5 Replies Latest reply: May 12, 2012 8:40 AM by MrHoffman
Roger Willems Level 1 Level 1 (25 points)



I have taken over the maintenance of a Mac Mini server. The previous persone left the Server Admin crudentials but no information regarding LDAP Admin.

Could not find the information in the Keychain non of the known usernames and passowords work either.


Any idea how to reset the LDAP Admin password?






  • MrHoffman Level 6 Level 6 (13,515 points)

    The typical user created for managing Open DIrectory LDAP is Directory Administrator (diradmin), though it's possible to have a different user. 


    Launch Workgroup Manager and authenticate to the server, and have a look around for that user.   (If necessary, click Accounts head-and-shoulders icon on the top, and then the other head-and-shoulders icon.  This will get you to the accounts, and specifically to the users that are in Open Directory)


    If you find that user, or any other users that has a checkmark for "administer this server" for that matter, then those are the passwords you'll be changing. 


    If Workgroup Manager shows the user as locked, click on the padlock. 


    (All of this assumes that you have access to Workgroup Manager through some user that can administer the Open Directory server.  If not, then you'll want to ask your predecessor, or you'll be breaking into the database.)


    The password is on the same display as the user accounts.


    I'd strongly recommend getting a backup of everything before making any changes.  Boot the DVD installation disk, and use Disk Utility from the Utilities menu to create disk images to external disks from there.  Probably two copies, on two disks.  Mistakes here can be bad, and you'll want to have a good copy regardless.

  • Roger Willems Level 1 Level 1 (25 points)

    Thanks for you help!!!


    My problem is that I can't unlock the "padlock"...

  • Esther Mofet Level 1 Level 1 (130 points)

    Sounds like the account you're using doesn't have administrative rights in Open Directory. I had to do something like this to get into Workgroup Manager on a server before.


    1. Start by opening Server Administrator then select the server.
    2. Click the Access button.
    3. Click the Administrators tab.
    4. If "For selected services below" is selected, click Open Directory in the list provided -- otherwise, skip to #5 ("For all services" is selected)
    5. In the "Allow to administer or monitor" pane, note which users or groups have Administer permission. If none are listed, add an appropriate one (maybe "Domain Admins"?) then change its permission from Monitor to Administer.
    6. Click Save.
    7. Reopen Workgroup Manager and log in with one of the users or groups that you added in the steps above.


    You should be able to reset the diradmin password now (or just keep logging in with the user who has administrative privileges), or maybe even add a second directory administrator as a backup plan.

  • Roger Willems Level 1 Level 1 (25 points)

    Thanks for your help :-)


    WIll try on Monday. I recall trying this already but not 100% sure.

    From what I remember I could not add a user or group due to the fact that the pane is locked :-/

  • MrHoffman Level 6 Level 6 (13,515 points)

    Ask the previous administrator.   That's the easiest.


    The following is listed as the official Apple LDAP directory administrator password reset sequence for 10.5, and AFAIK it still works on 10.6: Mac OS X Server: How to reset the Open Directory administrator password (HT1194)