Currently Being ModeratedMay 11, 2012 6:14 PM (in response to Roger Willems)
The typical user created for managing Open DIrectory LDAP is Directory Administrator (diradmin), though it's possible to have a different user.
Launch Workgroup Manager and authenticate to the server, and have a look around for that user. (If necessary, click Accounts head-and-shoulders icon on the top, and then the other head-and-shoulders icon. This will get you to the accounts, and specifically to the users that are in Open Directory)
If you find that user, or any other users that has a checkmark for "administer this server" for that matter, then those are the passwords you'll be changing.
If Workgroup Manager shows the user as locked, click on the padlock.
(All of this assumes that you have access to Workgroup Manager through some user that can administer the Open Directory server. If not, then you'll want to ask your predecessor, or you'll be breaking into the database.)
The password is on the same display as the user accounts.
I'd strongly recommend getting a backup of everything before making any changes. Boot the DVD installation disk, and use Disk Utility from the Utilities menu to create disk images to external disks from there. Probably two copies, on two disks. Mistakes here can be bad, and you'll want to have a good copy regardless.
Currently Being ModeratedMay 11, 2012 6:48 PM (in response to Roger Willems)
Sounds like the account you're using doesn't have administrative rights in Open Directory. I had to do something like this to get into Workgroup Manager on a server before.
- Start by opening Server Administrator then select the server.
- Click the Access button.
- Click the Administrators tab.
- If "For selected services below" is selected, click Open Directory in the list provided -- otherwise, skip to #5 ("For all services" is selected)
- In the "Allow to administer or monitor" pane, note which users or groups have Administer permission. If none are listed, add an appropriate one (maybe "Domain Admins"?) then change its permission from Monitor to Administer.
- Click Save.
- Reopen Workgroup Manager and log in with one of the users or groups that you added in the steps above.
You should be able to reset the diradmin password now (or just keep logging in with the user who has administrative privileges), or maybe even add a second directory administrator as a backup plan.
Currently Being ModeratedMay 12, 2012 8:32 AM (in response to Esther Mofet)
Thanks for your help :-)
WIll try on Monday. I recall trying this already but not 100% sure.
From what I remember I could not add a user or group due to the fact that the pane is locked :-/
Currently Being ModeratedMay 12, 2012 8:40 AM (in response to Roger Willems)
Ask the previous administrator. That's the easiest.
The following is listed as the official Apple LDAP directory administrator password reset sequence for 10.5, and AFAIK it still works on 10.6: Mac OS X Server: How to reset the Open Directory administrator password (HT1194)