How to migrate Apex users with existing passwords.

Hi Guys,
Our apex env finally getting a upgrade from 3.1.1 to 4.1.1 (I know, it's been overdue for years)
Some of our apps use 'Application Express' authentication, and have few hundreds users in Apex (and users belong to diff user groups).
The issue is, the 4.1.1 env is set up on a brand new server and DB, we want to migrate these users with their existing passwords from the 3.1.1 env.
I tried exporting the workspace, and the users are exported as below,
     begin
     wwv_flow_fnd_user_api.create_fnd_user (
     p_user_id => '10592934818556549584',
     p_user_name => 'TEST',
     p_first_name => 'a',
     p_last_name => 'b',
     p_description => '',
     p_email_address=> '[email protected]',
     p_web_password => 'E92903DEAD135E6E86BD6B64544D2BD9',
     p_web_password_format => 'HEX_ENCODED_DIGEST_V2',
     p_group_ids => '10592435401495787816:',
     p_developer_privs=> '',
     p_default_schema=> 'TEST',
     p_account_locked=> 'N',
     p_account_expiry=> to_date('201212040000','YYYYMMDDHH24MI'),
     p_failed_access_attempts=> 0,
     p_change_password_on_first_use=> 'Y',
     p_first_password_use_occurred=> 'N',
     p_allow_access_to_schemas => '');
     end;
when I run this in 4.1.1 I had to modify it to the new format as below,
also changed the p_group_ids to new user group but kept the password the same
     begin
     wwv_flow_fnd_user_api.create_fnd_user (
     p_user_id => '',
     p_user_name => 'TEST',
     p_first_name => 'a',
     p_last_name => 'b',
     p_description => '',
     p_email_address=> '[email protected]',
     p_web_password => 'E92903DEAD135E6E86BD6B64544D2BD9',
     p_web_password_format => 'HEX_ENCODED_DIGEST_V2',
     p_group_ids => '1399416797653068:',
     p_developer_privs=> '',
     p_default_schema=> 'TEST',
     p_account_locked=> 'N',
     p_account_expiry=> to_date('201209041006','YYYYMMDDHH24MI'),
     p_failed_access_attempts=> 0,
     p_change_password_on_first_use=> 'Y',
     p_first_password_use_occurred=> 'N',
p_allow_app_building_yn=> 'N',
p_allow_sql_workshop_yn=> 'N',
p_allow_websheet_dev_yn=> 'N',
p_allow_team_development_yn=> 'N',     
p_allow_access_to_schemas => '');
     end;
the result was that the user is created fine, but the password is not valid.
Anyone knows how to export apex users with existing password to a new server?
Thanks.
Edited by: Danny on 3/12/2012 20:51

Hi,
Not sure why you say
when I run this in 4.1.1 I had to modify it to the new format as below, If you just run the workspace export sql it should create the Workspace, Groups and Users
The signature of the procedure is below. See the highlighted lines.
procedure create_fnd_user (-- Description:
-- This procedure allows for programatic and bulk creation of users.
-- Example:
-- From sqlplus logged in as the privileged flows user, first
-- ensure that the security group id is set properly, then create
-- your users.
<b> -- begin wwv_flow_security.g_security_group_id := 20; end;</b>
-- begin
-- for i in 1..10 loop
-- wwv_flow_fnd_user_api.create_fnd_user(
-- p_user_name => 'USER_'||i,
-- p_email_address => 'user_'||i||'@mycompany.com',
-- p_web_password => 'user_'||i) ;
-- end loop;
-- commit;
-- end;
-- Arguments:
-- p_user_id numeric primary key of user
-- p_user_name the username the user uses to login
-- p_first_name informational only
-- p_last_name informational only
<b> -- p_web_password the unencrypted password for the new user</b>
-- p_group_ids A colon delimited list of group IDs from the table wwv_flow_fnd_user_groups
-- p_developer_privs A colon delmited list of developer privs, privs include:
-- ADMIN:BROWSE:CREATE:DATA_LOADER:DB_MONITOR:EDIT:HELP:MONITOR:SQL:USER_MANAGER
-- p_default_schema A valid oracle schema that is the default schema for use in browsing and
-- creating flows
-- p_allow_access_to_schemas A colon delimited list of oracle schemas that the user is allowed to
-- parse as. If null the user can parse as any schema available to the company.
-- This does not provide privilege it only resticts privilege, so listing a schema
-- does not provide the privilege to parse as a schema, it only restricts that user
-- to that list of schemas.
-- p_attributes_XX These attributes allow you to store arbitary information about a given user.
-- They are for use by flow developers who want to extend user information.
<b> -- p_web_password_format Identifies the format of the web password.
-- The range of values is CLEAR_TEXT, HEX_ENCODED_DIGEST, DIGEST </b>
-- p_person_type "E" marks the user as external
-->
Note there is no HEX_ENCODED_DIGEST, DIGEST_V2 listed. It may work, but not obvious from the signature.
Cheers,

