Locked out after AD/LDAP authentication config

  • Updated
 

Issue

After configuring AD/LDAP authentication, you receive a 'User locked' message or are unable to login to the Contrast UI for any reason.

Cause

It's possible something went amiss during the configuration of AD/LDAP authentication. Alternatively, if logins were working previously with AD/LDAP we may not be able to reach your AD or LDAP server.

Resolution

In order to access the UI to investigate further, it's possible to manually switch back to local database authentication with these steps:

 

For Contrast Server versions up to 3.7.6 do the following:

  1. Open the auth.properties file from $CONTRAST_HOME/data/conf directory
  2. Modify authentication.mode
  3. Set to authentication.mode=db
  4. Restart the Contrast UI (TeamServer)
For Contrast Server versions 3.7.7 to 3.9.8:
 
These settings are now stored in the database under the teamserver_preferences table.  To revert to db authentication you will need to run a query in the database, which will require you to log into mysql as follows:

Note: If you are unsure of your mysql credentials use the encrypted property editor to expose them

1. From the /Contrast folder run the following and enter the password when prompted:

sudo mysql/bin/mysql -u contrast -h 127.0.0.1 -P 13306 -p contrast

2. Switch to the contrast database:

use contrast;
3. Run the update to switch back to db authentication:
update teamserver_preferences set property_value = "db" where property_name = "authentication.mode";
4. You do not need to restart the server, the Contrast UI checks this table every few seconds for changes. At this point you should be able to login as a local db user.
 
 

If you can't recall the username and password for your local user, please follow the steps here: Reset SuperAdmin

For further investigation into the cause of the authentication issues, please open a Support Ticket with your contrast.log from $CONTRAST_HOME/data/logs/contrast.log attached.

 

For Teamserver version 3.9.3 and greater:

Default SuperAdmin users can log in to the Contrast UI while AD authentication (as opposed to LDAP) is configured.

 

 

 

 

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request