Roger Willems

Q: Snow Leopard Server reset LDAP Admin password

Hi,

 

I have taken over the maintenance of a Mac Mini server. The previous persone left the Server Admin crudentials but no information regarding LDAP Admin.

Could not find the information in the Keychain non of the known usernames and passowords work either.

 

Any idea how to reset the LDAP Admin password?

 

 

Thanks!

 

Rogier

Posted on May 11, 2012 2:50 PM

Close

Q: Snow Leopard Server reset LDAP Admin password

  • All replies
  • Helpful answers

  • by MrHoffman,Helpful

    MrHoffman MrHoffman May 11, 2012 6:14 PM in response to Roger Willems
    Level 6 (15,637 points)
    Mac OS X
    May 11, 2012 6:14 PM in response to Roger Willems

    The typical user created for managing Open DIrectory LDAP is Directory Administrator (diradmin), though it's possible to have a different user. 

     

    Launch Workgroup Manager and authenticate to the server, and have a look around for that user.   (If necessary, click Accounts head-and-shoulders icon on the top, and then the other head-and-shoulders icon.  This will get you to the accounts, and specifically to the users that are in Open Directory)

     

    If you find that user, or any other users that has a checkmark for "administer this server" for that matter, then those are the passwords you'll be changing. 

     

    If Workgroup Manager shows the user as locked, click on the padlock. 

     

    (All of this assumes that you have access to Workgroup Manager through some user that can administer the Open Directory server.  If not, then you'll want to ask your predecessor, or you'll be breaking into the database.)

     

    The password is on the same display as the user accounts.

     

    I'd strongly recommend getting a backup of everything before making any changes.  Boot the DVD installation disk, and use Disk Utility from the Utilities menu to create disk images to external disks from there.  Probably two copies, on two disks.  Mistakes here can be bad, and you'll want to have a good copy regardless.

  • by Roger Willems,

    Roger Willems Roger Willems May 11, 2012 6:20 PM in response to MrHoffman
    Level 1 (31 points)
    iCloud
    May 11, 2012 6:20 PM in response to MrHoffman

    Thanks for you help!!!

     

    My problem is that I can't unlock the "padlock"...

  • by Esther Mofet,

    Esther Mofet Esther Mofet May 11, 2012 6:48 PM in response to Roger Willems
    Level 1 (130 points)
    May 11, 2012 6:48 PM in response to Roger Willems

    Sounds like the account you're using doesn't have administrative rights in Open Directory. I had to do something like this to get into Workgroup Manager on a server before.

     

    1. Start by opening Server Administrator then select the server.
    2. Click the Access button.
    3. Click the Administrators tab.
    4. If "For selected services below" is selected, click Open Directory in the list provided -- otherwise, skip to #5 ("For all services" is selected)
    5. In the "Allow to administer or monitor" pane, note which users or groups have Administer permission. If none are listed, add an appropriate one (maybe "Domain Admins"?) then change its permission from Monitor to Administer.
    6. Click Save.
    7. Reopen Workgroup Manager and log in with one of the users or groups that you added in the steps above.

     

    You should be able to reset the diradmin password now (or just keep logging in with the user who has administrative privileges), or maybe even add a second directory administrator as a backup plan.

  • by Roger Willems,

    Roger Willems Roger Willems May 12, 2012 8:32 AM in response to Esther Mofet
    Level 1 (31 points)
    iCloud
    May 12, 2012 8:32 AM in response to Esther Mofet

    Thanks for your help :-)

     

    WIll try on Monday. I recall trying this already but not 100% sure.

    From what I remember I could not add a user or group due to the fact that the pane is locked :-/

  • by MrHoffman,

    MrHoffman MrHoffman May 12, 2012 8:40 AM in response to Roger Willems
    Level 6 (15,637 points)
    Mac OS X
    May 12, 2012 8:40 AM in response to Roger Willems

    Ask the previous administrator.   That's the easiest.

     

    The following is listed as the official Apple LDAP directory administrator password reset sequence for 10.5, and AFAIK it still works on 10.6: Mac OS X Server: How to reset the Open Directory administrator password (HT1194)