Similar Messages

  • How to migrate AD users with two different Domain.

    Hi 
    I want to test in LAB.I have installed win 2008 server on Comp1 and domain name xyz.com & IP 192.168.1.1.and i have installed win 2008 on comp2 and domain name abc.com.ip is 192.168.1.100,and i have created trust relationship between.
    Now i want to migrate Ad uesr Account from xyz.com to abc.ocm.
    How will we do???
    Pls help...
    Thanks
    Anil

    Hi Anil,
    After configuring trust, you can use ADMT to migrate users, computers etc between domains.
    To export the password of AD User Accounts from xyz.com to abc.ocm, you need to install Password Export Server(PES) on the source domain (xyz.com).
    Checkou the below link on ADMT and PES installation,
    http://social.technet.microsoft.com/wiki/contents/articles/16208.interforest-migration-with-admt-3-2-part-2.aspx
    Checkou the below link on AD user account migration,
    http://social.technet.microsoft.com/wiki/contents/articles/16621.interforest-migration-with-admt-3-2-part-3.aspx
    Regards,
    Gopi
    www.jijitechnologies.com

  • Creating 50 users with SAME password

    All
    I need to create 50 Trainning users with SAME password.
    Does SAP allows to do it ? SU10 does not let me know
    enter the password ?
    Is there any report that I can use ?
    How can use SCAT trasaction to do this ?
    Please advise.
    Thanks
    From
    PT.

    Hi Pranav,
    Yes SAP allow you but for security reason its not recomended.
    But you can't give the password same like the username, SAP will not allow your to give password that contain userid.
    You can use SCAT to create the 50 user.
    First you recard the transcation first
    Than change the value with parameter (type &parameter_name)
    and than you can create a excel file that contain the 50 user.
    and use SCAT to run it.
    Please read:
    http://help.sap.com/saphelp_47x200/helpdata/en/f4/3f9ef659a711d1bc84080009b4534c/content.htm
    or
    http://help.sap.com/saphelp_47x200/helpdata/en/fd/f10538d6cb1e3be10000009b38f8cf/frameset.htm
    Regards,
    Fendi Suyanto

  • How to save a photo with a password on a mac

    how to save a photo with a password on a mac

    http://osxdaily.com/2012/08/12/encrypt-folders-mac-os-x/
    Note: I have never tried this.
    Best.

  • Need MBAM 2.5 Helpdesk and selfservice sites to open for authenticated users with no password prompt

    I Need MBAM 2.5 Helpdesk and self service sites to open for authenticated users with no password prompt. I just cant seem to get this to work. The account used in the application pool has its SPN registered and delegation set. I can use that account to login
    to the sites but am prompted for a password. That said anyone I add into the helpdesk users group cannot negotiate the sites. Only the account I have set in the application pool can. I want domain authenticated users that have been added to the MBAM Help Desk
    Users group to negotiate the site with NO password challenge at all.
    tconners

