How to allow admin login again after changing Manage Authentication

By: Doug Huang user 01 Feb 2018 at 2:39 p.m. CST

3 Responses
Doug Huang gravatar
I have successfully installed gluu server and use UI to config Cache Refresh. I can see those users come from sources AD. I further modify Manage Authentication, point server to source AD and now user can be authenticated when login thru UI. However, I no longer can login as admin to perform gluu server configuration task. I think because the authentication server no longer localhost. What can I do now, please advise, and what the best practice for such scenario. We may have multiple source AD in the future.
Rhel 7.2
closed

Answers

By Aliaksandr Samuseu staff 01 Feb 2018 at 2:59 p.m. CST

Copy
Aliaksandr Samuseu gravatar
Hi, Doug. That's something you should had done *before* you changed your authentication settings. You had to add one of users imported from backend to "Managers" admin group. As of now the only way is to manually edit entries in LDAP with console tools, or GUI tool like Jxplorer. You'll need to select one user entry, get its full DN, then find "Gluu managers" group in the tree (initially its a single group under "o=groups" node) and add a new "member" attribute to it with DN of the user entry you chose as a value.

By Doug Huang user 01 Feb 2018 at 3:06 p.m. CST

Copy
Doug Huang gravatar
Thanks for the advice and quick response.

By Aliaksandr Samuseu staff 01 Feb 2018 at 3:11 p.m. CST

Copy
Aliaksandr Samuseu gravatar
The actual name of the group is "Gluu Manager Group" Here is example command that should return its entry: `# /opt/opendj/bin/ldapsearch -h localhost -p 1636 -Z -T -X -D "Cn=directory manager" -j /tmp/.pw -b "o=gluu" '(displayname=Gluu Manager Group)'` Then you could create a LDIF file adding "member" attribute with DN of some user entry to it, and apply it with "ldapmodify" tool

Post an answer