Skip navigation

Snow Leopard Server reset LDAP Admin password

3805 Views 5 Replies Latest reply: May 12, 2012 8:40 AM by MrHoffman RSS
Roger Willems Level 1 Level 1 (25 points)
Currently Being Moderated
May 11, 2012 2:50 PM

Hi,

 

I have taken over the maintenance of a Mac Mini server. The previous persone left the Server Admin crudentials but no information regarding LDAP Admin.

Could not find the information in the Keychain non of the known usernames and passowords work either.

 

Any idea how to reset the LDAP Admin password?

 

 

Thanks!

 

Rogier

  • MrHoffman Level 6 Level 6 (11,695 points)
    Currently Being Moderated
    May 11, 2012 6:14 PM (in response to Roger Willems)

    The typical user created for managing Open DIrectory LDAP is Directory Administrator (diradmin), though it's possible to have a different user. 

     

    Launch Workgroup Manager and authenticate to the server, and have a look around for that user.   (If necessary, click Accounts head-and-shoulders icon on the top, and then the other head-and-shoulders icon.  This will get you to the accounts, and specifically to the users that are in Open Directory)

     

    If you find that user, or any other users that has a checkmark for "administer this server" for that matter, then those are the passwords you'll be changing. 

     

    If Workgroup Manager shows the user as locked, click on the padlock. 

     

    (All of this assumes that you have access to Workgroup Manager through some user that can administer the Open Directory server.  If not, then you'll want to ask your predecessor, or you'll be breaking into the database.)

     

    The password is on the same display as the user accounts.

     

    I'd strongly recommend getting a backup of everything before making any changes.  Boot the DVD installation disk, and use Disk Utility from the Utilities menu to create disk images to external disks from there.  Probably two copies, on two disks.  Mistakes here can be bad, and you'll want to have a good copy regardless.

  • Esther Mofet Level 1 Level 1 (130 points)
    Currently Being Moderated
    May 11, 2012 6:48 PM (in response to Roger Willems)

    Sounds like the account you're using doesn't have administrative rights in Open Directory. I had to do something like this to get into Workgroup Manager on a server before.

     

    1. Start by opening Server Administrator then select the server.
    2. Click the Access button.
    3. Click the Administrators tab.
    4. If "For selected services below" is selected, click Open Directory in the list provided -- otherwise, skip to #5 ("For all services" is selected)
    5. In the "Allow to administer or monitor" pane, note which users or groups have Administer permission. If none are listed, add an appropriate one (maybe "Domain Admins"?) then change its permission from Monitor to Administer.
    6. Click Save.
    7. Reopen Workgroup Manager and log in with one of the users or groups that you added in the steps above.

     

    You should be able to reset the diradmin password now (or just keep logging in with the user who has administrative privileges), or maybe even add a second directory administrator as a backup plan.

  • MrHoffman Level 6 Level 6 (11,695 points)
    Currently Being Moderated
    May 12, 2012 8:40 AM (in response to Roger Willems)

    Ask the previous administrator.   That's the easiest.

     

    The following is listed as the official Apple LDAP directory administrator password reset sequence for 10.5, and AFAIK it still works on 10.6: Mac OS X Server: How to reset the Open Directory administrator password (HT1194)

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.