Re-enable default admin

Hello everyone,

Somehow default admin was disabled. Is there anyway I can enable it?

Hi @kaiba_seto2004. Welcome to the community and to OpenZiti!

It looks like you have changed the Auth-Policy for the default admin. DId you do that on purpose? I've never been able to lock the default admin, but I'm thinking it's because you changed the default auth policy.

I'll see if there's any kind of 'reset' feature ... I'm not sure

1 Like

I thought we had a "reset default admin" command in the CLI but I cannot find it.

You can try adding a debug admin and use that to authenticate and alter the default admin: ziti ops db add-debug-admin <path/to/ctrl.db> <username> <passsword>

What I did is just turn off this option in default auth policy then I can not login with admin anymore, even after turn this option on again.

I'm also try this to add debug admin but I can not login to debug-admin user too, don't know why.
PS: after retrying re-add debug admin I finally can login to this account. Now I can create new admin user but I have a question. What can I do to delete default-admin?

That's interesting. Glad you managed to get back onto the system. It certainly seems like a bug to allow you do that. I don't think the default admin can be removed. @andrew.martinez would know that answer.

The default admin cannot be deleted.

If you want to re-enable it you can use a curl command to do so.

Use the Ziti CLI to login

  1. Do a ziti edge login as an admin user, note the message output, specifically the management API URL and the token
  2. Perform a ziti edge list identities and obtain the id of the Default Admin
  3. Use the id of the Default admin and the url and token field from the session file in the following curl command: curl -k -X POST <url>/identities/<id>/enable -H "zt-session: <token>" -H "Content-Type: application/json" -d '{}'


> ziti edge login
Using controller url: https://localhost:1280/edge/management/v1 from identity 'default' in config file: ~/.ziti/ziti-cli.json
Using username: admin from identity 'default' in config file: ~/.ziti/ziti-cli.json
Enter password: ******
Token: 1083b813-2080-4a10-912b-5732145b76f3
Saving identity 'default' to ~/.ziti/ziti-cli.json

> ziti edge list identities
│ ID          │ NAME                                               │ TYPE    │ ATTRIBUTES   │ AUTH-POLICY │
│ 3ruk0LY6r8  │ proxy                                              │ Default │ dial         │ Default     │
│ 8MZk0LY6r   │ updb-not-enrolled                                  │ Default │              │ Default     │
│ A9nEYJZ62   │ Default Admin                                      │ Default │              │ Default     │
│ BZNGIPzNXd  │ chat.server                                        │ Default │ chat.servers │ Default     │
│ CkZk0LY6z   │ jwt2                                               │ Default │ jwtchat      │ Default     │
│ JeZo0NYMr8  │ probe                                              │ Default │ dial         │ Default     │
│ OqRP0fU6H   │ semi;colon                                         │ Default │              │ Default     │
│ UBzGIPWNb   │ chevy                                              │ Default │ chat.clients │ Default     │
│ bluk0NtMr   │ updb-enrolled                                      │ Default │ dial         │ Default     │
│ debug-admin │ debug admin (d40d3813-39dd-49fc-8264-a52d5fda20b8) │ Default │              │ Default     │

The management url is: https://localhost:1280/edge/management/v1
The token is: 1083b813-2080-4a10-912b-5732145b76f3
The id for the Default Admin is: A9nEYJZ62

The curl command is:

curl -k -X POST https://localhost:1280/edge/management/v1/identities/A9nEYJZ62/enable -H "zt-session: 1083b813-2080-4a10-912b-5732145b76f3" -H "Content-Type: application/json" -d '{}

I apologize for not having a nice CLI command. I could have sworn we had one to handle this in ziti edge .... but I can not seem to locate it. I'll add an issue to add this functionality.

1 Like

Thanks. I really appreciate it!