OK. Oracle Homes backed up, check. Database backed up, check. Beehive1.4.1 software downloaded and extracted, check.
I'm in a bit of a dilemma though... Do I upgrade my 1.3.1 to 1.4.1, or just do a fresh install of 1.4.1? In my Post install config, you'll notice I'm not quite up to configuring and testing Mail. So is doing an upgrade really worth seeing with my measly 2 users. I suppose theoretically it shouldn't matter if I've got 2 or 20,000 users, or any data stored for these users. I mean, obviously the timing may differ (I assume), but I doubt you the reader would be wondering how long it takes me to do an upgrade, (that's why you have test systems - do it yourself). So, 1.4.1 install would be cleaner.
Before we get to that, I kind of need to warn you about something, I've only just found it, and therefore haven't found the solution yet.
I can't log in as beeadmin....
I know I know, it's just a small issue. I didn't notice the other day after finishing the LDAP sync (as I was just excited to get it working). I hadn't had a chance until now to look at the environment to get ready for the Beehive 1.4.1 upgrade. (Those long time readers know I'm an Oracle Consultant, so I only get to play with Beehive after hours.)
I tried logging in as beeadmin. It didn't work, I thought I'd had the wrong password, (being a Consultant, you have to remember dozens of passwords). So went to change the password. Which then meant spending the next 1/2 hour figuring out if I had the right syntax. Every time I ran
[orabee@radium ~]$ beectl modify_user --user loginid=beeadmin --login_password
I got:
[orabee@radium ~]$ beectl command failed. See the log file for more details.
Profile doesnot have attribute mapping
Looking at the log I don't see much at all... Even when I fire it up with --log_level FINER I couldn't see anything pinpointing the error, so I'm assuming there's something wrong with my map between LDAP and UDS.
Maybe that's why I can't log in as beeadmin...Back I go.
[orabee@radium ~]$ beectl modify_property --component _AuthenticationService --name AuthStoreType --value db
[orabee@radium ~]$ beectl activate_configuration ; beectl modify_local_configuration_files
Tried logging in again as beeadmin, which... of course, works with the password I thought it was. Hmmm.
OK, so where does that leave me. My beeadmin password was correct after all, and if I tie in OID again, it's not going to let me log back in because of this attribute mapping issue.
Time to pull apart and rebuild my map. I'll let you know how I go.
If you have any suggestions, let me know.
Comments (2)
Hi,
Nice blog btw.
All your users authenticate either against ldap or db, not some-and-some. So when you configured for ldap integration, beeadmin could no longer log in... that's normal.
"But what about administration?" I hear you ask.
Well... you may be assuming that beeadmin is in some way "special" and not a regular user at all. In fact, beeadmin is just a normal user that happens to be seeded at install time, and granted a number of privileges that allow that regular user to perform administration.
You can grant the same privileges to another user (look at definition enterprise_admin, I think) - or more appropriately, you can assign the *appropriate* privileges to the *appropriate* user (or group) so that you don't have an "administrator" account but rather have a collection of regular users that perform selected slices of administration. Of course, for your two user test system that might not be relevant, but separation of privileges is an important aspect for administration of a real production environment as I'm sure you're aware.
Posted by richard | October 17, 2008 7:00 AM
Posted on October 17, 2008 07:00
See, now when you say it like that it makes complete sense...Much appreciated Richard. You have a good point with administration too, how many sites are out there that use the admin user for all their daily admin work. I spose it's the same as doing all your work as "sys" in the database or "root" on the OS...
This sounds like the topic of a blog to come...stay tuned.
Oh and people, I'd take note of what Richard says. Something tells me he's in the know. :-)
Posted by Gavin Parish | October 20, 2008 8:29 AM
Posted on October 20, 2008 08:29