Skip to Content
Menu
This question has been flagged
2 Replies
2849 Views

Hello,

I am trying to gain control of an Odoo 18 instance where the admin password is unknown (we made a clone of our production server for experimentation purposes because the company that is supposed to deploy Odoo for us is taking weeks for simple requests, and we must keep moving). I have physical access (it's a new VM), and I can write to the database. I would like to obtain admin access now.

I have tried writing the pbkdf2_sha512 hash to the database as suggested at www.odoo.com/de_DE/forum/hilfe-1/how-to-reset-the-odoo-admin-user-password-a-summary-for-different-odoo-versions-131992 (I don't have enough karma to post links…). I also tried to write just the plain text password to the database. I tried to set the password for a non-admin user, but even that doesn't work, I keep getting "Wrong login/password". I have verified that the database has active='t' for the users in question. I have tried writing the plain-text password to odoo.conf​ as suggested here www.odoo.com/de_DE/forum/hilfe-1/lost-admin-password-can-i-simply-change-it-in-odoo-conf-278299 (again, cannot post link, wtf?)

What security measure could be in place keeping me from getting the job done? There are no entries in odoo.log​ that could help me further.

Do you have any tips for us?

Thank you,

m

Avatar
Discard
Best Answer

Based on your persistent issues, let's implement a thorough solution to regain full admin access:

Step 1: Verify Complete Group Assignments

Run this SQL to ensure all admin privileges:

sql

-- For existing admin user
UPDATE res_users SET 
    password = 'pbkdf2_sha512$600000$ExampleSalt$ExampleHash',
    active = true,
    share = false
WHERE login = 'admin';

-- Add to ALL security groups (critical for full access)
INSERT INTO res_groups_users_rel (gid, uid)
SELECT g.id, u.id 
FROM res_groups g, res_users u 
WHERE u.login = 'admin' 
AND g.id NOT IN (
    SELECT gid FROM res_groups_users_rel WHERE uid = u.id
);

Step 2: Force Password Reset Through Configuration

  1. Edit your odoo.conf:

ini

admin_passwd = your_new_password
list_db = True
  1. Restart Odoo completely:

bash

sudo systemctl restart odoo

Step 3: Direct Session Table Cleanup (If Authentication Still Fails)

sql

-- Clear all active sessions for the admin user
DELETE FROM ir_attachment WHERE res_model = 'ir.sessions';
DELETE FROM ir_sessions WHERE uid = (SELECT id FROM res_users WHERE login = 'admin');

Step 4: Verify User Configuration

Run this diagnostic query:

sql

SELECT 
    u.login, 
    u.active, 
    u.share,
    array_agg(g.name) as groups
FROM res_users u
LEFT JOIN res_groups_users_rel gu ON gu.uid = u.id
LEFT JOIN res_groups g ON g.id = gu.gid
WHERE u.login = 'admin'
GROUP BY u.login, u.active, u.share;

Step 5: Last Resort - Create New Superuser With Full Rights

sql

DO $$
DECLARE
    new_uid integer;
    new_partner_id integer;
BEGIN
    -- Create partner first
    INSERT INTO res_partner (
        name, email, company_id, active, 
        create_uid, create_date, write_uid, write_date
    ) VALUES (
        'Super Admin', 'admin@example.com', 1, true,
        1, now(), 1, now()
    ) RETURNING id INTO new_partner_id;

    -- Create user
    INSERT INTO res_users (
        active, login, password, company_id, partner_id,
        create_uid, create_date, write_uid, write_date
    ) VALUES (
        true, 'superadmin', 'pbkdf2_sha512$600000$ExampleSalt$ExampleHash',
        1, new_partner_id, 1, now(), 1, now()
    ) RETURNING id INTO new_uid;

    -- Grant all groups
    INSERT INTO res_groups_users_rel (gid, uid)
    SELECT id, new_uid FROM res_groups;
END $$;

Critical Checks If Still Not Working:

  1. Database Filter: Verify no --db-filter is blocking access
  2. Custom Auth Modules: Check installed modules for auth in name
  3. Password Policy: Look for password_security module
  4. Odoo Version: Confirm exact version with odoo --version

Final Verification:

After making changes:

  1. Clear browser cache completely
  2. Use incognito mode
  3. Try different browser
  4. Check Odoo logs for authentication errors:

bash

sudo tail -f /var/log/odoo/odoo-server.log


🚀 Did This Solve Your Problem?

If this answer helped you save time, money, or frustration, consider:

✅ Upvoting (👍) to help others find it faster

✅ Marking as "Best Answer" if it resolved your issue

Your feedback keeps the Odoo community strong! 💪

(Need further customization? Drop a comment—I’m happy to refine the solution!)

Avatar
Discard
Author

Hey, thanks for your response!

I tried Method 1, and I cannot seem to set a new password for admin or any other user that way. Method 3 also does not yield any success like that. Method 4 is essentially the same as Method 1, and it doesn't work.

​gid=1​ doesn't seem to do any magic here, but I just used some elaborate SQL to add myself to all the gids​ that Admin has and which I don't. I still don't seemany Settings, though.

Do you know what I need to modify in the database directly to get access to settings andd user management, if all the groups admin​ belongs to isn't enough?

Author

For the record, `gid=4` is the group with name "Settings", but Settings are not accessible when logged in as a member of this group.

Edited my response

Related Posts Replies Views Activity
1
Sep 16
5552
5
Oct 19
23435
2
Sep 21
7738
6
Jul 17
12102
3
Jul 16
9419