Peter Borbonus
Level 2 (150 points)
Servers Enterprise

Q: Unable to change user password (OD-Master)

Hi!

Running a xserve with 10.9.5 as an OD-Master with more than 1000 users I realized that I cannot change their passwords anymore.

I'm using WorkgroupManager, and get the following message:

"In order to set the password of a a user with an Open Directory Password, your own password type must be Open Directory. Administrators with other password types cannot set the password of a user with an Open Directory password."

 

In the server.app I cannot change the password too without any error-message. The dialog is just not disappearing.

 

Any ideas?

 

Thank you,

Peter

Xserve, OS X Mavericks (10.9.5), 12 GB RAM, 1TB RAID (mirror)

Posted on Apr 17, 2015 12:45 AM

Close
Peter Borbonus

Q: Unable to change user password (OD-Master)

  • All replies
  • Helpful answers

Previous Page 2

  • by BezSupport,

    BezSupport BezSupport Oct 24, 2015 12:02 PM in response to Peter Borbonus
    Level 1 (0 points)
    Oct 24, 2015 12:02 PM in response to Peter Borbonus

    Hi guys

     

    In case this helps someone.

    I ran into this problem with our 900 user OD database. At first, I assumed that the OD got corrupted, but since all existing users were able to login and did not notice any problems, I successfully tried this:

     

    1. Create an OD master archive on the no longer working server through the GUI or CLI (this should still work flawlessly).
    2. Restore the server to a working state from a backup (TimeMachine or whatever method you have implemented). From my experience, the OD database from the Time Machine backup is not up-to-date, even if you choose the latest backup.
    3. Destroy the OD Master, then create a new one with the previously created OD sparseimage. All your users and passwords will be restored and can be changed again.

     

    The LDAP database or the server services themselves don't seem to be the problem. Somehow, the connection from the OS to the Server breaks which eventually leads to a password read only database. I (and all my Google-foo) was not able to fix this problem but the above procedure helped to get the system back online within 30 minutes. No user reimport or password reset necessary.

     

    Nevertheless, we've now had it with Apple's toy server. They went from a stable and solid server OS to a useless piece of buggy app-crap. For serious work, we need a reliable and proven LDAP implementation and will therefore switch to AD.

     

    My hearfelt sympathy to all sysadmin night-shifts this obvious bug has created

     

    Kevin

Previous Page 2