    This generally means that your SPN is not set up correctly.  Let's say the web server you installed the SSP on is lance.contoso.com and your app pool creds are corp\lance.  You should set an SPN similar to setspn -s http/lance.contoso.com
    corp\lance.  In your browser, you should now be able to access the SSP without prompts.  However, if you still get prompted, generally that means that your local intranet zone in IE does not have an entry for *.contoso.com.  Since you are entering
    an FQDN in your browser, IE interprets the "." to mean "on the internet" which breaks Kerberos authentication.  By adding *.contoso.com to your local intranet zone, you are telling it that lance.contoso.com is on the intranet, so use
    Kerberos.
    I can confirm, that I have exact configuration and I always get the password promt for the very first time. We have 2 server (1xIIS and 1xSQL) infrastructure in production with SPN set like it should and I get the password prompt.

  • How to install apex 4 with Oracle Fusion Middleware Web Tier Utilities

    Hi all,
    Does any one know how to install apex 4 with Oracle Fusion Middleware Web Tier Utilities ?
    I follow the instructions http://download.oracle.com/docs/cd/E17556_01/doc/install.40/e15513/toc.htm but there's no directory called ORACLE_HTTPSERVER_HOME\Apache and ORACLE_HTTPSERVER_HOME/ohs/modplsql/conf/dads.conf
    I don't know where's dads.conf file to make change
    Please hellp me on this case
    Thanks & regards

    A little bit odd is an understatement. The first time I found I had to download over 1Gb of stuff to run a simple web server I practically fell over! Hopefully, the Apex Listener team will update it to have backwards compatibility with mod_plsql and we can ignore trying to install Oracle Fusion Middleware Web Tier Utilities...
    However, until then the TNS Names error generally means that there isn't a TNS alias set up for the database you have referenced in the mod_plsql dad. If you open up the dads.conf file you should see something like
    PlsqlDatabaseConnectString localhost:1521:databasealias
    If you then open a command prompt and do TNSPING databasealias you should get a response like this
    Used TNSNAMES adapter to resolve the alias
    Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)
    (HOST = localhost)(PORT = 1521))) (CONNECT_DATA = (SERVICE_NAME = ***)))
    OK (20 msec)
    If you don't it means you need to add it in.
    Hope this helps

  • Migration Users with MD5 Passwords to Directory Server 6.1 on Solaris 10

    Hi,
    We are currently in a requirement of migrating some users to a application database to inside LDAP. Currently Application maintained the passwords in the MD5 hash form. Typical 32 digit Hex value - 41da76f0fc3ec62a6939e634bfb6a342
    Is there a way we can migrate these Users password to directory Server as-is so that they don't end up facing the prospect of resetting post migration.
    I have done some of the initial ground work but seems to be missing other critical info if at all it's possible.
    I believe it's possible to have CRYPT password policy (which directory server uses from underlying OS) as one of the plug-ins to configure in a way that underlying CRYPT utility starts to process/provide/support MD5 hashes. I got it to work, my using the below command on DSEE instance:
    dsconf set-plugin-prop -p 389 CRYPT argument:'$md5$'
    But for some reasons the MD5 hash (Sun MD5 library) provides does not match with the original hash value. It's 22 char long (as I have not specified any salt length) so I am assuming it's Base64 encoded. I have a perl script which converts the original 32-digit hex values to a base64 encoded representation (which I have also verified with other open source tools)
    Is there a way I can tweak CRYPT utility or something so that it understands typical standard MD5 hashes. (Confused between Sun MD5 and BSD (Linux) MD5 - none of them seems to match standard MD5 generated value).
    Any leads on this would be really helpful ?

