How to unlock a locked admin user in JFrog Artifactory?

Question

I installed JFrog Artifactory and did the setup and also enabled the "Lock user after n failed logins".

A few days later now I tried to log in with the admin user and failed 5 times. Just forgot the password for a sec and tried too often, not thinking about the consequences.

Now I get this message

User admin is Locked.
Contact System Administrator to Unlock The Account.

and can't log in as admin anymore which means I cannot unlock the admin account at all... ¯_(ツ)_/¯

I already followed the FAQ "Recreating the Default Admin User" (https://www.jfrog.com/confluence/display/RTF/Managing+Users#ManagingUsers-RecreatingtheDefaultAdminUser) but I cannot confirm that the password reset worked – the admin account is still locked.

I didn't set up a database for Artifactory yet, just using the plain debian package on Ubuntu on the file system. So the lock has to be stored anywhere, right?

Update: There is no other Admin user on the system.

Answer 1

The API reference appears to have changed since this was last posted so I want to add to this for future folk that find themselves here.

The new "users" endpoint (as of 7.29.10) is /api/security/users/<user>.

Example:

curl -u <admin_user>:<admin_password> localhost:8081/artifactory/api/security/users/<user>

Also, you can pass just the username and type the password into a prompt (which is more secure):

curl -u <admin_user> localhost:8081/artifactory/api/security/users/<user>

The REST API docs are found at https://www.jfrog.com/confluence/display/JFROG/Artifactory+REST+API

Answer 2

You can verify if the user is locked with:

curl -uaccess-admin:<password> http://<host:port>/artifactory/api/access/api/v1/users/<user>

Variables: <password>, <user> and <host:port>.

For example:

curl -uaccess-admin:H4w9qqv4RRJmjd http://localhost:8081/artifactory/api/access/api/v1/users/admin

Sample Output:

{
  "username" : "admin",
  "realm" : "internal",
  "status" : "disabled",
  "allowed_ips" : [ "*" ],
  "created" : "2019-05-26T05:19:06.860Z",
  "modified" : "2019-06-17T04:32:05.065Z",
  "last_login_time" : "2019-04-17T04:11:43.310Z",
  "last_login_ip" : "11.22.33.44",
  "custom_data" : {
    "updatable_profile" : "true",
    "artifactory_admin" : "true"
  },
  "password_expired" : false,
  "password_last_modified" : 1560556802480,
  "groups" : [ ]
}

The important is status.

If you don't know the password, it may be located in:

/etc/opt/jfrog/artifactory/security/access/bootstrap.creds

To unlock your user:

curl -uaccess-admin:<password> -XPATCH http://<host:port>/artifactory/api/access/api/v1/users/<user> -H "Content-Type: application/json" -d '{"status":"enabled"}'

Variables: <password>, <user> and <host:port>.

If it doesn't work...

Try to open the artifactory system in a private window (or clear cookies, localStorage, etc).

Similar to how to reset admin password.

Answer 3

I answered in here: https://stackoverflow.com/a/53047504/8207836

I recommended using a popular databases (MySQL, PostgresSQL, Oracle,...) which provides direct support to management using powerful tools.

https://www.jfrog.com/confluence/display/RTF/Configuring+the+Database

Answer 4

In case you have a backup, another option for recovery is creating a new setup of Artifactory and populating it from the latest backup.

Answer 5

You can unblock the user Admin only by using another "admin" user. Meaning that in case that you managed to lock your Admin account you will need a different user that is set as "Admin" to unlock your locked user.

In case that there is no other Admin user it can be a bit of an issue...