Pages

Saturday, January 17, 2015

Mac OS X Server:how to reset the Open Directory administrator password.

Mac OS X Server: How to reset the Open Directory administrator password

Learn how to reset the Open Directory administrator password.

Getting Started

You can reset the Open Directory administrator password without touching user data. For example, you might need to do this if an Open Directory administrator departs without providing the password.
You will need the slot ID for the Open Directory administrator user, so must first extract the slot ID from the directory. Then you will need to change the administrator password. You will need local administrator privileges on the server as well as access to the server via an interactive shell (such as Terminal or SSH) to do this.

Extracting the slot ID

Mountain Lion and later
For resetting the Open Directory administrator password for OS X v10.8 and later, follow the instructions in this article.
Lion Server 
  1. Open Directory Editor and authenticate with your administrator username and password. It is located in /System/Library/CoreServices/Directory Utility.
  2. Choose the Directory Editor pane.
  3. Navigate to the Open Directory Master node. You do this by selecting the node popup menu and select the "/LDAPv3/127.0.0.1" entry.
  4. Select the directory administrator account.
  5. In the list of attributes that appears, click the disclosure triangle next to AuthenticationAuthority to display all associated values.
  6. Select the value within the AuthenticationAuthority attribute which begins with ";ApplePasswordServer;"
  7. Click the "Text" pane below.
  8. The value between ";ApplePasswordServer;" and the comma is the slot ID, as shown highlighted below. Copy this value for later use. It starts with 0x.

Mac OS X Server v10.3 through v10.6
  1. Open Workgroup Manager with your administrator username and password.
  2. Navigate to the Open Directory Master node. (Note: Your Workgroup Manager connection can be to either the master or a replica, just so long as you navigate to the Master node once connected.)
  3. In Workgroup Manager Preferences select the option to "Show 'All Records' tab and inspector."
  4. Select the directory administrator account, and click the Inspector tab.
  5. In the list of attributes that appears, click the disclosure triangle next to AuthenticationAuthority to display all associated values.
  6. Select the value within the AuthenticationAuthority attribute that begins with ";ApplePasswordServer;".
  7. Click View.
  8. The value after ";ApplePasswordServer;" until the comma is the slot ID, as shown below. Copy this value for later use.

Extracting the slot ID using Terminal (Mac OS X Server v10.3 through 10.7.4)
  1. Log into the server using a local administrator user account, and open Terminal.
  2. Execute this command:
    sudo mkpassdb -dump
    
  3. Enter your administrator password when prompted. 
  4. A list of user short names with corresponding slot ID's will be listed. Find the , which is located to the left of the directory administrators short name. The ID starts with 0x and ends before the user's short name. For example:
    "slot 002: 0x479e48fe68b4567000000002000000002      diradmin 03/11/2008 02:12:30 PM"
    
  5. Copy this value for later use.

Resetting the Open Directory administrator password

Lion Server and later
For resetting the Open Directory administrator password for OS X 10.7.5 and later, follow the instructions in this article.
Mac OS X Server v10.3 through 10.7.4
  1. Log into the server using a local administrator user account, and open the Terminal.
  2. Enter this command:
    sudo su
    
  3. Enter your administrator password when prompted.
  4. Enter the following command:
    mkpassdb -setpassword slot-ID
    
    Replace with the value you previously obtained. You are then prompted for the new directory administrator password. If you are unable to obtain the using Workgroup Manager use the Terminal directions instead.
     
  5. Important: At this point, you have root privileges in this session. To avoid potential issues to the system, be sure to quit Terminal once you are done.

No comments:

Post a Comment