Whether you are using a JDBC driver and associated views in front of the FND_USER table(see IDM Driver for Oracle Applications aka eBusiness Suite) or the LDAP driver if OID support is configured for eBusiness Suite, it is possible to take advantage of the FNDCPASS utility on UNIX/Linux to send commands, using the Scripting driver or pretty much any driver that you can load using the Java Remote Loader.

For information about FNDCPASS, you can Google it or check the Oracle web site.

First, we need to install the Java Remote loader on the UNIX or Linux system running the Oracle Foundation database. Here is a summary of the steps:

1. Login with a user account that has rights to execute FNDCPASS;

• Set environment variables for the User;

• Add java to PATH, e.g. >PATH=$PATH:/opt/java1.5/bin

• Set JAVA_HOME>JAVA_HOME=/opt/java1.5

• Unzip the Java Remote Loader in the home dir for the User

• Configure passwords for remote loader >./dirxml_jremote -config config8000.txt -sp

• Start remote loader >./dirxml_jremote -config config8000.txt &

-------------------------
applmgr.FINP:>cat config8000.txt
################################################################################
# Sample configuration file for rdxml or dirxml_jremote. See usage.html for
# descriptions and explanations of these and other available parameters.
#
# This sample demonstrates a configuration for loading the Delimited Text
# driver.
################################################################################
-commandport 8000
-connection "port=8090"
-trace 4
-tracefile ./trace8000.log
-class com.novell.ncs.dirxml.driver.cmd.AppShim
------------------------

Click to view.

Figure 1: Policy Builder rules.

Click to view.

Figure 2: Policy Builder rules.

You can copy the following DirXML Script(see attachment) into Policy Builder(XML Source):

<!-- ------------------------
	<rule>
		<description>Password Reset via FNDCPASS</description>
		<conditions>
			<and>
				<if-class-name op="equal">User</if-class-name>
				<if-operation disabled="true" op="equal">modify</if-operation>
				<if-association disabled="true" op="associated"/>
				<if-op-attr name="OraFinPassword" op="changing"/>
			</and>
		</conditions>
		<actions>
			<do-append-xml-element expression="." name="exec"/>
			<do-set-xml-attr expression="exec" name="cmd">
				<arg-string>
					<token-text xml:space="preserve" xmlns:xml="http://www.w3.org/XML/1998/namespace">/applfinp/finp/fnd/11.5.0/bin/FNDCPASS apps/password 0 Y system/password USER </token-text>
					<token-attr name="OraFinUserName"/>
					<token-text xml:space="preserve" xmlns:xml="http://www.w3.org/XML/1998/namespace"> </token-text>
					<token-op-attr name="OraFinPassword"/>
				</arg-string>
			</do-set-xml-attr>
		</actions>
	</rule>
--------------------------------------------- -->

I extended my schema to add OraFinUserName and OraFinPassword to contain Username and Password, through an Auxiliary class. You need to open the Filter for OraFinPassword(Sync or Notify).

When you try to sync a new password to Oracle, you will see a success/failure status in the trace. For the trace, you can use tail -f trace8000.log for a live trace.

You will also see some log files generated by the FNDCPASS command, e.g. L7274730.log.

Keep in mind that password policies may be implemented on the Oracle side, and the log files should provide clear error messages if a password is refused.