How to unlock a locked admin user in JFrog Artifactory?

2
votes

I installed JFrog Artifactory and did the setup and also enabled the "Lock user after n failed logins".

A few days later now I tried to log in with the admin user and failed 5 times. Just forgot the password for a sec and tried too often, not thinking about the consequences.

Now I get this message

User admin is Locked.
Contact System Administrator to Unlock The Account.

and can't log in as admin anymore which means I cannot unlock the admin account at all... ¯_(ツ)_/¯

I already followed the FAQ "Recreating the Default Admin User" (https://www.jfrog.com/confluence/display/RTF/Managing+Users#ManagingUsers-RecreatingtheDefaultAdminUser) but I cannot confirm that the password reset worked – the admin account is still locked.

I didn't set up a database for Artifactory yet, just using the plain debian package on Ubuntu on the file system. So the lock has to be stored anywhere, right?

Update: There is no other Admin user on the system.

4
artifactory
do you have a backup of Artifactory? - Dror Bereznitsky
@drorb I set the automatic backup option in Artifactory. So there's automated backup files of Artifactory somewhere on the system, which I already used for trying to reset the password... - ToFi
another option is creating a new setup of Artifactory and populating it from the backup - Dror Bereznitsky
@drorb okay, thanks. that worked! If you post it as an answer, I can mark this as resolved! Thanks! :) - ToFi
posted it as an answer - Dror Bereznitsky

4 Answers

3
votes

You can unblock the user Admin only by using another "admin" user. Meaning that in case that you managed to lock your Admin account you will need a different user that is set as "Admin" to unlock your locked user.

In case that there is no other Admin user it can be a bit of an issue...

3
votes

You can verify if the user is locked with:

curl -uaccess-admin:<password> http://<host:port>/artifactory/api/access/api/v1/users/<user>

Variables: <password>, <user> and <host:port>.

For example:

curl -uaccess-admin:H4w9qqv4RRJmjd http://localhost:8081/artifactory/api/access/api/v1/users/admin

Sample Output:

{
  "username" : "admin",
  "realm" : "internal",
  "status" : "disabled",
  "allowed_ips" : [ "*" ],
  "created" : "2019-05-26T05:19:06.860Z",
  "modified" : "2019-06-17T04:32:05.065Z",
  "last_login_time" : "2019-04-17T04:11:43.310Z",
  "last_login_ip" : "11.22.33.44",
  "custom_data" : {
    "updatable_profile" : "true",
    "artifactory_admin" : "true"
  },
  "password_expired" : false,
  "password_last_modified" : 1560556802480,
  "groups" : [ ]
}

The important is status.

If you don't know the password, it may be located in:

/etc/opt/jfrog/artifactory/security/access/bootstrap.creds

To unlock your user:

curl -uaccess-admin:<password> -XPATCH http://<host:port>/artifactory/api/access/api/v1/users/<user> -H "Content-Type: application/json" -d '{"status":"enabled"}'

Variables: <password>, <user> and <host:port>.

If it doesn't work...

Try to open the artifactory system in a private window (or clear cookies, localStorage, etc).

Similar to how to reset admin password.

2
votes

In case you have a backup, another option for recovery is creating a new setup of Artifactory and populating it from the latest backup.

0
votes

I answered in here: https://stackoverflow.com/a/53047504/8207836

I recommended using a popular databases (MySQL, PostgresSQL, Oracle,...) which provides direct support to management using powerful tools.

https://www.jfrog.com/confluence/display/RTF/Configuring+the+Database