7 Replies Latest reply: Feb 8, 2012 11:23 AM by Eddy7
Chris Marriott Level 1 (80 points)
Hi folks,

I'm hoping someone can help with my Workgroup Manager problem. When I'm authenticated to LDAP as root, or any other user with admin privileges, I'm getting an error when i try to make changes of any kind to accounts. The alert that appears says 'This action failed because you are not authorized to perform the operation.'

I'm not sure where to turn since even when I'm logged in as root, I get the same error.

I'm running Snow Leopard Server 10.6.4

Hope someone can help,


Message was edited by: Chris Marriott

8 core 2.8GHz Mac Pro, Mac OS X (10.6.4), 16gb RAM, 10tb
  • Timmy2005 Level 1 (135 points)
    Upon creating your OD you should have set up a Directory Admin account with shortname diradmin and id of 1000. The password you used when creating is the one you use with diradmin as the username, if this doesn't work try demoting server to standalone and then promoting back to master. Be sure to perform an OD backup first

    hope this helps a little
  • Chris Marriott Level 1 (80 points)
    I tried using the diradmin login but an alert appears saying the login for this server is not valid.

  • Timmy2005 Level 1 (135 points)
    I would go into server admin, click on Open Directory on left,
    click the backup tab and backup current settings, demote server to standalone and then promote to master.
    You'll have to get your users back but at least you have the backup to revert to if need be then you are no worse off than you are now
  • Chris Marriott Level 1 (80 points)
    I took your advice and blew away OD, then restored it from an archive. All seems to be working now. Thanks very much!

  • slylabs13 Level 1 (0 points)
    Please do not do this if you value your passwords. Passwords are NOT saved with an OD backup (at least they weren't last time I tried this).

    I am also having this problem. This is the second time I am having this problem. I have rebuilt OD before and now the problem is back. I need this problem to cease. It cannot be that LDAP database is corrupted. If so then Apple needs to write an LDAP Cleanup utility to fix this because it keeps on happening.

    DNS is fine, it's just that accounts that COULD administer OD yesterday, cannot today. Please Apple, FIX THIS!!!
  • beemerkid Level 1 (0 points)

    slylabs13 . . . were you able to fix this issue? if so - how?  we have a similar issue and need to know where to start regarding a fix.



  • Eddy7 Level 1 (0 points)



    My initial problem was that I couldn't delete users in workgroup manager. I could however create and edit them ok. Users I deleted appeared to go, but came back with a refresh. I also tried this in terminal and it fails to delete them.


    I backed up the OD database in Server Admin, demoted to standalone (rebooted), promoted to OD Master (rebooted) and restored the OD Database (rebooted).


    I still can't delete users that were created before I tried this fix and to begin with got an error saying I wasn't autharised to create them either.


    I also can't edit users anymore! So things are actually worse than when I started.


    I seems that me diradmin account doesn't have enough rights to the contents of the LDAP directory.


    Any Idears please?