Sun[TM] Identity Manager 8.0 Installation Guide |
Appendix C
Changing the Database Repository PasswordIf you are using a DBMS (such as MySQL, Oracle, Sybase, DB2, or SQL Server) as the location for the Identity Manager repository, it may be necessary to change the database connection password or username periodically. The procedure for changing these values depends on how Identity Manager connects to the database.
- If you connect with a JDBC Driver, follow the procedure described in When Identity Manager Stores the Password.
- If you connect using a JDBC DataSource object as your IDM repository location, and the connection username and password are stored in the DataSource object, follow the procedure described in When the DataSource Stores the Password.
- If you connect using a JDBC DataSource object but do not store the connection username and password in the DataSource object, follow the procedure described in When Identity Manager Stores the Password.
When Identity Manager Stores the PasswordUse the following procedure to:
- Change the repository password
- Update the application to use the modified repository information
If Identity Manager connects to the repository with a JDBC driver, or if it connects to the repository using a DataSource that does not contain the connection user name and password, then use the following procedure to change the user or password:
- Archive a copy of the existing ServerRepository.xml file, in case you need to revert. By default, this file is located in $WSHOME/WEB-INF.
If you have deployed the Identity Manager web application in an application server cluster, you should operate on the main source folder for Identity Manager (from which the application server deploys the IDM web application), rather than on each target folder (to which the application server deploys the web application on a particular server or node within the cluster).
- Shut down the Identity Manager web application. If you have deployed the Identity Manager web application in a cluster, then you must stop all instances of the web application across the cluster.
- Verify the existing repository:
lh setRepo -c
Identity Manager responds with the current repository information; for example:
MysqlDataStore:jdbc:mysql://localhost/waveset
- Create a temporary file system repository location:
mkdir c:\tempfs
- Set Identity Manager to use the temporary file system repository location:
lh setRepo -tLocalFiles -fc:\tempfs
LocalFiles:c:\tempfs- Change the password for your repository. This procedure depends on the mechanism provided by your repository provider. This example highlights steps for a MySQL database:
mysqladmin.exe -hlocalhost -uwaveset -poldpasswd password newpasswd
- Set the application to use the modified repository information:
lh setRepo -tMysql -ujdbc:mysql://localhost/waveset
-Uwaveset -PnewpasswdThe application responds with this warning:
WARNING: No UserUIConfig object in repository.
MysqlDataStore:jdbc:mysql://localhost/waveset
- Verify the new repository value:
lh setRepo -c
The application responds with the new value:
MysqlDataStore:jdbc:mysql://localhost/waveset
- Restart the server and verify that you can log in. If you have deployed the Identity Manager web application in a cluster, then you must re-deploy the Identity Manager across the cluster. This will distribute the updated web application (which includes the updated ServerRepository.xml file), to all nodes in the application server cluster.
- Remove the c:\tempfs temporary directory, and the ServerRepository.xml file that you archived in Step 1.
When the DataSource Stores the PasswordIf Identity Manager connects to the repository via a JDBC data source, and the data source contains the user name and password, then use the following procedure to change the username or password.
- Stop the Identity Manager web application. If you have deployed Identity Manager in an application server cluster, stop the application on all hosts.
- Change the password for the connection user name in the DBMS instance that you are using as your repository location. For example, on MySQL
mysqladmin.exe -hlocalhost -uwaveset -poldpasswd password newpasswd
- Change the password that is stored on the DataSource object using the tools provided by the application server, directory server, or DBMS that manages your DataSource object.
- Re-start the server and verify that you can login. If you have deployed the Identity Manager web application in a cluster, then you must re-deploy the Identity Manager across the cluster. This will distribute the updated web application (which includes the updated ServerRepository.xml file), to all nodes in the application server cluster.