GSL_PWDEXPIRED_EXCP :Your Password has expired Error | BI Server

Oracle Fusion Middleware

While starting Bi Server we started getting “GSL_PWDEXPIRED_EXCP :Your Password has expired” in logs and the server use to go shutdown state. The Bi server was integrated with OID/cental LDAP so we followed below steps to fix the issue and made the password expiry to never.

Error Seen While Starting the server:

<Sep 11, 2013 1:04:40 AM PDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>

<Sep 11, 2013 1:04:40 AM PDT> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>

<Sep 11, 2013 1:04:40 AM PDT> <Notice> <Log Management> <BEA-170019> <The server log file /opt/middleware/BIDomain/servers/AdminServer/logs/AdminServer.log is opened. All server side log events will be written to this file.>

[INFO ][memory ][Wed Sep 11 01:04:43 2013][1378886683475][10154] [YC#1] 8.069-8.094: YC 327411KB->156561KB (524288KB), 0.025 s, sum of pauses 24.612 ms, longest pause 24.612 ms.

<Sep 11, 2013 1:04:43 AM PDT> <Error> <Security> <BEA-090892> <The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: [LDAP: error code 49 – Password Policy Error :9000: GSL_PWDEXPIRED_EXCP :Your Password has expired. Please contact the Administrator to change your password.]>

<Sep 11, 2013 1:04:43 AM PDT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: [LDAP: error code 49 – Password Policy Error :9000: GSL_PWDEXPIRED_EXCP :Your Password has expired. Please contact the Administrator to change your password.]

weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: [LDAP: error code 49 – Password Policy Error :9000: GSL_PWDEXPIRED_EXCP :Your Password has expired. Please contact the Administrator to change your password.]

at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1402)

at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)

at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)

at weblogic.security.SecurityService.start(SecurityService.java:141)

at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)

Truncated. see log file for complete stacktrace

Caused By: oracle.security.jps.JpsRuntimeException: [LDAP: error code 49 – Password Policy Error :9000: GSL_PWDEXPIRED_EXCP :Your Password has expired. Please contact the Administrator to change your password.]

at oracle.security.jps.internal.common.ldap.connection.pool.AbstractConnectionPool.isPassingSanityConnectionTest(AbstractConnectionPool.java:152)

at oracle.security.jps.internal.common.ldap.connection.pool.JpsJNDIConnectionPool.getInstance(JpsJNDIConnectionPool.java:68)

at oracle.security.jps.internal.common.ldap.connection.JpsConnectionPoolManager.getPool(JpsConnectionPoolManager.java:42)

at oracle.security.jps.internal.core.datamanager.DataManagerFactoryImpl.getLDAPDataManager(DataManagerFactoryImpl.java:173)

at oracle.security.jps.internal.core.datamanager.DataManagerFactoryImpl.getDataManager(DataManagerFactoryImpl.java:107)

Truncated. see log file for complete stacktrace

Caused By: javax.naming.AuthenticationException: [LDAP: error code 49 – Password Policy Error :9000: GSL_PWDEXPIRED_EXCP :Your Password has expired. Please contact the Administrator to change your password.]

at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3067)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2815)

at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2729)

at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)

Truncated. see log file for complete stacktrace

>

<Sep 11, 2013 1:04:44 AM PDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>

<Sep 11, 2013 1:04:44 AM PDT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>

<Sep 11, 2013 1:04:44 AM PDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>

<Sep 11, 2013 1:04:44 AM> <FINEST> <NodeManager> <Waiting for the process to die: 9771>

<Sep 11, 2013 1:04:44 AM> <INFO> <NodeManager> <Server failed during startup so will not be restarted>

<Sep 11, 2013 1:04:44 AM> <FINEST> <NodeManager> <runMonitor returned, setting finished=true and notifying waiters>
Possible Solutions:

We can reset the password expiry time using two ways

  1. GUI way using LDAP browser tool

  2. CUI way using ldapmodify tool

GUI way using LDAP browser tool:

Login to ldap using the LDAP admin credentials.

LDAP Admin Credentials screen

Navigate to below two locations and update the pwdmaxage to 0 so that it will never expire:

dn: cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,dc=us,dc=oracle,dc=com

Ldap browser pwdPolicies screen

Ldap browser modify maxage pane

dn: cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext

Ldap browser maxage reset pane

Ldap browser maxage modify

CUI way using ldapmodify tool:

  1. Login to the IDM machine using admin Oracle account
  2. Open up Terminal
  3. Run the following commands:
cd /home/oracle/oid/Oracle_IDM/ldap/bin

export ORACLE_HOME=$HOME/IDM/BASEDIR/IDMTOP/products/dir/oid (Example: export ORACLE_HOME=/home/oracle/oid/Oracle_IDM1/)

export ORACLE_INSTANCE=$HOME/IDM/BASEDIR/IDMTOP/config/oid (Example: export ORACLE_INSTANCE=/home/oracle/oid/bioid2/ )

export LD_LIBRARY_PATH=$ORACLE_HOME/lib

export PATH=$ORACLE_HOME/bin:$PATH

export TNS_ADMIN=$ORACLE_INSTANCE/config
  1. Create a ldift file(Modify_maxage.ldift) with below content for modifying the Maxage.(Maxage set to 0 is never expire or else you can set it to pwdmaxage: 3153600 to make it valid for 1yr.)
dn: cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext

changetype: modify

replace: pwdmaxage

pwdmaxage: 0

dn: cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,dc=us,dc=oracle,dc=com

changetype: modify

replace: pwdmaxage

pwdmaxage: 0
  1. Run the following command to modify the maxage value.
$ORACLE_HOME/bin/ldapmodify -D cn=orcladmin -w Appsadmin1 -p 3060 -h obiee.ldap.oracle.com -f Modify_maxage.ldift

Sample Output:

replace pwdmaxage:

0

modifying entry cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext

modify complete

replace pwdmaxage:

0

modifying entry cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,dc=us,dc=oracle,dc=com

modify complete

Troubleshooting:

If you are not able to login to the Ldap, then you can follow below ldapmodify command to reset the password :

  1. Set the env.
cd /home/oracle/oid/Oracle_IDM/ldap/bin

export ORACLE_HOME=/home/oracle/oid/Oracle_IDM/

export ORACLE_INSTANCE=/home/oracle/oid/
  1. The following command unlocks the super user account
./oidpasswd unlock_su_acct=true connect=OIDDB
  1. Navigate to the Ldap folder:
cd /home/oracle/oid/Oracle_IDM/bin
  1. Enter these commands to create the following File:

vi reset.ldif

Enter these lines:

dn: cn=orcladmin,cn=Users,dc=us,dc=oracle,dc=com

changetype: modify

replace: userpassword

userpassword: Appsadmin1
  1. Run below command to reset the orcladmin pass
./ldapmodify –h obieeapp.us.oracle.com –p 3060 –D cn=orcladmin –w Appsadmin1 –f pwdreset.ldif

Once you are done with above reset steps for admin password you can proceed on setting the Maxage stuff as mentioned above.

In case of any ©Copyright or missing credits issue please check CopyRights page for faster resolutions.

Leave a Reply