Restore Passwords To Recover Admin User Rights
Before you Start
The following instructions include example SQL that should work on MySQL and PostgreSQL. You may need to customize the queries for other databases or for your installation.
We strongly recommend testing the queries on a test database before modifying your production database.
If you know the admin username with a valid email address, and you have outgoing mail configured, you can reset the password using the forgot password link on the log in screen.
We'll send a link to your admin email account to reset your password.
Get access to your database
If you're using the embedded H2 database, you can find the files containing your database in
<confluence-home-directory>/database. See Embedded H2 Database for information on how to connect.
If you're using an external production database, connect to the database with your normal tools. You'll need to have permission to run queries and update data in the database.
Step 1. Identify Administrator
To find out which usernames have admin privileges, connect to your database using a database admin tool such as DBVisualiser. Download a database admin tool now if you don't have one installed already. Then connect to your database and retrieve the list of administrator usernames and IDs with:
select u.id, u.user_name, u.active from cwd_user u join cwd_membership m on u.id=m.child_user_id join cwd_group g on m.parent_id=g.id join cwd_directory d on d.id=g.directory_id where g.group_name = 'confluence-administrators' and d.directory_name='Confluence Internal Directory';
If there are multiple results, choose one ID/username combination to use for the following steps.
If there are no results, skip down to If No Local Administrator Exists.
It's important to make sure that the "active" field contains a value of "T". Without this flag, trying to authenticate with this user is a non starter.
To set active to true run the following query replacing "<user_name>" with the username from the previous query
UPDATE cwd_user SET active = 'T' WHERE user_name ='<user_name>';
If No Local Administrator Exists
There may be no administrators in your Internal Directory. If this is the case, you need to add one:
Add a new admin user by running:
insert into cwd_user(id, user_name, lower_user_name, active, created_date, updated_date, first_name, lower_first_name, last_name, lower_last_name, display_name, lower_display_name, email_address, lower_email_address, directory_id, credential) values (1212121, 'admin', 'admin', 'T', '2009-11-26 17:42:08', '2009-11-26 17:42:08', 'A. D.', 'a. d.', 'Ministrator', 'ministrator', 'A. D. Ministrator', 'a. d. ministrator', 'firstname.lastname@example.org', 'email@example.com', (select id from cwd_directory where directory_name='Confluence Internal Directory'), 'x61Ey612Kl2gpFL56FT9weDnpSo4AV8j8+qx2AuTHdRyY036xxzTTrw10Wq3+4qQyB+XURPWx1ONxp3Y3pB37A=='); insert into user_mapping values ('2c9681954172cf560000000000000001', 'admin', 'admin');
Add new groups by running:
insert into cwd_group(id, group_name, lower_group_name, active, local, created_date, updated_date, description, group_type, directory_id) values ( '888888','confluence-administrators','confluence-administrators','T','F','2011-03-21 12:20:29','2011-03-21 12:20:29',NULL,'GROUP',(select id from cwd_directory where directory_name='Confluence Internal Directory')); insert into cwd_group(id, group_name, lower_group_name, active, local, created_date, updated_date, description, group_type, directory_id) values ( '999999','confluence-users','confluence-users','T','F','2011-03-21 12:20:29','2011-03-21 12:20:29',NULL,'GROUP',(select id from cwd_directory where directory_name='Confluence Internal Directory'));
Add group memberships into cwd_membership:
insert into cwd_membership (id, parent_id, child_user_id) values (888888, (select id from cwd_group where group_name='confluence-users' and directory_id=(select id from cwd_directory where directory_name='Confluence Internal Directory')), 1212121); insert into cwd_membership (id, parent_id, child_user_id) values (999999, (select id from cwd_group where group_name='confluence-administrators' and directory_id=(select id from cwd_directory where directory_name='Confluence Internal Directory')), 1212121);
If you're using an Oracle database, use sysdate instead of a string for the
Step 2. Replace Administrator Password
Confluence doesn't store passwords in plain text in the database, but uses hashes computed from the original password. You'll need to insert a hash, rather than the plain password, over the existing password in the database. Below is the hash for the password
To change the password to
admin for a given username:
- Shut down Confluence
- Connect to your database
Run the following SQL:
update cwd_user set credential = 'x61Ey612Kl2gpFL56FT9weDnpSo4AV8j8+qx2AuTHdRyY036xxzTTrw10Wq3+4qQyB+XURPWx1ONxp3Y3pB37A==' where id=<id from Stage 1>;
Step 3. Put the Internal Directory in First Position
Start Confluence, and try logging in with the username of the user you updated/created and the password 'admin'. If this works, skip to Step 4; otherwise, your Internal Directory doesn't have high enough priority.
To put your Internal Directory in first position:
Find the directory names and their order:
select d.id, d.directory_name, m.list_index from cwd_directory d join cwd_app_dir_mapping m on d.id=m.directory_id;
- Take note of the ID with list_index 0, and the list_index and ID of the Confluence Internal Directory
Switch the order of the directories:
update cwd_app_dir_mapping set list_index = 0 where directory_id = <Internal Directory id>; update cwd_app_dir_mapping set list_index = <Noted Internal Directory list_index> where directory_id = <Directory id that had list_index 0>;
Check to see if the directory is active (the 'active' column should be set to 'T'):
select id, directory_name, active from cwd_directory where id = <Internal Directory id>;
If necessary, activate the directory:
update cwd_directory set active = 'T' where id = <Internal Directory id>;
Step 4. Clean Up
To tidy up:
- Start Confluence
- Log in with your modified/created username and use password
Change your password
Don't leave your password as admin; if you do, your instance won't be secure.
- If you created a new user in Stage 2, create a new admin via the UI and delete the admin you created in Stage 2
- If you followed Stage Three, go to > User Directories and rearrange your directories so they're correctly configured again. > General Configuration