Restoring passwords to recover admin users
Use this document if you are unable to login as administrator or have forgotten your password and do not have Mail Server configured, to manually replace administrator passwords.
Embedded Database Instructions
Stage One - Identify Administrator
This guide assumes that the first user added was an administrator. If this is not the case, search for the admin username and find their user id number, then modify their password hash instead.
- Shutdown Bamboo
- In your Bamboo home directory, open
\database\defaultdb.scriptfile in a text editor
Search for the text:
INSERT INTO USERS VALUES(1
To find the administrator login entry:
INSERT INTO USERS VALUES(1,'USERNAME','PASSWORD_HASH')
Where the 1 is the user id number, and USERNAME and PASSWORD_HASH are actual values.
As an example, my table entry for user admin with password admin looks like this;
INSERT INTO USERS VALUES(1,'admin','x61Ey612Kl2gpFL56FT9weDnpSo4AV8j8+qx2AuTHdRyY036xxzTTrw10Wq3+4qQyB+XURPWx1ONxp3Y3pB37A==','firstname.lastname@example.org','2007-08-14 11:26:18.504000000','admin')
This step makes
adminthe administrator's password. Bamboo does not store passwords in plain text in the database, but uses hashes computed from the original password. The hash for the characters
adminpassword hash between the '' characters of their existing PASSWORD_HASH. The new administrator login entry should look like:
INSERT INTO USERS VALUES(1,'USERNAME','x61Ey612Kl2gpFL56FT9weDnpSo4AV8j8+qx2AuTHdRyY036xxzTTrw10Wq3+4qQyB+XURPWx1ONxp3Y3pB37A==','EMAIL','DATE_TIME','FULL_NAME')
Where USERNAME is the administrator username.
- Save the file
- Start up Bamboo
- Login with the administrator username and password
External Database Instructions
Stage One - Identify User
The first user added is always an admin. To restore your password you simply need to update the password hash in the USERS table with the admin hash
Connect to your database using a database admin tool such as DBVisualiser. Please download a database admin tool now if you do not have one installed already. Once installed, connect to your database and retrieve the list of administrator usernames with:
select * from USERS where ID=1
This command should list all users who belong to Bamboo-Admin user group.
Stage Two - Replace Administrator Password
Bamboo does not store passwords in plain text in the database, but uses hashes computed from the original password. You instead cut and a paste a hash, rather than the plain password, over the existing password. Below is the hash for the password
To change the password to
admin for a given username:
- Shutdown Bamboo
Connect to your database. run this SQL on your database:select * from USERS where NAME='admin'If you are using LDAP integration for user managment (not only authentication) then your admin user will be in a different table. The SQL to run is:
update USERS set PASSWORD = 'x61Ey612Kl2gpFL56FT9weDnpSo4AV8j8+qx2AuTHdRyY036xxzTTrw10Wq3+4qQyB+XURPWx1ONxp3Y3pB37A==' where NAME = 'USER_NAME_FROM_STAGE_ONE'
- Start Bamboo
- Login with your username and your password is now
Bamboo Password Hashing
- Before Bamboo 4.3.x the pure hashing method was used for which the hash of 'admin' is:
- From Bamboo 4.3.x the salted hash is used which can be recognized by the PKCS. The hash for 'admin' using the new method is:
- However, the old hash will still work for all Bamboo versions when manually inserted into the DB.