Locked out of admin console

By: Kwadwo Obeng user 18 Dec 2020 at 5:43 a.m. CST

4 Responses
Kwadwo Obeng gravatar
I just integrated gluu server with my AD using cache refresh.I have checked the LDAP browser and all the users have been uploaded successfully.I also added my AD at in the "Configuration-Manage Authentication" Section.I didn't want to get locked out so I didn't delete the local ldap configuration on that page.But now I can't login in with any of the usernames in my AD neither can I with the default admin user
Gluu 4.1.2 Ubuntu 20.0
closed

Answers

By Kwadwo Obeng user 18 Dec 2020 at 5:48 a.m. CST

Copy
Kwadwo Obeng gravatar
This is from my logs ``` 2020-12-18 11:30:04,286 ERROR [ForkJoinPool.commonPool-worker-1] [org.gluu.oxauth.service.AppInitializer] (AppInitializer.java:283) - Exception happened while reloading application configuration org.gluu.persist.exception.operation.ConfigurationException: Failed to create LDAP connection pool! Result code: '89 (parameter error)' at org.gluu.persist.ldap.impl.LdapEntryManagerFactory.createEntryManager(LdapEntryManagerFactory.java:51) ~[oxcore-persistence-ldap-4.2.1.Final.jar:?] at org.gluu.persist.ldap.impl.LdapEntryManagerFactory.createEntryManager(LdapEntryManagerFactory.java:23) ~[oxcore-persistence-ldap-4.2.1.Final.jar:?] at org.gluu.persist.ldap.impl.LdapEntryManagerFactory$Proxy$_$$_WeldClientProxy.createEntryManager(Unknown Source) ~[oxcore-persistence-ldap-4.2.1.Final.jar:?] at org.gluu.oxauth.service.AppInitializer.createPersistenceAuthEntryManager(AppInitializer.java:416) ~[classes/:?] at org.gluu.oxauth.service.AppInitializer$Proxy$_$$_WeldSubclass.createPersistenceAuthEntryManager(Unknown Source) ~[classes/:?] at jdk.internal.reflect.GeneratedMethodAccessor256.invoke(Unknown Source) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] at org.jboss.weld.injection.StaticMethodInjectionPoint.invoke(StaticMethodInjectionPoint.java:95) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.injection.StaticMethodInjectionPoint.invoke(StaticMethodInjectionPoint.java:85) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.injection.producer.ProducerMethodProducer.produce(ProducerMethodProducer.java:103) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.injection.producer.AbstractMemberProducer.produce(AbstractMemberProducer.java:161) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.bean.AbstractProducerBean.create(AbstractProducerBean.java:180) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.contexts.AbstractContext.get(AbstractContext.java:96) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.gluu.service.cdi.util.CdiUtil.getContextBean(CdiUtil.java:48) ~[oxcore-service-4.2.1.Final.jar:?] at org.gluu.oxauth.service.AppInitializer.recreatePersistenceAuthEntryManagers(AppInitializer.java:481) ~[classes/:?] at org.gluu.oxauth.service.AppInitializer$Proxy$_$$_WeldSubclass.recreatePersistenceAuthEntryManagers(Unknown Source) ~[classes/:?] at org.gluu.oxauth.service.AppInitializer.reloadConfiguration(AppInitializer.java:299) ~[classes/:?] at org.gluu.oxauth.service.AppInitializer.reloadConfigurationTimerEvent(AppInitializer.java:281) [classes/:?] at org.gluu.oxauth.service.AppInitializer$Proxy$_$$_WeldSubclass.reloadConfigurationTimerEvent$$super(Unknown Source) [classes/:?] at jdk.internal.reflect.GeneratedMethodAccessor148.invoke(Unknown Source) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] at org.jboss.weld.interceptor.proxy.TerminalAroundInvokeInvocationContext.proceedInternal(TerminalAroundInvokeInvocationContext.java:51) [weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.interceptor.proxy.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:78) [weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.gluu.service.cdi.async.AsynchronousInterceptor$1.get(AsynchronousInterceptor.java:36) [oxcore-service-4.2.1.Final.jar:?] at java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1700) [?:?] at java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1692) [?:?] at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290) [?:?] at java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1020) [?:?] at java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1656) [?:?] at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1594) [?:?] at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:183) [?:?] ```

By Mohit Mali staff 23 Dec 2020 at 1:14 a.m. CST

Copy
Mohit Mali gravatar
hi Kwadwo Obeng, let me replicate the issue, i'll get back to you asap. Thanks and Regard Mohit Mali.

By Mohit Mali staff 23 Dec 2020 at 11:29 p.m. CST

Copy
Mohit Mali gravatar
hi Kwadwo Obeng, Please follow the step to revert the changes. 1. Try to connect gluu-server backend with any ldap browser(jxplorer or apache ldap browser). 2. After connecting to backend go to gluu configuration. 3. Change the value of oxAuthentication and oxTrustAuthentication method to simple_password_auth. 4. Now disable the current oxIDPAuthentication (which is your ldap authentication you've set)by setting enabled value to false. 5. Restart the Gluu-server. 6. when the server is restarted, Try to login with default admin user and password. Thanks and Regards Mohit Mali.

By Michael Schwartz Account Admin 28 Dec 2020 at 10:52 a.m. CST

Copy
Michael Schwartz gravatar
Also, make sure that the admin user from AD is in the "Manager" group in the Gluu LDAP server. In a pinch, you can do this writing an ldif and using `/opt/opedj/bin/ldapmodify` Non sequitur, but make sure that oxTrust is not Internet facing when you go into production.

Post an answer