Forum OpenACS Q&A: question

Collapse
1: question
Posted by yani ballesfin on 08/09/04 09:05 AM
How can i login as a site-wide administrator on our web service? where will I go? what will I type?
Collapse
2: Re: question (response to 1)
Posted by Jarkko Laine on 08/09/04 09:15 AM
Yani,

Just login as the user who has site-wide admin rights. If it's you, then just login as yourself.

The login page is at yourserver.com/register, there's always a link to that page on the default master template (and thus on almost every page) when you're not logged in.

//jarkko

Collapse
3: Re: question (response to 2)
Posted by yani ballesfin on 08/09/04 09:31 AM
i already did it but it always post the page "REQUEST ERROR". hhhmmm... im having a hard time making a new package. is there another way? can you teach me?
Collapse
4: Re: question (response to 1)
Posted by Nagita Karunaratne on 08/09/04 09:57 AM
You will have to post the exact error message and some lines from your error.log file.

Because SWA is a role assigned to a user, you need to find those user-id's/passwords to login as SWA.

Collapse
5: Re: question (response to 4)
Posted by yani ballesfin on 08/09/04 10:02 AM
ok.thanks! another problem is, we forgot who's the admin. how can we verify if the user is the admin or not.
Collapse
6: Re: question (response to 1)
Posted by Nagita Karunaratne on 08/09/04 10:15 AM
Look in table acs_permissions and find the grantee_id for an object that has a negative object_id. There should be only one (-4 on my system).

Then look in users table and find the user with that user_id.

The password and salt and in the same table but I have no idea how to recover the password from them. It may not be possible.

Collapse
7: Re: question (response to 1)
Posted by xx xx on 08/09/04 10:18 AM
Collapse
9: Re: question (response to 1)
Posted by Nagita Karunaratne on 08/09/04 10:24 AM
Sorry I was posting at the same time.
Collapse
10: Re: question (response to 7)
Posted by yani ballesfin on 08/09/04 10:34 AM
sorry, we thought that we already reset the admin's password. we totally lost the admin's email and password. how can we assign a user as a new admin? is it possible?
Collapse
11: Re: question (response to 1)
Posted by xx xx on 08/09/04 11:11 AM
SSH.

First check your error.log as described in your previous question. Post the error.

IF SWA login is the problem:

As postgres user do something like:
/usr/local/pgsql/bin/psql <databasename>

Then:

select * from users;

check all users. And reset the password as previously described. Or maybe:
update acs_permissions set object_id = -4, privilege = 'admin' where grantee_id = $user_id;

Or:

select * from membership_rels ;
update membership_rels set member_state = 'approved' where rel_id = $rel_id;

If that didn't help:

dropdb <databasename>
createdb <databasename>

to reinstall, IF (!) there is nothing really important in the database.

Collapse
12: Re: question (response to 11)
Posted by yani ballesfin on 08/09/04 11:31 AM
aldert,

in our acs_permissions table, the object_id with privilege='admin' is equal to 0?

update acs_permissions set object_id = 0, privilege = 'admin' where grantee_id = $user_id;

is this correct? is this for assigning new user as an admin? tnx

Collapse
13: Re: question (response to 1)
Posted by xx xx on 08/09/04 11:47 AM
what does the error.log tell you?
Collapse
15: Re: question (response to 13)
Posted by yani ballesfin on 08/09/04 11:54 AM
register/login-expired
Collapse
16: Re: question (response to 13)
Posted by yani ballesfin on 08/09/04 11:59 AM
i also tried your other suggestion but there was an error.

ERROR:  Cannot insert a duplicate key into unique index acs_permissions_pk

Collapse
14: Re: question (response to 1)
Posted by xx xx on 08/09/04 12:00 PM
select * from acs_magic_objects ;

You'll see that object_id 0 are the unregistered_visitors and -4 is the security_context_root.

select * from acs_permissions where object_id = -4;

grantee_id should be a user_id (that you'll find in the users table as described previously).

