[Solved] create XO account from ssh

bxen

Hello there.

In an unfortunate event, we lost access to our ldap server from XOA. This means that we cannot log in at all, as we've disabled the default administrator account. We cannot get the AD up and running again - and if we could, the account that XOA is using to bind to the AD cannot be recreated with the same credentials.

So the question here is: Is there any way we can get access to the XOA instance again? E.g. configure the ldap plugin using ssh or maybe create a new account?

We have SSH access to both the XOA virtual machine and both the XCP-NG nodes. The XOA virtual machine is a self build instance.

We'd be thankful for any help!

gskger

I completely missed that in the troubleshooting documentation but it is already there - nice

gskger

@bxen Maybe not the brightest idea (since I do not know what configuration might be lost), but what if you deploy a new XOA instance, connect to the master node and try to fix things from there? Obviously, this doesn't give you access to the web UI of your initial XO from the source, but you can work with the VMs or restore backups if necessary.

ronivay

Locate the packages/xo-server directory to your from sources built xen orchestra instance. There should be a file in dist/recover-account-cli.mjs, ~~copy this file as dist/recover-account-cli.mjs and then~~ run it from the dist directory ./recover-account-cli.mjs admin@something.tld, it'll ask password and either reset the existing users password or create a new one with admin privileges if there isn't one with the email address.

bxen

@gskger Thanks! Sounds like an idea. Then it's just the backups and other XO-related that needs to be setup again. It's something I could live with. I'll try @ronivay's idea first though. Maybe I'm lucky there

bxen

@ronivay Thank you very much. I'll try this and get back here with the result!

bxen

@ronivay Whoo whoo!! Yes! It worked like a charm! Thank you very much!

ronivay

Nice Happy to help.

gskger

@bxen I tried the solution @ronivay suggested and it works on my playlabs XO from source. I did not even had to copy recover-account-cli.mjs because it was already in the /opt/xen-orchestra/packages/xo-server/distdirectory. An admin user was created and I was able to login.

ronivay

Yeah you're right, it indeed should be there already. I must have done something to it in my own lab

gskger

I completely missed that in the troubleshooting documentation but it is already there - nice

olivierlambert

As @gskger siad, this was already documented and visible by searching the term "recover" in the search bar

bxen

@gskger said in create XO account from ssh:

I completely missed that in the troubleshooting documentation but it is already there - nice

@olivierlambert said in create XO account from ssh:

As @gskger siad, this was already documented and visible by searching the term "recover" in the search bar

Uh - I tried a lot of other search terms, just not recover. Anyway - I'm back on track, thank you very much for all your help.