identity Manager (from which the application server deploys the IDM web application), rather than on each target folder (to which the application server deploys the web application on a particular server or node within the cluster).

2. Shut down Identity Manager. If you have deployed Identity Manager in a cluster, then you must stop all instances of the web application across the cluster.

3. Verify the existing repository:

   lh setRepo -c

   Identity Manager responds with the current repository information; for example:

   MysqlDataStore:jdbc:mysql://localhost/waveset

4. Create a temporary file system repository location:

   mkdir c:\tempfs

5. Set Identity Manager to use the temporary file system repository location:

   lh setRepo -tLocalFiles -fc:\tempfs LocalFiles:c:\tempfs

6. Change the password for your repository. This procedure depends on the mechanism provided by your repository provider. This example highlights steps for a MySQL database:

   mysqladmin.exe -hlocalhost -uwaveset -poldpasswd password newpasswd

7. Set the application to use the modified repository information:

   lh setRepo -tMysql -ujdbc:mysql://localhost/waveset -Uwaveset -Pnewpasswd

   The application responds with this warning:

   WARNING: No UserUIConfig object in repository. MysqlDataStore:jdbc:mysql://localhost/waveset

   ---

   Note –

   The warning message appears because the temporary file system that you pointed to has no contents. Ignore this message; after running the command, the temporary file system will no longer be needed.

   ---

8. Verify the new repository value:

   lh setRepo -c

   The application responds with the new value:

   MysqlDataStore:jdbc:mysql://localhost/waveset

9. Restart the server and verify that you can log in. If you have deployed Identity Manager in a cluster, then you must re-deploy Identity Manager across the cluster. This will distribute the updated web application (which includes the updated ServerRepository.xml file), to all nodes in the application server cluster.

10. Remove the c:\tempfs temporary directory, and the ServerRepository.xml file that you archived in Changing a Repository Password Stored in a Database.

Changing a Repository Password Stored in a Data Source

If Identity Manager connects to the repository via a JDBC data source, and the data source contains the user name and password, then use the following procedure to change the username or password.

To Change a Repository Password Stored in a Data Source

1. Stop Identity Manager. If you have deployed Identity Manager in an application server cluster, stop the application on all hosts.

2. Change the password for the connection user name in the DBMS instance that you are using as your repository location. For example, on MySQL

   mysqladmin.exe -hlocalhost -uwaveset -poldpasswd password newpasswd

3. Change the password that is stored on the DataSource object using the tools provided by the application server, directory server, or DBMS that manages your DataSource object.

4. Re-start the server and verify that you can login. If you have deployed Identity Manager in a cluster, then you must re-deploy Identity Manager across the cluster. This will distribute the updated web application (which includes the updated ServerRepository.xml file), to all nodes in the application server cluster.