You should post more lines of the error.log, BTW.

Collapse
17: Re: question (response to 14)
Posted by yani ballesfin on 08/09/04 12:13 PM
acs_magic_objects table

security_context_root  = 0
the_public            = -1
registered_users      = -2
default-context        = -3

Collapse
18: Re: question (response to 1)
Posted by xx xx on 08/09/04 12:30 PM
Ah, we are not on the same level.
select * from acs_permissions where object_id = 0;

Use the grantee_id to see which user is a SWA.

Can't you just dropdb? Did you reboot? I suppose "register/login-expired" shouldn't give you a request error unless it cannot find the page, maybe.

Try to figure out what really goes wrong. Or get on IRC. I need to go now.

Collapse
19: Re: question (response to 18)
Posted by yani ballesfin on 08/09/04 12:42 PM
thanks!

when i type
select * from acs_permissions where object_id = 0;

there's an error occured
ERROR:  acs_permissions_grantee_id_fk referential integrity violation - key referenced from acs_permissions not found in parties

i can't dropdb. there are important files to be saved.

Collapse
20: Re: question (response to 1)
Posted by xx xx on 08/09/04 02:57 PM
?

Read how it should work:
https://openacs.org/doc/openacs-5-1/parties.html
https://openacs.org/doc/openacs-5-1/permissions-tediously-explained.html

BTW, the filesystem (with a new package?) won't disappear if you dropdb, UNLESS you saved files in the database.

Probably, do a complete backup with database (https://openacs.org/doc/openacs-5-1/snapshot-backup.html)?

Also, you can copy your complete filesystem to service1/
(add user service1, database service1 and permissions: look in the basic install docs...).
Adapt your config.tcl in service1/ to use service1 instead of service0 and restart aolserver with that file and see if anything is missing with a clean database...

Or if it is really important, you'ld better ask for help elsewhere: https://openacs.org/community/companies/ ...that is what they are for, obviously.

Collapse
21: Re: question (response to 20)
Posted by yani ballesfin on 08/10/04 06:27 AM
hmmm... tnx! Anyways, I’m new with OpenACS. I am assigned to study it and create web applications. As I’ve mentioned yesterday, we already created a packages using OpenACS before, but I’m not the one who created it. We are afraid that if we reinstall or upgrade openACS, we might lose the created packages. And how can we upgrade or reinstall OpenACS? We totally lost the admin’s email add and password. The only information we know about the admin is that under the acs_permissions table the object_id  of the admin is equal to  0.

Is there a feasible solution in our dilemma? pls. help me. tnx.

Collapse
22: Re: question (response to 20)
Posted by yani ballesfin on 08/10/04 08:37 AM
I found out that all the users in our table cc_users has a privilege = admin. But when I login as a site wide admin an error occurs.

210.213.162.45 - - [10/Aug/2004:14:32:25 +0800] "GET /register/bad-password?user_id=2537 HTTP/1.1" 200 601 "http://202.95.230.52/register/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FunWebProducts)"

Collapse
23: Re: question (response to 1)
Posted by xx xx on 08/10/04 11:06 AM
I'm afraid you'll have to invest some money if it is important or find another route. It is a good puzzle to solve if you ever want to develop on openACS.

The "error" you reported is not from the error.log, but from the server.log. You are using an old openacs and aolserver version and root@localhost is not a valid emailadres.

The first problem you encounter when you try to login is that /register/restricted (/packages/acs-subsite/www/register/restricted) cannot be found. Is it there? Are the permissions set correctly? ....the password/email problem comes after that.

I'm going to leave it like this.

