We use Mattermost using the 'Production Docker' setup as described in Mattermost documentation. For authentication, we federate using GitHub:Enterprise.
To setup our Mattermost team, I imported the whole Slack history. This lead to the problem that everyone who did not yet log into Mattermost via GitHub:Enterprise was not able to login. Mattermost helpfully returned the error message
"An existing user is already attached to your gitlab account"
How can I fix this issue without having to setup a new Mattermost instance and force everyone to login once before importing the Slack data?
Prerequisites
In order for this to work, you need
GitHub:Enterprise Administrator permissions
On the Mattermost machine, either root permissions or an account that is allowed to control docker, and, if psql is not installed, a way to install the psql command-line tool.
Steps
ssh into the Mattermost vm/machine (where the mattermost docker containers are running).
Change to an account with docker permissions (root; or the account you setup during Mattermost installation; or ... )
Use docker ps and note the hash of the container mattermostdocker_db. We will assume it starts with 5c23.
Run docker inspect 5c23 | grep IPAddress. Note the IP address of the container. We will assume it is 172.17.0.2.
Ensure that the psql commandline tool is installed on the machine where mattermost/docker is running.
On debian: apt-get install postgresql-client
Connect to the mattermost db of postgresql running inside the docker container:
psql -h 172.17.0.2 -p 5432 -d mattermost -U postgres -W
The (default?) password seems to be postgres.
Verify that a user account with the correct email exists. Assume the email of the account that has the problem is 'john#example.com`
mattermost-# select email, authdata from users where email = 'john#example.com';
Connect to GitHub:Enterprise and open the admin console. We will assume the local github enterprise instance is at https://github.example.com.
Click on the rocket symbol, or
https://github.example.com/stafftools
Click on all users and find the user that cannot login. We assume the github username is john, which would correspond to https://github.example.com/john
Visit the stafftools user security page for that user.
https://github.example.com/stafftools/users/john/security
Click on the 'Search logs' link under the 'Audit logs' header. This will open a page with a query field. On this page, you will find the internal github user number for that user. Note this number. We will assume the number is 37.
Back in the psql console, update the user entry with the correct number:
update users set authservice = 'gitlab', authdata = '37' where email = 'john#example.com' ;
Exit the psql console with \q:
mattermost-# \q
Done. The user can now log into Mattermost with GitHub:Enterprise user authentication.
Notes
Don't forget to complete each statement in psql with a ;
It's gitlab, not github, even if you use GitHub:Enterprise
Tested with Mattermost 3.0, GitHub:Enterprise 2.6.2
Related
I have installed gitlab server using docker compose but after the installation I am not getting a default screen where we create first Admin user. Instead of that it is asking me to enter username and password.
If I see this correctly, the gitlab_root_password should be set in the Compose file. This should then be used to log in for the first time.
Source: https://docs.gitlab.com/ee/install/docker.html#install-gitlab-using-docker-swarm-mode
I'm trying to create a user for ceph dashboard with admin role. Version is Nautilus 14.2.19 and deployed with manuel installation.
I've installed dashboard module, installed all dependencies and enabled it. My dashboard is reachable from the monitor ip and default port of 8443.
When I run te command:
ceph dashboard ac-user-create <user> <pw> administrator
I get the following error:
Please specify the file containing the password/secret with "-i" option.
After digging for information about this it says there must be a file in bcrypt format. Is there a default created file for this? Or if it's needed to create one how can I do it?
Nevermind, it seems you just need to create a text file and write your password in it.
When you run the command like this:
ceph dashboard ac-user-create <user> -i /file/location administrator
It creates the user and applies the password in an encrypted format.
I have lost the Sonarqube Server admin password, want to recover that, any support will be appreciated.
Environment docker images:
sonarqube:7.9.5-community
postgres:12.5-alpine
I have gone through the previously answered block but unfortunately nothing worked out.
Best
The Idea is same as mentioned # Sonarqube Security Docs under the title "Reinstating Admin Access".
My Solution:
I had to spin up fresh Docker container in order to get the default crypted_password value. If you already know/have the crypted password value then no need to spin up fresh containers, just follow the below steps by replacing the crypted_password accordingly.
Below crypted_password value belongs to admin.
exec to postgres docker container :
docker exec -it POSTGRES-CONTAINER-NAME bash
Inside Postgres Container, login with the Credentials and follow on screen instructions:
psql -U sonar -W
Confirm the Database and Users :
select * from users;
Output must show a Sonarqube Users Table.
Then Update the password to default i.e. admin :
update users set crypted_password = '$2a$12$2NA1PhmvfPVwdwq5WeQj.Opb0z4OGYP8s2yPMRRum18bGV5nJK86W', salt=null where login = 'admin';
try login to Sonarqube server with default credentials,
ID : admin
Password : admin
To learn more about # Sonarqube Security Docs.
We unfortunately had a developer leave without sharing our CircleCI unlock password, so I am in the process of trying to pull it out of our VM. I am wondering where the Unlock the console password is stored in CircleCI, if it is plain text or maybe if its hiding in MongoDB or some other mechanism. Thanks for the help.
Picture attached for clarity
UPDATE We are using Enterprise and I was able to surface this out of the docs
curl https://s3.amazonaws.com/circleci-enterprise/init-builder-0.2.sh | \
SERVICES_PRIVATE_IP=<private ip address of services box> \
CIRCLE_SECRET_PASSPHRASE=<passphrase entered on system console (services box port 8800) settings> \
CIRCLE_CONFIG_OPTION_1=<value> \
CIRCLE_CONFIG_OPTION_2=<value> \
bash
```
After looking at the bash script though it doesn't look like its actually DOING anything with the var? Weirdness....
Can you please try the following?
SSH into the services box and run sudo replicated auth reset. Then, visit https://<YOUR_CCIE_HOSTNAME>:8800/create-password to create a new console password. Replace <YOUR_CCIE_HOSTNAME> with the hostname CircleCI Enterprise is running on. Please let us know if it works/doesn't work.
-Ricardo
Developer Evangelist, CircleCI
I have PostgreSQL 9.4(not installed, rather self configured) which is also installed as a Windows service. Now I am trying to check the status of the server using pg_ctl.exe status -D data_dir_path, but it only shows the status when I start the console as admin.
My final goal is to be able to shutdown/ start the database server without admin rights. Is it possible to configure PostgreSQL so that I can start/stop the servers locally without admin rights?
As far I read in the PostgreSQL documentation, the services can be registered to a user using [-U username] [-P password] arguments but I am not sure whether this is the database user or the local windows user. I tried registering the service using the following code but it does not install it. And I do not see any logs too. The commnd follows:
pg_ctl.exe register -N service_name -U database_user -P database_user_password -D data_dir_path -S auto -o "-p port"
Thanks in advance