Locked out after AD/LDAP authentication config

  • Updated


After configuring AD/LDAP authentication, you receive a 'User locked' message or are unable to login to the Contrast UI for any reason.


It's possible something went amiss during the configuration of AD/LDAP authentication. Alternatively, if logins were working previously with AD/LDAP we may not be able to reach your AD or LDAP server.


In order to access the UI to investigate further, it's possible to manually switch back to local database authentication with these steps:

For Teamserver version 3.9.6 and greater:

Default SuperAdmin users can log in to the Contrast UI while AD or LDAP authentication is configured.

If you can't recall the password for your local SuperAdmin user, please follow the steps here or here to reset it.

If for any reason you can still not log in, you can manually switch the authentication mode via a change to the Contrast database as follows:

If you are unsure of your mysql credentials use the encrypted property editor to expose them

1. From the /Contrast folder run the following and enter the password when prompted:

sudo mysql/bin/mysql -u contrast -h -P 13306 -p contrast

2. Switch to the contrast database:

use contrast;
3. Run the update to switch back to db authentication:
update teamserver_preferences set property_value = "db" where property_name = "authentication.mode";
4. You do not need to restart the server, the Contrast UI checks this table every few seconds for changes. At this point you should be able to login as a local db user.


For further investigation into the cause of the authentication issues, please open a Support Ticket with your contrast.log from $CONTRAST_HOME/data/logs/contrast.log attached.






Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request