Changing Database Passwords
Changing Database Passwords
This page describes the process of changing the database passwords. OpenEMPI uses two databases, a relational database for storing configuration, security and audit information and a graph database called OrientDB for storing the core data that is managed by the system.
Changing the Graph Database Passwords
The graph database uses two types of user accounts: a server account is used to connect to the database server that is hosting the database instance(s) for OpenEMPI and a database user account that is used to connect to a specific database. The system account is used only when the system is starting up and when a new entity is created for the first time. The rest of the time OpenEMPI uses the database user account to interact with the graph database.
Changing System Account Password
The default system account has a username of 'admin' and a password of 'admin'. To change the system account credentials, you need to modify the file 'orientdb-server-config.xml' in the conf directory under OPENEMPI_HOME. The default entry uses the username and password 'admin' and 'admin', respectively.
<users> <user resources="*" password="admin" name="admin"/> </users>
After changing the system account used by the graph database, you need to tell OpenEMPI what the system account credentials are. You make that change in the jdbc.properties file, which also resides in the conf directory.
orientdb.serverUsername=admin orientdb.serverPassword=admin
Changing Database Account Password
The default database account has a username of 'openempi' and a password of 'openempi'. To change the database account credentials, you need to first modify the corresponding database entry for the user. You can use the studio application or the console and modify the user account password. If you are using multiple entities beyond the person entity, there is a separate database instance for each entity so, you will need to apply the changes below for every database instance. The database username and password must be the same for all databases. Note that if you are using OpenEMPI 4.1 or newer, the configuration information is also stored in the graph database in a separate instance called openempiConfig-db. When you change the password or create a new account, you will need to do this against the openempiConfig-db as well.
UPDATE OUser SET password = 'openempi' WHERE name = 'openempi'
You can also create a new database user account using the create command below. Note that this must be done for the configuration database instance openempiConfig-db and any other entity database you are supporting beyond the initial person-db instance.
CREATE USER <user> IDENTIFIED BY <password> role admin;
You can also disable an existing database account using the command below. If you suspend a database account, the application can no longer use this account to connect to the database.
UPDATE OUser set SET = 'SUSPENDED' where name = 'openempi';
After changing the database account used by the graph database, you need to tell OpenEMPI what the account credentials are. You make that change in the jdbc.properties file, which also resides in the conf directory.
orientdb.username=openempi orientdb.password=openempi