We are about to go live with our new 11g Fusion Middleware environment and wanted to setup the password policy for user accounts before they logged in for the first time.
I logged in to Oracle Directory Services Manager, which by default resides at http://server:7005/odsm. The first screen is informational and shows you some relevant version numbers and some statistics.
To change password policy options click on the Security tab followed by clicking on Password Policy.
Next you need to determine the correct policy to modify. The easiest way is to probably look at the Distinguished Name which has the proper domain component values. (ie. dc=youserver, dc=com)
There are a number of options you can set for your password policy and the values you choose will be dependent on your corporate standards. To get help for any particular option click on it and a context sensitive dialog box will appear with more information.
Once you have made all your changed click on the apply button. This is where I ran into trouble and was presented with the following error:
I searched google, Metalink but didn’t find any solutions so I decided to try the command line method.
Login to the server which hosts your Identity Management Domain and initialize your environment. Properly set, ldapsearch and ldapmodify should be in your path.
To view the password policy use ldapsearch utility:
To modify the password policy use ldapmodify and pass it a file containing the options you’d like to change:
In the PolicyMod.txt document below I am modifying the minimum length of a password and the number of failures before their account is locked:
So now you are familiar with two methods to changing password policy settings.