It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to resolve Crowd's Adminsitrator password and/or repair a whole Atlassian Application farm?

Hey everyone,

 

me again. :( I have again trouble since I' ve installed Crowd (of course on a production system so that I cannot roleback an backup). Since I have installed Crowd, I was not able to login to any other Atlassian applicaiton though configuration as described in related articles form Atlassian documentation. 

Recently I tried to solve all my issues again an tried to initially log in to Crowd, but that didn't work as well. So I figured out the guide to rest the administrators password of Crowd from Atlassian documentation and executed the several SQL statements in Crowd's external database (a mySQL instance). But afterwards I am still not able to login (but now with the replaced passord for the selected security egnine).

 

Please can anyone suggest a guide to me how to "reset" the password of Crowd's administrator accordingly, so that I can logon to at least Crowd again. I am just a step before to reset the wohle application farm and reinstalle ach application because of this horrible authorization issues. Since Crowd is sintalled nothin works anymore; and the whole software dev lifecycle is blocked. :(

 

Thanks in advance and best regards,

Kevin

1 answer

1 accepted

0 votes
Answer accepted

Hey Kevin, 

I think you can change admin password directly by following the steps listed here instead of resetting it.

Cheers!

Gaurav

Hi Gaurav,

 

thanks for youre answer. Actually I followed this steps, but unfortunately thex didn't work. Currently I try to update my crowd from 3.1 to 3.2 and resetting the settings I made in my old instance. I hope that will work. :)

 

Cheers,

Kevin

Hi Kevin,

Can you verify the value of these attributes once again?

update cwd_user set credential = '{PKCS5S2}8WEZjkCbLWysbcbZ5PRgMbdJgJOhkzRT3y1jxOqke2z1Zr79q8ypugFQEYaMoIZt'
 where id=<id from Stage 1>;

update cwd_user_attribute set attribute_value = 'false', attribute_lower_value = 'false'
 where attribute_name = 'requiresPasswordChange' and user_id=<id from Stage 1>;
 
update cwd_user_attribute set attribute_value = '0', attribute_lower_value = '0'
 where attribute_name = 'invalidPasswordAttempts' and user_id=<id from Stage1>;

Ideally, these SQL statements should set the admin password, given that an 'admin' account exists in the internal directory.

To verify the existence of admin account, you should hit this query

select u.id, u.user_name, u.directory_id from cwd_user u
 join cwd_membership m on u.id=m.child_id join cwd_group g on m.parent_id=g.id 
 join cwd_directory d on d.id=g.directory_id
  where g.group_name = 'crowd-administrators' and d.directory_type='INTERNAL';

Upgrading Crowd from 3.1 to 3.2 will not have any effect directly on the admin account's accessibility, you will still need to set the password.

Let me know, what are the results of the queries I mentioned above.

 

Cheers!

Gaurav

Hi Gaurav,

 

exactly these steps I have proceeded in advance. My last action was to reset the whole application Crowd. I reinstalled it on my machine and configured it to use the same mysql server database (which was cleread in advance / I dropped all existent tables from the pevious installation, collation utf8_bin charset utf8).

But now I have even no access with the recently new created administrative user (exemplarily "User 1").

Now I am coming to the sql statements you have announced. First o fall, I checked wethere there is the administrator account, as I expect there should be one. SO I exexuted

select u.id, u.user_name, u.directory_id from cwd_user u
 join cwd_membership m on u.id=m.child_id join cwd_group g on m.parent_id=g.id 
 join cwd_directory d on d.id=g.directory_id
  where g.group_name = 'crowd-administrators' and d.directory_type='INTERNAL';

The result was my "User 1", as expected. I noticed the ID of the user for usage of the upcoming statements.

Now I had to reset (even in the new Crowd installation) the password for "User 1" whom ID is 196600 (the ID is as well exemplarily). So i executed the following statements

update cwd_user set credential = '{PKCS5S2}8WEZjkCbLWysbcbZ5PRgMbdJgJOhkzRT3y1jxOqke2z1Zr79q8ypugFQEYaMoIZt'
where id=196600;

update cwd_user_attribute set attribute_value = 'false', attribute_lower_value = 'false'
where attribute_name = 'requiresPasswordChange' and user_id=196600;

update cwd_user_attribute set attribute_value = '0', attribute_lower_value = '0'
where attribute_name = 'invalidPasswordAttempts' and user_id=196600;

Afterwards I restarted Crowd just to ensure having a clean startup.

I tried to use the "User 1" username and for password "admin" to logon, but it didn't work again! I have absolutly no idea anymore how to fix this issue. I followed the setup instructions and documentations except the following to points:

- for mysql connector I have chosen the newest JDBC/J connector for version 8
- for openid server I set the database driver to com.mysql.jdbc.Driver

As note for the Crowd installation, I selected as security "ATLASSIAN-SECURITY", therefore the password set in database '{PKCS5S2}8WEZjkCbLWysbcbZ5PRgMbdJgJOhkzRT3y1jxOqke2z1Zr79q8ypugFQEYaMoIZt' should be correct for password "admin".

In a nutshell I have the following situation:
- Acessing my old installation and configuration of Crowd is not possible anymore because I have deleted it / I have overriden it.
- Acessing the new installation of Crowd authroized my newly created administrator user not properly, so I had to reset its password.
- The resetted password is not accepted as well.

Do you may habe another / furthermore ideas? :s

Thank you anyway so far.

Best regards,

Kevin

Hi @Gaurav Agarwal,

I guess I found the problem: the issue was regarding a missconfiguration of my proxy: My proxy redirected the authentication requests of Crowd itself to an invalid destination.

Having now Crowd without any proxy settings configured, Crowd works fine.

 

Thanks & Cheers,

Kevin

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published Thursday in Confluence

Confluence CVEs and common questions

Two vulnerabilities have been published for Confluence Server and Data Center recently: March 20, 2019 CVE-2019-3395 / CVE-2019-3396 April 17, 2019 CVE-2019-3398 The goal of this article is...

97 views 0 10
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you