this is the problem, we don`t know the passwords of all theses users what I have to do?
If inband registration is enabled (in older versions of Openfire, it is by default), you can use a client to create a new user. Then you have a user that you can make admin of Openfire.
so you mean I can create new username on spark program and take this username and past it on this sicript so it will be as and admin and I can use on openfire admin consol??
Clever, Guus
Let’s hope previous admins hhaven’t disabled registration and i think it is enabled by default.
Yes, you should log out in Spark, go to Account menu, create a new account on the server and then try adding this account to openfire.xml
On a side note, maybe it is reasonable to have to have some kind of resetadmin tag in future Openfire versions to fix such issues.
thank you all
I did create new user and stop the open fire then I did copy the script Guus gave to me and past it after modifying the username but when I started the open fire again and try to lunch admin to access to admin console page it gives me this error message
C:\programfiles\openfire\conf\openfire.xml the processing instruction target matching “[xX][mM][lL]” in not allowed
what is the wrong??
guys after I try to create new username at first it said this username exist so I open the server and tried this username with multiple passwords and finally it did work thank you so much guys for your time and appreciated.
Glad you finally find a solution
Guus, what you think if i file a ticket about adding a safeguard to openfire.xml to eliminate such situation? Like adding a tag with a default value false. If it is changed to true and a server is restarted it will make admin password ‘admin’ again.
We might already have such an option: you can re-start the setup. There you should be able to re-set the admin account. Haven’t tried that before, but I just saw Daryl mention it to someone in the chat…
I thought about this and tried it yesterday. It demands old admin password to do this.
I was wrong. When re-running the setup, it asks for a current admin password, but you can put anything into this field and it still works. So, yes, this is an option and quite fast one compared to all the hassle we had here trying to advise how to edit this xml
Ah, that is good to know!
Tried that. I’ve copied the ofproperty db from another install. I think this is messing things up. I tried all the options on this one -> Adding or deleting admin accounts to Openfire
Using this works. However it’s pointed to internal database (line 41). So if I use method to get in how do I change the db it’s pointed to?
I have moved my Openfire database over to SQLServer and LDAP, and the admin password is in the ofProperty table in the ldap.adminPassword property value. This is in plain text.
Also useful if you change your ldap server as the ldap.host property is also here. This is where the admin.authorizedJIDs are also. Not sure if this gets overridden by the openfire.xml though.
Openfire 4.0.2 on Windows with embedded database and re-running setup like this no longer works. Still have to use the actual password for the old admin account, which I don’t remember. And now all of my admin accounts are locked out. Sigh. I do have a backup, though. But I will try the and restart service and hope that works.
The didn’t work either. So now I am hosed.
OK, not hosed. I made a backup right before I messed with any of it and did a restore and I am back in using my user account which was an administrator. But I still want to reset the password for the “admin” account and have no idea how to do it under Openfire 4.0.2 because none of this has worked so far. Thanks.
OK, so nevermind. Another administrator had accidentally deleted the admin user, and I did not realize it was an actual user account. So I created the admin user again with the password that we want to use and all is good now. So thanks. Hope that helps someone.
This reset of the admin password does not work for me. It refuses to accept the “old password”. I am not using LDAP. I looked in the ofProperty table, and do not see a password there. There is a passwordKey, but that does not work.
This is on Openfire 4.1 and OpenSUSE Leap 42.2 64-bits
Help!
1 Like
unfortunately you have to type correct old password, which I did not remember. The way I went aroud it was:
- edit /usr/share/openfire/conf/openfire.xml and after setting setup tag to false: false
- enter the web console, the setup restarts, most settings are remembered, I click on “Next” until the page where you setup admin password
- In the edit box asking for the current password, I type “admin”, which is not the current password (I can’t remember the actual one), and I set the new password as I see fit BUT I do not click “Next” just yet…
- I login to the server where I have MySQL database that my openfire is configured to use, and in the database I manually update the admin user password to “admin”. The users are in the table ofUser, and they are encrypted, and even salted, BUT each row also has a column called “plainPassword” which (by default) is set to NULL, so I simply run: update ofUser set plainPassword=‘admin’ where username=‘admin’; and return to the web interface, hit “Next” and get accepted.
- After that, I return to my mysql db and just double check: select * from ofUser; and I see that password hash is updated, and the “plainPassword” field is again NULL, so all good
- I go to the main login page of the admin console, and all works like a charm. Cheers!
I hope this helps somebody. I couldn’t really follow none of the advices here, because some parts of my case were different. I didn’t have ANY user but the admin user, and I didn’t remember its password. I just figured that it all must be stored in the db and I just peeked at it, and seeing column called “plainPassword” that was NULL I just made a guess, which saved my day. In the end I think this routine is even less hustle than temporarily allowing another user as admin (requires less edit in the openfire.xml file), and certainly less hustle than creating a new user with Spark just for the sake to temporarily granting it admin access. The only requirement is that you must remember your mysql (or other db you are using) server root password. If you don’t even remember that, then it is not great, but at least in the case of MySQL recovering that one is not that hard either. Cheers!
Just an update
This works and do following as well
update ofUser set encryptedPassword=NULL where username='admin';
When I did that, it worked like a charm
Thanks @KrisJace for your steps. Really appreciate it