local/admin cannot login - ALL USERS role removed from the Password Only chain

  • 7025156
  • 16-Jun-2021
  • 16-Jun-2021


Advanced Authentication 6.x


ALL USERS role was removed from the Password Only chain. This change causes the inability of local\admin to login. There were no users from the LDAP repository in the FULL ADMINS group, thus login to the Advanced Authentication - Administrative Portal is locked.


Note: It’s strongly recommended to create a snapshot before following the steps.


1. Get the Password Only chain ID:

docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "SELECT id from logon_chain WHERE name='Password Only'"


2. Get the ALL USERS role ID:

docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "SELECT id from role WHERE name='ALL USERS'"


3. Insert the ALL USERS role into the Password Only chain:

docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "insert into logon_chain__role (logon_chain_id, role_id, row_ver) values ('REPLACE BY VALUE FROM STEP 1​​​', 'REPLACE BY VALUE FROM STEP 2', '2021-01-01 00:00:00.00000');"


The LDAP Password method is available for only users of the LDAP repositories. The users of the LOCAL repository including local\admin by default have only the Password method enrolled. It must be available for local\admin.

Additional Information

It's strongly recommended adding the Advanced Authentication administrators' accounts from your LDAP repository to the FULL ADMIN group. Ensure to keep the LDAP Password Only chain to allow these accounts login to AdminUI event.
At the same time, you must ensure to remember the password of the local\admin account. Because it's used to create and restore backups and add new Advanced Authentication servers to the cluster.

If local\admin cannot access the AA Administrative Portal because of the expired password, use the TID 7022003
If an assigned chain was changed in the AdminUI event, use the TID 7025151.
If the password lost or forgotten, use the TID 7023511.
If the password is expired then please see https://support.microfocus.com/kb/doc.php?id=7022003