Content Management and Capture

 View Only
  • 1.  Is there any API for bootstrap and system account password change for automating the same

    Posted Wed August 16, 2023 09:42 AM

    Dears,

    Anybody please let me know if there is any API support for automating the password change activity in filenet like bootstrap and system account passwords.

    Regards,

    Rameez



    ------------------------------
    Mohammed Rameez
    ------------------------------


  • 2.  RE: Is there any API for bootstrap and system account password change for automating the same

    Posted Thu August 17, 2023 11:43 AM

    First, let me clarify the "bootstrap and system account" part of this question.  Prior to the 5.5.1 release, FileNet software made use of a "bootstrap user": a user who was configured at system deployment time, and who's identity and credentials were stored (in an encrypted manner) in the FileNet ear file.  This process was called "bootstrapping the Ear file" and the user was therefore referred to as the "bootstrap user".  This arrangement was eliminated in the 5.5.1 release, and replaced with a "system user", who's identity and credentials are stored (in an encrypted manner) in the FileNet Global Configuration (GCD) database.  So, the "system user" replaces the "Bootstrap user".  There is no more bootstrap user in any FileNet system at level 5.5.1 or higher.<o:p></o:p>

    Regarding the System user, yes, the password for the system user can be modified programmatically, and doing so at regular intervals is encouraged.  Below is a procedure that was recently given to a FileNet customer for this purpose.  I'll follow up and make sure that this procedure gets reflected in our product documentation (if it isn't already):<o:p></o:p>

    <o:p> </o:p>The system user is an LDAP based user.  To update the password, the password value must first be changed in the customer's LDAP server, and then in the FileNet system.  The user can be updated via the CE API, through the following process:<o:p></o:p>

    1. Using some directory service administrative tool or API, set the password for the CE system user to newPassword in the directory server.  Or this can be done through a password management tool<o:p></o:p>
    2. On a running CE server, execute the following code:<o:p></o:p>

    byte[] pw = newPassword.getBytes("UTF-8");<o:p></o:p>

    Domain.set_SystemUserPassword(pw);<o:p></o:p>

    Domain.save();<o:p></o:p>

    <o:p> </o:p>

    Step (1) must be done before step (2), as the Content Engine Server will verify that the new password is correct prior to allowing it to be saved.<o:p></o:p>

    <o:p> </o:p>

    The time window between updating the directory and making the system user update should be small to avoid potential issues in Process Engine.<o:p></o:p>

    <o:p> </o:p>

    <o:p> </o:p>

    Regards,<o:p></o:p><o:p> </o:p>

    Joe<o:p></o:p>



    ------------------------------
    Joe Raby
    ------------------------------



  • 3.  RE: Is there any API for bootstrap and system account password change for automating the same

    Posted Mon August 21, 2023 01:40 AM

    Thank you Joe.I will check this.



    ------------------------------
    Mohammed Rameez
    ------------------------------



  • 4.  RE: Is there any API for bootstrap and system account password change for automating the same

    Posted Tue August 22, 2023 01:46 AM

    Dear Joe,

    Also we need to know how we can change directory server user password with API along with websphere bind account.kindly let us know if there is any API support for this?



    ------------------------------
    Mohammed Rameez
    ------------------------------



  • 5.  RE: Is there any API for bootstrap and system account password change for automating the same

    Posted Tue August 29, 2023 10:57 PM
      |   view attached

    Hello Mohammed.  Sorry for the delayed response on this.  Changing the directory service password programmatically is a bit more complicated than changing the CE System user password.  This is a question that has been asked several times lately, along with the question of how to change the database user password in WebSphere.  So, I've combined answers to all of these questions into the attached PDF that hopefully can be a good resource.  This is a combination of input from a number of support team members and dev team members.

    Regards,

    Joe



    ------------------------------
    Joe Raby
    ------------------------------



  • 6.  RE: Is there any API for bootstrap and system account password change for automating the same

    Posted Wed August 30, 2023 09:54 AM

    Hi Joe,

    Thanks for pulling that PDF together.  There is one more area that may require credential changes.  The Component Queue Adapter in the Workflow system also needs to be modified. The JAAS user and password.  Do you have any documentation for this area? 



    ------------------------------
    Chuck Hauble
    Minneapolis MN
    ------------------------------



  • 7.  RE: Is there any API for bootstrap and system account password change for automating the same

    Posted Wed August 30, 2023 02:55 PM
      |   view attached

    Hi Chuck.  Good point on the Component Queue Adapter.  There is a separate document from the Process Engine team that covers changing that password, which I have attached to this reply. 

    Regards,

    Joe



    ------------------------------
    Joe Raby
    ------------------------------