Previous      Contents      Index      Next
Sun[TM] Identity Manager 8.0 Installation Guide

Appendix C  
Changing the Database Repository Password

If you are using a DBMS (such as MySQL, Oracle, Sybase, DB2, or SQL Server) as the location for the Identity Manager repository, it may be necessary to change the database connection password or username periodically. The procedure for changing these values depends on how Identity Manager connects to the database.

If you connect with a JDBC Driver, follow the procedure described in When Identity Manager Stores the Password.
If you connect using a JDBC DataSource object as your IDM repository location, and the connection username and password are stored in the DataSource object, follow the procedure described in When the DataSource Stores the Password.
If you connect using a JDBC DataSource object but do not store the connection username and password in the DataSource object, follow the procedure described in When Identity Manager Stores the Password.

---

When Identity Manager Stores the Password

Use the following procedure to:

Change the repository password
Update the application to use the modified repository information

Note	It is recommended that you perform each of these steps in the order presented. If you change the repository password at a time other than when directed in this sequence, problems can occur. The examples used in this procedure are for a MySQL repository; some steps may vary depending on the specific repository used.

If Identity Manager connects to the repository with a JDBC driver, or if it connects to the repository using a DataSource that does not contain the connection user name and password, then use the following procedure to change the user or password:

Archive a copy of the existing ServerRepository.xml file, in case you need to revert. By default, this file is located in $WSHOME/WEB-INF.

If you have deployed the Identity Manager web application in an application server cluster, you should operate on the main source folder for Identity Manager (from which the application server deploys the IDM web application), rather than on each target folder (to which the application server deploys the web application on a particular server or node within the cluster).

Shut down the Identity Manager web application. If you have deployed the Identity Manager web application in a cluster, then you must stop all instances of the web application across the cluster.
Verify the existing repository:

lh setRepo -c

Identity Manager responds with the current repository information; for example:

MysqlDataStore:jdbc:mysql://localhost/waveset

Create a temporary file system repository location:

mkdir c:\tempfs

Set Identity Manager to use the temporary file system repository location:

lh setRepo -tLocalFiles -fc:\tempfs
LocalFiles:c:\tempfs

Change the password for your repository. This procedure depends on the mechanism provided by your repository provider. This example highlights steps for a MySQL database:

mysqladmin.exe -hlocalhost -uwaveset -poldpasswd password newpasswd

Set the application to use the modified repository information:

lh setRepo -tMysql -ujdbc:mysql://localhost/waveset
-Uwaveset -Pnewpasswd

The application responds with this warning:

WARNING: No UserUIConfig object in repository.
MysqlDataStore:jdbc:mysql://localhost/waveset

Note	The warning message appears because the temporary file system that you pointed to has no contents. Ignore this message; after running the command, the temporary file system will no longer be needed.

Verify the new repository value:

lh setRepo -c

The application responds with the new value:

MysqlDataStore:jdbc:mysql://localhost/waveset

Restart the server and verify that you can log in. If you have deployed the Identity Manager web application in a cluster, then you must re-deploy the Identity Manager across the cluster. This will distribute the updated web application (which includes the updated ServerRepository.xml file), to all nodes in the application server cluster.
Remove the c:\tempfs temporary directory, and the ServerRepository.xml file that you archived in Step 1.

---

When the DataSource Stores the Password

If Identity Manager connects to the repository via a JDBC data source, and the data source contains the user name and password, then use the following procedure to change the username or password.

Stop the Identity Manager web application. If you have deployed Identity Manager in an application server cluster, stop the application on all hosts.
Change the password for the connection user name in the DBMS instance that you are using as your repository location. For example, on MySQL

mysqladmin.exe -hlocalhost -uwaveset -poldpasswd password newpasswd

Change the password that is stored on the DataSource object using the tools provided by the application server, directory server, or DBMS that manages your DataSource object.
Re-start the server and verify that you can login. If you have deployed the Identity Manager web application in a cluster, then you must re-deploy the Identity Manager across the cluster. This will distribute the updated web application (which includes the updated ServerRepository.xml file), to all nodes in the application server cluster.

Previous      Contents      Index      Next

---

Part No: 820-2956-10.   Copyright 2008 Sun Microsystems, Inc. All rights reserved.