    Just to reclarify or throw more information:
    a password - cleartext value - testuser1 has 32-digit HEX value as - 41da76f0fc3ec62a6939e634bfb6a342
    Same password when converted to Base64 pattern becomes - Qdp28Pw+xippOeY0v7ajQg==
    But when I use pwdhash utility in DSE after configuring CRYPT to use MD5 hashes it becomes -
    {crypt}$md5$$LiB/H70zXr3xfQPoXVuUQ1
    I used below command :
    pwdhash -D /opt/SUNWdsee/dsee6/ds6/slapd-oha-dev -s CRYPT testuser1
    Actual hash value of pwdhash is -LiB/H70zXr3xfQPoXVuUQ1 with rest of the prefix is to meet RFC standard and salt and algo name separator.
    I am wondering if Sun MD5 default uses any salt even when I haven't used or DS does it. Or if any other MD5 option is there which can be used.
    Thanks,
    Gaurav

  • How to find Apex user table

    Hello,
    Please let me know, how to find the apex user table. I need to validate unique user based on the same, for which I am using below function,
    DECLARE
    VAL BOOLEAN;
    BEGIN
    VAL := APEX_UTIL.IS_USERNAME_UNIQUE(p_username =>
    :P6_USERNAME );
    END;
    However in this case it is returning always 'FALSE', saying new user exist.
    Kindly help me in fixing this issue.

    Hello Andre,
    I am validating records from apex_workspace_apex_users, to check whether user is present or not,
    While creating validation, I select SQL-> Not Exist and below query,
    select 1 from apex_workspace_apex_users where user_name = :my_user.
    If this record is present, it should throw an customised error, however it shows the error of "Unique key violation error...".
    Can you please help me out whether while creating validation I should select (EXIST or NOT Exist). Since I am still confuse with the same.
    Thanks,
    Girish

  • How to use CMS Users with SAP BOPC NW 7.5

    Hello,
    I have problems importing and using CMS Users with BO PC 7.5 NW.
    I am trying two types of CMS-users
    1. CMS Enterprise Users created in CMS and using "Enterprise" authentication
    2. SAP BW Users imported into CMS using their SAP authentication "secSAPR3")
    but both don't work:
    In the BOPC Admin Client, I can succesfully select Security->Users->"Add new Users". Both CMS "Enterprise Users" and CMS Users that use SAP authentication are displayed in the "Everyone" Group.
    The CMS Enterprise Users are displayed as <username>, e.g. "Miller".
    The CMS users with sap authentication are displayed as <SAPSystem><Client>/<SAPusername>, e.g. "KBE100/Smith".
    Now If I try to import a user...
    1. CMS Enterprise Users
    If can successfully import CMS Enterprise Users and add them to the ADMIN Team, e.g. "Miller".
    The problem is they can't be used to log in to the Admin Client and Excel Client:
    E.g. I enterUser-ID "Miller" and his CMS-Enterprise-password under password after starting Excel Client, an error message shows up: "The UserID, Password or Domain cannot be authenticated. Go back and make sure you entered valid credentials" ... (same error message as if the user wouldn't exist/wrong pw.).
    Seems the user wasn't added as BO PC user. Or do I need to use any prefix before the "user ID" for CMS Enterprise users in the User_ID field instead of just "Miller"?! 
    2. CMS Users which use SAP-authentication (users imported into CMS from BW and use SAP-authentication)
    In the BO PC Admin Client, I can't import them: I go through "1. User Setup" select "KBE~100/Smith", "2. User Detail", "3. Assignments", but if I am in "4. Finish" and click on "Apply", the following error shows up:
    "Failed to create directory \root\Webfolders\<AppSetName>\<Appname>" for "KBE~100/Smith".
    My guess is that the operating system doesn't like the "/" in the Username - but I guess this can't be changed  bc. these Users from CMS and are already displayed with the "/" between SAPSystemID~ClientNummer and username in the User-list in BOPC Admin Client!
    side remark: if I create a SAP CMS Enterprise user which contains a "/" in the username (on pupose ), I am getting the same error message.
    Any help, explanations and workarounds are greatly appreciated - Any solution will be awarded with maximum points!
    Best Regards and thanks a lot for your help!

