May 22

Change Apache Continuum admin password via Database

PROBLEM: When you forget the Apache Continuum admin password and you cannot use the ‘reset password’ link because 1) you do not have access to the email account that admin account mail goes to, 2) your system does not send emails, or 3) the admin account is locked; you should still be able to unlock and/or reset the password without dropping the entire database, by editing the database directly :-)

These instructions are for Apache Continuum 1.3.8, but should work, more-or-less, for higher or lower versions of Continuum.

Older version of Continuum kept the users in a table in the ‘continuum’ database whereas in 1.3.8, users are kept in a table in the ‘users’ database. The names of the tables have changed, as well. In 1.3.8, the user table name is JDOUSER. It used to be CONTINUUM_USERS in older versions. I am not sure exactly which versions these changes were made, nor if there are other combinations of table and database names, so you might have to look around a bit.

You can run ‘show tables’ on any of the databases you do have, and look for something with
the word ‘USERS’ in it. That is a good place to start if the table or database names given here aren’t working for you.

Another challenge will be to find the column name to change. The column name is important because depending on what you need to change, there is column data to set. The command describe table_name where table_name is the table you are interested in, lists the column names and schema information for that column.

The last challenge will be to know what encyption to use. I couldn’t confidentally determnine that, so I expermimented and found that you can simply delete the password entirely and Continuum will prompt you at login to change it without entering the old one.

1) Shut down Apache Continuum

2) Make a backup of the users database directory: {CONTINUUM_HOME}/data/databases/users

3) Download and install Apache Derby

4) Export DERBY_HOME (e.g. export DERBY_HOME=/usr/local/db-derby-

5) Set the connection variables: $DERBY_HOME/bin/setEmbeddedCP

6) Run the ‘ij’ program shipped with Apache Derby: $DERBY_HOME/bin/ij

7) At the ij prompt, connect to the database:
ij> connect 'jdbc:derby:path_to_usersdb_dir_above';

NOTE: the single quotes are required, otherwise it will not connect

8) To set an empty password:
ij> update SA.JDOUSER set ENCODED_PASSWORD = '' where USERNAME = 'admin';

9) To unlock the admin account:
ij> update SA.JDOUSER set LOCKED = 'N' where USERNAME = 'admin';

10) ij> exit;

11) Start Apache Continuum

Other useful commands are to reset the ‘failed log in attempts’ counter, chagne the email account of the admin user, and to change the date of the next expiration. The complete name of the failed login attemps column took me a while to figure out as it is truncated even in the ‘describe’ command – it is ‘COUNT_FAILED_LOGIN_ATTEMPTS’.

That’s it. ENJOY!

-by Andrew S.

Leave a Reply