Administrator unlock

Last modified 30 Mar 2026 15:56 +02:00

This guide describes how to resolve administrator access issues, such as unlocking a locked account or resetting its password. While the procedure is described for administrator user, it can be used for any user object in midPoint.

Under normal circumstances, an an administrator, you can unlock your account or reset your password via midPoint GUI. However, if you are locked out of the system and cannot log in to the GUI, you can use Ninja to fix your user object directly in the repository.

With the exception of H2 database, you can use Ninja to modify user objects while midPoint is running as other databases have dedicated servers. With an H2 database, you need to stop midPoint before using Ninja to modify user objects.

Unlock your administrator account or reset your password:

  1. Export the administrator user object (in XML) from the repository.
    In the following code example, we are exporting the administrator user by its OID (object identifier):

    ninja.sh export --oid 00000000-0000-0000-0000-000000000002 --output admin.xml

    Alternatively, you can use the type option, and filter to specify the user name:

    ninja.sh export --type user --filter '% name = "administrator"' --output admin.xml

  2. Edit the exported XML to fix the problem.
    Typical scenarios are:

    • Fixing issues related to user disabling by removing the administrativeStatus and effectiveStatus elements from the top-level activation element (be sure not to modify activation under assignments inadvertently).

    • Resetting a forgotten password by changing the whole content of the credentials/password/value element to the following snippet, i.e., replacing the <t:encryptedData>…​</t:encryptedData> element in the <value> element with:

      <t:clearValue>defineYourNewPasswordHere</t:clearValue>

      Note that the password you enter into the <t:clearValue> element is not checked for compliance with the password policy requirements. Make sure you either use a password that meets the policy requirements, or change your password once you log into midPoint.

    If you are using midPoint Studio, you may improve code completion by removing the <objects> wrapper element. Note that this is not required, and it is only possible as we are updating a single object, i.e., the administrator user.

  3. Import the updated user object back into the repository.
    The import process can handle both a plain object or objects inside the <object> container. Use the --overwrite option as the file already exists.

    Importing the updated user object
    ./bin/ninja.sh import --input admin.xml --overwrite
Was this page helpful?
YES NO
Thanks for your feedback