    Hi Florian,
    The problem seems indeed the file system on the bw not being able to handle "/". The automatic user import from the bw role into the CMC does not give you an option to replace the "/" character with anything else.
    This should solve it:
    - Go to the CMC double click the user. Delete the server part "KBE100/" and click save. Make sure the default system is set to "KBE100". The user should now be able to login from BPC with the user Smith.
    Good luck,
    Martin

  • How to Link AD user with Apps user

    Hi,
    We are in process of authenticating EBusiness suite users against their Active Directory credentials.
    We did the following:
    1. Import Apps users into OID
    2. Import AD users into OID
    We dont know how to link AD account with EBz account. Are we on right track?
    Please let me know if there is any document which explains the linking process.

    FYI
    I sucessfully authetnicated the AD user in OID against AD password using external auth.
    Do I really need to import ebusiness apps users into OID and then establish a link? Pls help me explain the process.

  • Connect DB - SYS user with wrong password

    Hi All,
    A strange thing I have noticed with SYS user since Oracle 9i(never worked on earlier versions) is that I can connect to the SYS user as SYSDBA with wrong password as well! Please guide how to prevent this...
    (I have searched for a solution online but was unable to find any :( )
    SQL> CONN SYS/AAA@TEST AS SYSDBA
    Connected.
    SQL> DISC
    Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
    With the Partitioning, OLAP, Data Mining and Real Application Testing options
    SQL> CONN SYS/BBB@TEST AS SYSDBA
    Connected.
    SQL>
    SQL> DISC
    Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production*009*

    There is nothing wrong and nothing should be, IMO, prevented.
    When you log in to the server as an user in the dba group (Unix) or the ora_dba group (Windows), you are a power user and O/S authentication applies to you, and you don't need a password.
    Logging in as owner of the software (oracle) all the time, what many DBAs do, is a bad idea anyway, as you can remove anyufile on O/S level.
    Strategies to prevent this:
    - make sure your account isn't in the groups I mentioned
    or
    - disable O/S authentication by editiing sqlnet.ora
    Both procedures are documented.
    Finally please note anyone who has root access can get around this easily.
    Sybrand Bakker
    Senior Oracle DBA

  • How can OIM provision users with same Display Name in AD?

    I can create users with same First Name, Middle Name and Last Name (same Display Name) in OIM if they have different UserId.
    But I can not provision two users with same Display Name to one Organization Unit in AD, the resource provisioning shows
    Status: Rejected
    Response: AD user already exists
    Can AD be configured to create users with same Display Name (different UserId) in one OU, or would I have to create logic in OIM to modify the display name so it gets accepted by AD?
    Thanks!

    Thanks Nitesh. Also, I can create the user with same DN in different OU's, not in same OU.
    I agree once we determine that same cn exists in one OU , I can modify the display name by appending a number at the end or something. I understand the logic but I need more details on how to specify this logic in the pre-pop adapter, can you please share more details.
    Thanks a lot!

  • How to migrate network users to new home directory

    Want to migrate network user accounts from current directories on an internal drives on a Mac Pro  to a newly connected XRAID box.
    Before the XRAID was attached, network users were able to use their home directories to log into the system, but space was limited and we had them use Network Attached Storage (NAS) devices to store their data and media files.   The XRAID now provides 7TB or protected storage and we'd like to move their accounts to the arrays in the XRAID box.
    Have not been able to find details on how best to handle this.  Don't know if the current info needs to be exported, user ID's delete/recreated - or modified to point to new home directories, and then imported, etc.   I have most of the Apple 10.6 Server manuals, but have not run across info for this type of change/migration.
    Thanks for any leads to this information, or how-to's.
    Tom

