You might need to use an LDAP browser to fix this. Not sure what went wrong. @Aliaksandr.Samuseu, do you know the DN of the entry that holds the cache refresh data?

Hi, John & Michael. Cache Refresh configuration is stored at this DN in directory tree: "ou=oxtrust,ou=configuration,o=gluu", in "oxTrustConfApplication" attribute. I'm not sure it's about it, in this case, though. If auth settings are incorrect, you are just presented with authentication error at oxAuth login page normally. An error like "Login failed, oxTrust wasn't allowed to access user data" points to a more serious configuration failure, in my experience (or, sometimes, it may appear when authentication works normally, but there are some stale cookies left around, so worth trying to flush cookies or use a new incognito window). Have you already tried to follow [this doc](https://gluu.org/docs/gluu-server/4.3/operation/faq/#no-admin-access-after-cache-refresh), John? Also, may be [this one](https://gluu.org/docs/gluu-server/4.3/operation/faq/#revert-an-authentication-method), but in your case it's already "simple_password_auth" anyway, I suppose. After you're back to using authentication against inbuilt LDAP server, you can try to configure AD auth again. Hope this helps.

> After you're back to using authentication against inbuilt LDAP server, you can try to configure AD auth again. > That is my plan, thank you. I was able to create the LDIF file and run ldapmodify successfully. Still doesn't give me the login screen, but I am continuing to work that. Now I get "OOPS An unexpected error has occurred at null login.errorSessionInvalidMessage" Thanks.

Can you recall any other changes to configuration you could introduce about the same time you were working on the CR + AD auth task?

Here are some suggestions that should at least rule out it's an authentication issue. Note: the commands further on will assume you put your local LDAP server admin password in `/tmp/.dpw` file (hope you still remember it) Please copy the lines below and put it inside `revert_to_local_auth.ldif` ``` dn: ou=configuration,o=gluu changetype: modify replace: oxIDPAuthentication oxIDPAuthentication: {"type":"auth","name":null,"level":0,"priority":1,"enabled":false,"version":0,"fields":[],"config":{"configId":"auth_ldap_server","bindDN":"cn=directory manager","bindPassword":"TQ8mGjB+hd9m+fWT159Xgw==","servers":["localhost:1636"],"maxConnections":1000,"useSSL":true,"baseDNs":["ou=people,o=gluu"],"primaryKey":"uid","localPrimaryKey":"uid","useAnonymousBind":false,"enabled":false,"version":0,"level":0}} - replace: oxTrustAuthenticationMode oxTrustAuthenticationMode: simple_password_auth ``` Then note the `bindPassword` property in the JSON above - you need to put your encoded admin password in there instead (the one you specified during installation). You should be able to just copy it from `/etc/gluu/conf/gluu-ldap.properties` file, it's already encoded there. If you forgot it, you can decode it with `# /opt/gluu/bin/encode.py -d ENCODED_PASS_STRING` Next, make sure you still have your default "admin" account around: `# /opt/opendj/bin/ldapsearch -h 127.0.0.1 -p 1636 -Z -X -s sub -D 'cn=directory manager' -b 'o=gluu' -j /tmp/.dpw '&(uid=admin)'` If it exists, let's reset its password as well, just in case. Store next lines in `change_admin_pass.ldif`: ``` dn: inum=some-inum,ou=people,o=gluu changetype: modify replace: userPassword userPassword: SOME_NEW_PASSWORD ``` Use any pass of your choice instead of `SOME_NEW_PASSWORD` and be sure to use the actual DN of your "admin" user's entry you've found out with `ldapsearch` command before. Now let's apply both LDIFs: ``` # /opt/opendj/bin/ldapmodify -h localhost -p 1636 -Z -X -D "cn=directory manager" -j `/tmp/.dpw` -f revert_to_local_auth.ldif # /opt/opendj/bin/ldapmodify -h localhost -p 1636 -Z -X -D "cn=directory manager" -j `/tmp/.dpw` -f change_admin_pass.ldif ```

If after that you still won't be able to log in with "admin" user at least as regular user, then we're probably looking at something else. You'll need to look inside `oxauth.log` and `oxtrust.log`, run `tail -F` on them may be to capture events at the time of your login attempts. See if any errors pop up.

If your install is not too old, you could also just do a fresh re-install. It may only take an hour or so to get back to where you were.