| License Type | On-Premise |
| Agent Mode | Assess & Protect |
| Main Product Category | Contrast UI |
| Sub Category | Authentication |
Issue
After configuring AD/LDAP authentication, you receive a 'User locked' message or are unable to login to the Contrast UI for any reason.
Cause
It's possible something went amiss during the configuration of AD/LDAP authentication. Alternatively, if logins were working previously with AD/LDAP we may not be able to reach your AD or LDAP server.
Resolution
In order to access the UI to investigate further, it's possible to manually switch back to local database authentication with these steps:
For Contrast Server versions up to 3.7.6 do the following:
- Open the auth.properties file from $CONTRAST_HOME/data/conf directory
- Modify authentication.mode
- Set to authentication.mode=db
- Restart the Contrast UI (TeamServer)
teamserver_preferences table. To revert to db authentication you will need to run a query in the database, which will require you to log into mysql as follows:Note: If you are unsure of your mysql credentials use the encrypted property editor to expose them.
1. From the /Contrast folder run the following and enter the password when prompted:
sudo mysql/bin/mysql -u contrast -h 127.0.0.1 -P 13306 -p contrast
2. Switch to the contrast database:
use contrast;
update teamserver_preferences set property_value = "db" where property_name = "authentication.mode";
If you can't recall the username and password for your local user, please follow the steps here: Reset SuperAdmin
For further investigation into the cause of the authentication issues, please open a Support Ticket with your contrast.log from $CONTRAST_HOME/data/logs/contrast.log attached.
For Teamserver version 3.9.3 and greater:
DB SuperAdmin users can log in to the Contrast UI while AD authentication (as opposed to LDAP) is configured.