Unable to login to admin ui

By: Hao Bin Kwan Account Admin 03 Mar 2017 at 3:16 a.m. CST

6 Responses
Hao Bin Kwan gravatar
Hi, I had a working Gluu + Cache Refresh + Manage LDAP Authentication (My own test OpenLDAP). I then assigned test user from my OpenLDAP under "Gluu Manager Group" so that I'm able to login to admin UI with the test user. However, I was testing on something when I removed "Source Backend LDAP Servers" and unchecked "Keep external persons" in Cache Refresh. Now I'm unable to login with any user including admin and my test ldap user testkwan2 (which was a member of Gluu Manager Group earlier) I've tried to add a tempadmin following https://gluu.org/docs/ce/2.4.4/operation/faq/ but it failed at the step 5 with the following error: ``` [root@localhost ~]# /opt/opendj/bin/ldapmodify -p 1636 -Z -X -D 'cn=directory manager' -w 'password' -f ~/add_user.ldif Processing ADD request for inum=tempadmin,ou=people,o=@!F9CC.D762.4778.1032!0001!2C72.BB87,o=gluu ADD operation failed Result Code: 32 (No Such Entry) Additional Information: Entry inum=tempadmin,ou=people,o=@!F9CC.D762.4778.1032!0001!2C72.BB87,o=gluu cannot be added because its parent entry ou=people,o=@!F9CC.D762.4778.1032!0001!2C72.BB87,o=gluu does not exist in the server Matched DN: o=gluu ``` In this case how can I re-gain access to admin UI? I badly need to login to continue my testing. Your urgent help is most appreciated!
CentOS72
closed

Answers

By Mohib Zico staff 03 Mar 2017 at 3:20 a.m. CST

Copy
Mohib Zico gravatar
Hello Hao, >> Additional Information: Entry inum=tempadmin,ou=people,o=@!F9CC.D762.4778.1032!0001!2C72.BB87,o=gluu 'inum' cannot be 'tempadmin'; inum is a hexadecimal number. 'tempadmin' can be 'uid'. >> ou=people,o=@!F9CC.D762.4778.1032!0001!2C72.BB87,o=gluu does not exist in the server This is interesting. 'ou=people' should be there by default ( as you had a working condition ). Please try to search for this DN and if it's not there... try to manually add this entry.

By Hao Bin Kwan Account Admin 03 Mar 2017 at 3:23 a.m. CST

Copy
Hao Bin Kwan gravatar
Hi Mohib, Thanks for getting back to me so quickly Do note that my Gluu was configured to connect to external LDAP in Manage LDAP Authentication before I screwed it up. Before I continue, will this adding tempadmin help? Or is there a physical file that I can re-configure to point it back to Gluu's internal LDAP instead? Thanks.

By Mohib Zico staff 03 Mar 2017 at 3:26 a.m. CST

Copy
Mohib Zico gravatar
>> Before I continue, will this adding tempadmin help? It will but as this user is inside 'localhost:1636'; so you need to change 'Manage Authentication' section as it can point to 'localhost:1636'. oxTrust is locked now so you have to go through ldap operations. The ldap attribute for 'Manage Authentication' feature is 'oxIDPAuthentication', you can change it according to your need through ldap browser or ldapmodify. >> Or is there a physical file that I can re-configure to point it back to Gluu's internal LDAP instead? No physical conf. file but only that ldap data available.

By Hao Bin Kwan Account Admin 03 Mar 2017 at 3:27 a.m. CST

Copy
Hao Bin Kwan gravatar
Now I'm getting this error: (apparently I overlooked this: you will have to substitute it with dn of your own People ou which you've acquired in step 3) ``` [root@localhost ~]# /opt/opendj/bin/ldapmodify -p 1636 -Z -X -D 'cn=directory manager' -w 'quintiq' -f ~/add_user.ldif Processing ADD request for ou=people,o=@!16F1.8914.E56A.022B!0001!7887.9B4D,o=gluu ADD operation failed Result Code: 68 (Entry Already Exists) ``` The content of my add_user.ldif is ``` dn: ou=people,o=@!16F1.8914.E56A.022B!0001!7887.9B4D,o=gluu changetype: add uid: tempadmin objectClass: gluuPerson objectClass: top givenName: tempadmin sn: tempadmin inum: tempadmin gluuStatus: active userPassword: 1q2w3e ```

By Hao Bin Kwan Account Admin 03 Mar 2017 at 3:28 a.m. CST

Copy
Hao Bin Kwan gravatar
> oxTrust is locked now so you have to go through ldap operations. The ldap attribute for 'Manage Authentication' feature is 'oxIDPAuthentication', you can change it according to your need through ldap browser or ldapmodify. Good to know, I will try this immediately and see how it goes

By Hao Bin Kwan Account Admin 03 Mar 2017 at 3:57 a.m. CST

Copy
Hao Bin Kwan gravatar
I managed to get into the admin UI now. Again many thanks for your support!!

Post an answer