local/admin cannot change his expired password - disabled re-enrollment

The password of local\admin expired. The AAF administrator is able to login to the Enrollment Portal using the expired password, and click the Password tile, however, there is no option to change the password. 

Note: It’s strongly recommended to create a snapshot before following the steps.

1. Run the command to check if the output contains "sharing_enabled": true

# docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "SELECT data from policy where component_id='TemplateOptions'"

Example of output:

           data            

---------------------------

 {"sharing_enabled": true, "disable_reenrollment": true}

(1 row)

 

2.1 If it contains "sharing_enabled": true then run

# docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "UPDATE policy SET data='{\"sharing_enabled\": true}' WHERE component_id='TemplateOptions'"

Expected output:

UPDATE 1

 

2.2 If it does not contain "sharing_enabled": true then run

# docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "UPDATE policy SET data=NULL WHERE component_id='TemplateOptions'"

Expected output:

UPDATE 1

 

After that you should be able to update the local\admin's password on the Enrollment Portal.

 

Disabled re-enrollment. Ignorance of the warning on the documentation page.

It's strongly recommended to add accounts of administrators from your repository to the FULL ADMINS group in AA Administrative Portal - Repositories - LOCAL. Ensure that a chain with LDAP Password is assigned to the AdminUI event in AA Administrative Portal - Events.