WLST Script to Change User Password For Multiple Domains

Nov/10

WLST Script to Change User Password For Multiple Domains

Ravish Mody

Today, Murphy one of our subscriber asked us by commenting if we have any automated script which can change the password of the weblogic admin account for almost 50 weblogic domains because of some audit reasons they have. So seeing the requirement we took out sometime and wrote a WLST script which can do that job for Murphy and hope that this script would also help our other subscribers too.

The logic behind this WLST script is that we have created a property file called domainsDeatils.properties which has all the details about the domains which the password has to be changed. Now this properties file is been called from a WLST python script called ChangeAdminPassword.py which calls this properties and change the password.

Thus you just need to run the ChangeAdminPassword.py and your job would be done in no time

1. Below is the details which domainsDeatils.properties would have


domain.1.name=Domain_8001
domain.1.admin.url=t3://localhost:8001
domain.1.admin.username=weblogic
domain.1.admin.OLD.password=weblogic
domain.1.admin.NEW.password=jboss_123

domain.2.name=jms_7001
domain.2.admin.url=t3://localhost:7001
domain.2.admin.username=weblogic
domain.2.admin.OLD.password=weblogic
domain.2.admin.NEW.password=jboss_123

2. And below is the WLST python script ChangeAdminPassword.py which would call the above properties and will change the password.


from java.io import FileInputStream

propInputStream = FileInputStream("domainsDetails.properties")
configProps = Properties()
configProps.load(propInputStream)

domainName=configProps.get("domain.1.name")
adminUrl = configProps.get("domain.1.admin.url")
adminUser = configProps.get("domain.1.admin.username")
oldAdminPassword = configProps.get("domain.1.admin.OLD.password")
newAdminPassword = configProps.get("domain.1.admin.NEW.password")

print '################################################################'
print '        Chaning the Admin Password for :', domainName
print '################################################################'
print ' '
connect(adminUser,oldAdminPassword,adminUrl)
cd('/SecurityConfiguration/'+domainName+'/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator')
cmo.resetUserPassword(adminUser,newAdminPassword)
print '++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++'
print '*******  Congrates!!! ', domainName , ' Admin Password Changed Successfully  ********'
print '++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++'
print ' '
disconnect()
print ' '
print '####   Connecting Using New Credentials.....    ####'
print ' '
connect(adminUser,newAdminPassword,adminUrl)
print '####   Successfully Connected Using New Credentials !!!!    ####'
print ' '
disconnect()

domainName=configProps.get("domain.2.name")
adminUrl = configProps.get("domain.2.admin.url")
adminUser = configProps.get("domain.2.admin.username")
oldAdminPassword = configProps.get("domain.2.admin.OLD.password")
newAdminPassword = configProps.get("domain.2.admin.NEW.password")
print ' '
print '################################################################'
print '        Chaning the Admin Password for :', domainName
print '################################################################'
print ' '
connect(adminUser,oldAdminPassword,adminUrl)
cd('/SecurityConfiguration/'+domainName+'/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator')
cmo.resetUserPassword(adminUser,newAdminPassword)
print '++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++'
print '*******  Congrates!!! ', domainName , ' Admin Password Changed Successfully  ********'
print '++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++'
disconnect()
print ' '
print '####   Connecting Using New Credentials.....    ####'
print ' '
connect(adminUser,newAdminPassword,adminUrl)
print '####   Successfully Connected Using New Credentials !!!!    ####'
print ' '
disconnect()

Note: Make sure you keep both this files in the same folder when you are running the script or else you would have to give the path.

3 . Following would be the output as soon as you run the ChangeAdminPassword.py using the below command

Command:


java weblogic.WLST ChangeAdminPassword.py

Output:

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

################################################################
Chaning the Admin Password for : Domain_8001
################################################################

Connecting to t3://localhost:8001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'Domain_8001'.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++
******* Congrates!!! Domain_8001 Admin Password Changed Successfully ********
++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++

Disconnected from weblogic server: AdminServer

#### Connecting Using New Credentials..... ####

Connecting to t3://localhost:8001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'Domain_8001'.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

#### Successfully Connected Using New Credentials !!!! ####

Disconnected from weblogic server: AdminServer

################################################################
Chaning the Admin Password for : jms_7001
################################################################

Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'jms_7001'.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++
******* Congrates!!! jms_7001 Admin Password Changed Successfully ********
++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++
Disconnected from weblogic server: AdminServer

#### Connecting Using New Credentials..... ####

Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'jms_7001'.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

#### Successfully Connected Using New Credentials !!!! ####

Disconnected from weblogic server: AdminServer

Advantages of this script:

It can change any Users password , not only Admin user.
This can be used with multiple domains.

So do let us know if this script made your life easy or not…

Regards,
Ravish Mody

Buffer

If you enjoyed this post, please considerleaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.

Security, WLST

6 Comments for this entry

murphy_p_a
November 16th, 2010 on 9:39 pm
Thank you – Made my life easier 🙂

Log in to Reply
Baji Babu Jasti
November 19th, 2010 on 5:52 pm
Hi Ravish,

I really appriciate your hardwork on sharing your knowledge to others.

I have small question about the above script. Think we have 60 domains(as per murphy requirement), according to the script we need to add the lines stating from domainName entry to disconnect() in ChangeAdminPassword.py for 60 times. Do you think it is going to save our time. Is there any other way to simpify the script and save the time of administrators.

Regards,
Baji.

Log in to Reply
- Ravish Mody
  November 19th, 2010 on 9:05 pm
  Hi Baji,
  
  Welcome to Middleware Magic.
  
  Yes, I do understand that the script would become very long with more domains.
  
  However if we customize and tweak the same scrpit we can achive the same, like putting a for loop.
  
  If we get sometime out will get that scprit ready for everyone 🙂
  
  Regards,
  Ravish Mody
  
  Log in to Reply
Ravish Mody
December 20th, 2010 on 11:27 pm
Hi Baji,

Your wish is granted we have created an Updated Version for the above WLST script which would solve your issue, check out the below post.

[Update Version] WLST Script to Change User Password For Multiple Domains

Hope you like the new version of this script 🙂

Regards,
Ravish Mody

Log in to Reply
dhanshri
May 28th, 2012 on 1:59 pm
hi
we have 5 servers on one enviornment say (Production – WLI,WLP,WLS,ALSB and ADSP)
Can you please suggest whether i can use above scripr to change password for all unix hosts which are belong to each server.
If yes please suggest how i can do it.

Log in to Reply
naufal
May 24th, 2018 on 2:49 pm
Hi,

I have to do a certain task in multiple domains, and say for example if one of the domain is not running, the script will stop progressing to the rest of the domains.

You have any idea how to handle this ?

Thanks.

Log in to Reply