AmazingTurtle · October 14, 2025 22:09 · Jan 28, 2023 · Oct 4, 2021 · Mar 27, 2020 · Jul 17, 2019
diff --git a/how-to-restore.md b/how-to-restore.md
@@ -6,6 +6,8 @@ When you are *unable to login* to the unifi controller or forgot admin password,
 
 Do not uninstall unifi controller - most of the data is not stored in mongodb. In case you thought a mongodb backup would be sufficient, you may have fucked up already, just like me. However I managed to write this "tutorial" for anyone to not run into the same trap.
 
+**Apparently this guide no longer works with recent unifi controller versions (starting nov/dec 2022)**. Since I no longer use unifi hardware in my home system, I can not update the guide myself. In case you've gotten here to recover your data, you're likely doomed. But giving it a try won't hurt anyway, therefore: good luck.
+
 ## Steps
 
 ### 1. Generate password

diff --git a/how-to-restore.md b/how-to-restore.md
@@ -10,7 +10,7 @@ Do not uninstall unifi controller - most of the data is not stored in mongodb. I
 
 ### 1. Generate password
 
-Use [quickhhash.com](https://quickhash.com/) to generate a new password. Use `sha512 / crypt(3) / $6$` with the following any salt you like (I used `9Ter1EZ9$lSt6` but it really doesn't matter).
+Use [quickhhash.com](https://quickhash.com/) to generate a new password. Use `sha512 / crypt(3) / $6$` with the any salt you like (I used `9Ter1EZ9$lSt6` in the example below, but it really doesn't matter).
 
 I have generated a dummy password for you if you want to leave this step out. It is `Ch4ngeM3VeryQu!ck`:
 ```

diff --git a/how-to-restore.md b/how-to-restore.md
@@ -10,7 +10,7 @@ Do not uninstall unifi controller - most of the data is not stored in mongodb. I
 
 ### 1. Generate password
 
-Use [quickhhash.com](https://quickhash.com/) to generate a new password. Use `sha512 / crypt(3) / $6$` with the following hash salt `9Ter1EZ9$lSt6`.
+Use [quickhhash.com](https://quickhash.com/) to generate a new password. Use `sha512 / crypt(3) / $6$` with the following any salt you like (I used `9Ter1EZ9$lSt6` but it really doesn't matter).
 
 I have generated a dummy password for you if you want to leave this step out. It is `Ch4ngeM3VeryQu!ck`:
 ```

diff --git a/how-to-restore.md b/how-to-restore.md
@@ -60,7 +60,7 @@ db.admin.update({ name: "<YOUR-NAME-GOES-HERE>" }, { $set: { "x_shadow": "<PASSW
 #### 4.2. Create a *new user*
 
 ```
-db.admin.insert({ "email" : "<YOUR-EMAIL-GOES-HERE>", "last_site_name" : "default", "name" : "<YOUR-NAME-GOES-HERE>", "time_created" : NumberLong(100019800), "x_shadow" : "<PASSWORD-HASH-FROM-STEP-1-GOES-HERE>"" })
+db.admin.insert({ "email" : "<YOUR-EMAIL-GOES-HERE>", "last_site_name" : "default", "name" : "<YOUR-NAME-GOES-HERE>", "time_created" : NumberLong(100019800), "x_shadow" : "<PASSWORD-HASH-FROM-STEP-1-GOES-HERE>" })
 ```
 
 ### 5. Get admin id

diff --git a/how-to-restore.md b/how-to-restore.md
@@ -10,7 +10,7 @@ Do not uninstall unifi controller - most of the data is not stored in mongodb. I
 
 ### 1. Generate password
 
-Use https://quickhash.com/ to generate a new password. Use `sha512 / crypt(3) / $6$` with the following hash salt `9Ter1EZ9$lSt6`.
+Use [quickhhash.com](https://quickhash.com/) to generate a new password. Use `sha512 / crypt(3) / $6$` with the following hash salt `9Ter1EZ9$lSt6`.
 
 I have generated a dummy password for you if you want to leave this step out. It is `Ch4ngeM3VeryQu!ck`:
 ```

diff --git a/how-to-restore.md b/how-to-restore.md
@@ -10,7 +10,7 @@ Do not uninstall unifi controller - most of the data is not stored in mongodb. I
 
 ### 1. Generate password
 
-Use quickhas.org to generate a new password. Use `sha512 / crypt(3) / $6$` with the following hash salt `9Ter1EZ9$lSt6`.
+Use https://quickhash.com/ to generate a new password. Use `sha512 / crypt(3) / $6$` with the following hash salt `9Ter1EZ9$lSt6`.
 
 I have generated a dummy password for you if you want to leave this step out. It is `Ch4ngeM3VeryQu!ck`:
 ```

diff --git a/how-to-restore.md b/how-to-restore.md
@@ -2,6 +2,10 @@
 
 When you are *unable to login* to the unifi controller or forgot admin password, you can **restore access** using SSH and manipulating **mongodb** directly.
 