    Did some trials with some bogus users I set up on the original share device.
    Did the unshare as mentioned. Created new share directory on the Xraid.  Ran CP to copy users in the old share directory to the new.  Shared the new Xraid directory and set auto-mount.
    While the share directories were on two completely separate volumes and their paths were fine.  Workgroup Manager shows the shares by servername/sharename.   So I now had sharename and sharename-1 showing up in WM.  The old share directory had been Unshared, but as long as any users in WM point to the old directory - it shows up on the list.
    Seeing this, I deleted the newly copied users and deleted the Xraid share directory.  Then created newsharename on the Xraid, ran the CP to this new name.  Used WM to change the Home directory for each user.  User logon failed because the path names had changed.  Deleted the new users and the new Xraid directory and retried first method with same sharename and resulting sharename-1 in WM.
    Updated the user's home directories to sharename-1 in WM.  Once all were changed, the old sharename dropped out of the WM list, but I was left with the sharename-1.  User Logon was spotty - some were OK, others had issues, some earlier OK logons failed later.  Was not rock solid.
    Before I move any real user accounts and all their data, need to be certain there will be no issues.  This naming issue of the share appears to be the bug in the process.  Ideas to overcome this naming issue?
    What I didn't try (thought of later, after testing) was to unshare the sharename-1 and go back and select the sharename again.  Thinking is the "-1" due to the duplicate should not be an issue.  But now the Home Directory info will have the "-1" - this caused Logon issues.  Possibly WM will show these as sharename-1 as old Home location and allow me to select plain sharename and all be settled.
    No where near the clean process I thought Apple Server would provide for moving user Home and Data.
    Open to any and all ideas.  Thx!
    Tom

  • How to migrate External users

    Hi Guru's
    Hyperion version 11.1.2.2,Hyperion Planning
    we have Nativedirectory and 2 more external directories..We are planning to migrate the application from Testing to Production..
    I have a doubt that How to Migrate the External users..By using LCM  or any otherway..Please help me with this.
    Thanks In Advance,
    Krishna

    I think you dont have to worry on migration of external users as they reside in the User directory configured in shared services.
    You will have to configure those user directories in target shared services & can use LCM to import the provisioning.
    Regards,
    Santy.

  • How to provide the user with a list of files to pick from...for downloading

    hai..
    I have uploaded the file succesfully.. now we need to download the file...... which has been uploaded..... for that we have implemnted the Query as..
    select max(id) from APEX_APPLICATION_FILES ,here the latest uploaded record will be retrieved and shown.
    Now We want to provide the user with a list of files to pick from for downloading..,Dat is he should be shown the list of files which is available from dat he has to select one file to downlaod ???
    can u plz tell me how to do it....
    anoo

    Hi Anoo,
    Create a report using the following SQL statement:
    SELECT ID,
    FILENAME,
    CREATED_ON
    FROM APEX_APPLICATION_FILES
    ORDER BY CREATED_ON DESCThere are other fields available from the table, but the above gives you a start.
    Then edit the report's Report Attributes.
    Edit the CREATED_ON column and pick a Number/Date Format to use for the display and Apply Changes
    Edit the ID column. In the Column Link section, enter:
    Link Text: &lt;img src="#IMAGE_PREFIX#download.gif" alt="Download"&gt;
    Target: URL
    URL: p?n=#ID#
    Apply Changes and run your report
    Andy

Maybe you are looking for

  • Macbook pro (early 2011) takes multiple attempts to wake from sleep and turn on.

    I've had a MPB since April 2011 and since I've gotten it I've had this problem. When I want to use the computer, whether from deep sleep or simply turning it on, it sounds like its beginning to turn on but then it makes this clicking noise and stops.

  • Why does Logic take so long to load?

    I have a dual quad core Mac Pro from last year and 8 gb of RAM. I have 4 internal drives and 2 external drives. Most of my music is not that complex: perhaps 8-10 tracks at the most. Typically it takes 2-3 minutes for Logic to completely load a song.

  • Using Elements from an XML File

    Background: I am writing a config file for an applicaiton and inside this file on initial setup parameters are supplied. I can get some to work (i.e. directories and such), but when i try to give it the driver name for the database, the Class.forName

  • AT NEW AND AT FIRST AND AT LAST

    WHAT IS THE FUNCTION OF AT NEW AND AT FIRST AND AT LAST? Title edited by: Alvaro Tejada Galindo on Dec 24, 2007 7:46 AM

  • ADF Menu or ADF tree

    Hi experts , JDEV 11.1.2 which is better ? 1. implement menu using ADF menu component. 2. implement menu using ADF tree component. i just wish to knw which is better method? PMS