How to reset admin password of BPM internal LDAP (ApacheDS)

How to reset admin password of BPM internal LDAP (ApacheDS)

book

Article ID: KB0080117

calendar_today

Updated On:

Products Versions
TIBCO BPM Enterprise (formerly TIBCO ActiveMatrix BPM) 3.x, 4.x

Description

If the admin password for internal ApacheDS server was mistyped when being changed, or simply forgotten, tibco-admin user may be locked out of BPM & the ApacheDS instance.
​As there is no way to recover the admin password, it is necessary to reset the system partition of the ApacheDS instance.

Issue/Introduction

How to reset mistyped/forgotten password for ApacheDS admin account

Environment

Any non-production BPM system (internal apacheds should not be deployed in Production system)

Resolution

To reset the system admin password for AMX/BPM internal ApacheDS server, use this procedure: 
  1. In Admin UI, go to Applications tab, expand & select amx.bpm.shared.sysapps/amx.bpm.apacheds
  2. ​Stop this app 
  3. Go to the app's Substitution Variables tab, copy Local Value of workingDirectory
  4. In a command shell (or file manager) go to that folder path, delete the subfolder named system
  5. Back to Admin UI, Start the amx.bpm.apacheds application
On startup, ApacheDS will regenerate the 'system' partition with all default values.
i.e. the admin user (uid=admin,ou=system) will have the default password "secret" 

You can then use any suitable LDAP Client to connect to the ApacheDS instance as the admin user to change the password.

Note: this procedure is considered very low risk despite resetting the entire system partition, because: 
  • User/group data should only exist in non-system partitions, which are not affected 
  • Ordinarily, everything in system partition would be at default settings anyway (except the forgotten admin password!)
(Similar procedure can be used for an external ApacheDS instance, substituting the appropriate stop/start commands & configuration folder)
Powered by Wolken Software