+## Warning
+
+Do not uninstall unifi controller - most of the data is not stored in mongodb. In case you thought a mongodb backup would be sufficient, you may have fucked up already, just like me. However I managed to write this "tutorial" for anyone to not run into the same trap.
+
 ## Steps
 
 ### 1. Generate password

diff --git a/how-to-restore.md b/how-to-restore.md
@@ -0,0 +1,114 @@
+# Restore access to a unifi controller
+
+When you are *unable to login* to the unifi controller or forgot admin password, you can **restore access** using SSH and manipulating **mongodb** directly.
+
+## Steps
+
+### 1. Generate password
+
+Use quickhas.org to generate a new password. Use `sha512 / crypt(3) / $6$` with the following hash salt `9Ter1EZ9$lSt6`.
+
+I have generated a dummy password for you if you want to leave this step out. It is `Ch4ngeM3VeryQu!ck`:
+```
+$6$9Ter1EZ9$4RCTnLfeDJsdAQ16M5d1d5Ztg2CE1J2IDlbAPSUcqYOoxjEEcpMQag41dtCQv2cJ.n9kvlx46hNT78dngJBVt0
+```
+
+### 2. SSH to controller
+
+SSH to the server running the unifi controller. In my case it's running on a raspberry pi.
+
+### 3. Connect to mongodb
+
+By default unifi comes with mongodb running on port `27117`. To connect to it, use the `mongo` cli tool. Make sure it is installed.
+
+Connect using the following command:
+
+```bash
+mongo --port 27117
+```
+
+When connected to mongo, execute the following commands to switch the database and verify the installation
+
+```
+use ace;
+show collections;
+```
+
+It should show a list of collections, e.g. `account, admin, alarm, broadcastgroup, ...`.
+
+### 4. Fix
+
+It is very likely that you got here because of power/data loss. You want to check if admins are still in the database.
+To do so, execute the following command in the mongo cli:
+
+```
+db.admin.find()
+```
+
+If the result is blank or you don't remember your password, there's two ways. Make sure to replace variables before executing commands.
+
+#### 4.1. Change password of *existing user*
+
+```
+db.admin.update({ name: "<YOUR-NAME-GOES-HERE>" }, { $set: { "x_shadow": "<PASSWORD-HASH-FROM-STEP-1-GOES-HERE>" } });
+```
+
+#### 4.2. Create a *new user*
+
+```
+db.admin.insert({ "email" : "<YOUR-EMAIL-GOES-HERE>", "last_site_name" : "default", "name" : "<YOUR-NAME-GOES-HERE>", "time_created" : NumberLong(100019800), "x_shadow" : "<PASSWORD-HASH-FROM-STEP-1-GOES-HERE>"" })
+```
+
+### 5. Get admin id
+
+```
+db.admin.find()
+```
+
+Will output something like this:
+
+```
+> db.admin.find()
+{ "_id" : ObjectId("5d0a2e7e8f01c49af4cbe3cd"), "email" : "...", ... }
+```
+
+Take the contents of `_id`, in this case it is `5d0a2e7e8f01c49af4cbe3cd`. You should remember it for the next steps.
+
+### 6. Fix permissions
+
+You will need to attach the admin role using db.privilege to the newly created user. The privilege belongs to an admin and a site_id.
+
+Make sure to get your site_ids using the following command:
+
+```
+db.site.find()
+```
+
+It will show something like this:
+
+```
+> db.site.find()
+{ "_id" : ObjectId("5d07b088280f9002d7676c87"), "name" : "super", "key" : "super", "attr_hidden_id" : "super", "attr_hidden" : true, "attr_no_delete" : true, "attr_no_edit" : true }
+{ "_id" : ObjectId("5d07b088280f9002d7676c88"), "name" : "default", "desc" : "Default", "attr_hidden_id" : "default", "attr_no_delete" : true }
+```
+
+Once you know the ids of your sites, you can continue with creating privilege entries. You will need the **admin id** from [step 5](#5-Get-admin-id).
+
+Use the following command for **each site** you got from `db.site.find()`
+
+```
+db.privilege.insert({ "admin_id" : "<ADMIN-ID-GOES-HERE>", "permissions" : [ ], "role" : "admin", "site_id" : "<SITE-ID-GOES-HERE>" });
+```
+
+Optionally verify that all privileges have been created using the following command:
+
+```
+> db.privilege.find()
+{ "_id" : ObjectId("5d0bb7573d70717df47d5af6"), "admin_id" : "5d0a2e7e8f01c49af4cbe3cd", "permissions" : [ ], "role" : "admin", "site_id" : "5d07b088280f9002d7676c87" }
+{ "_id" : ObjectId("5d0bb7573d70717df47d5af7"), "admin_id" : "5d0a2e7e8f01c49af4cbe3cd", "permissions" : [ ], "role" : "admin", "site_id" : "5d07b088280f9002d7676c88" }
+```
+
+### 7. Test
+
+Now you're all set. You eventually want to restart the unifi controller using `service unifi restart`.
+You can login now. Good Luck.