Collapse
24: Re: question (response to 23)
Posted by yani ballesfin on 08/10/04 11:28 AM
one more question..
do you know the default email ad and password of the admin?
tnx
Collapse
25: Re: question (response to 1)
Posted by xx xx on 08/10/04 11:36 AM
There is no default. The email address you may have used at installation time is root@localhost or the one with the lowest user_id.
Collapse
26: Re: question (response to 21)
Posted by Malte Sussdorff on 08/10/04 11:51 AM
It seems you have been thrown into cold water without any guideance at all. To tackle this problem, I'd advise you to
  1. Install OpenACS for yourself (fresh install)
  2. Read the developer documentation
  3. Get some training from the persons who have written the previous OpenACS packages that you talk about.
  4. Attend a training session on OpenACS if one becomes available again or find an organization to sponsor a training session (read: hire someone to teach OpenACS).
  5. Contact a professional to help you out if the data is crucial and you don't want to loose it.
Retrieving the password and login of the admin or at least resetting it, is easily done, if SSH access is granted to a professional (who charges for this). But if you have no experience with the internals of OpenACS, it will cost more to try and solve this on your own.

Furthermore, if you want to upgrade OpenACS, this is not an easy step as well, depending on where you are coming from. Especially if someone made custom development on your site, and you have no clue what has been done / changed.

Collapse
27: Re: question (response to 25)
Posted by yani ballesfin on 08/10/04 11:53 AM
yeah i know that root@localhost is the default email ad during installation btu what's the password?

hey, what's your nationality?

tnx for helping!

Collapse
28: Re: question (response to 1)
Posted by Dave Bauer on 08/10/04 03:58 PM
If you have access to the database for the OpenACS installation you can do this:

Register as a New User, creating a new account.

After the new user is logged in, click on Your Workspace link.

Click on What other people see when they click your name.

The URL for What other people see when they click your name looks like : http://www.example.com/shared/community-member?user%5fid=12345

The user_id is the last part of the URL, in this case 12345. Remember this number.

Once you have this information log into the database using sqlplus for Oracle or psql for Postgresql.

Execute the following command for postgresql.

select object_id from acs_magic_objects where name='security_context_root';

Remember the result.

select acs_permission__grant_perission ( user_id, security_context_root, 'admin' );
Where user_id is the user_id you remembered previously and security_context_root is the result of the previous query.

For oracle:

select object_id from acs_magic_objects where name='security_context_root';

Remember the result.

begin acs_permission.grant_permission( user_id, security_context_root, 'admin'); end;
/

This will grant site-wide-admin to the new user you have created.

Now you can change passwords, add users, or grant admin to other users using this new account.

Dave

Collapse
29: Re: question (response to 28)
Posted by yani ballesfin on 08/12/04 05:59 AM
I’ve checked our db and execute the command

select a.email, a.object_id, a.user_id, b.grantee_id from cc_users a, acs_permissions b where b.privilege='admin';

All users from cc_users table have an ‘admin’ privilege.
But when I login as a site-wide administrator on our web service or browse to http://yourserver:8000/acs-admin/apm to create a new package using one of those accounts,

http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&arg=404&Keywords=http://ourserver:8000/acs-admin/apm&uid=33098D05-BF95-457E-A210-AFEB64157D31&version=1.5.0

Collapse
30: Re: question (response to 1)
Posted by Jade Rubick on 08/13/04 07:20 PM
I put Dave's response in the FAQ.
Collapse
31: Re: question (response to 30)
Posted by yani ballesfin on 08/17/04 10:40 AM
hi jade!
i can't find dave's response in th FAQ. can you send me the url?
thanks!
Collapse
33: Re: question (response to 1)
Posted by Radamanthus Batnag on 07/18/05 10:53 AM
There's a typo in the FAQ.

These lines (item #6):

Remember the result.

select acs_permission__grant_perission ( user_id, security_context_root, 'admin' );

Should read as:

Remember the result.

select acs_permission__grant_permission ( security_context_root, user_id, 'admin' );

I tested this on OpenACS 5.1.5.

How do we maintain the FAQ?

Collapse
34: Re: question (response to 1)
Posted by Jade Rubick on 07/22/05 05:19 PM
It's maintained by volunteers.

I changed the FAQ entry. Thanks!