Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Add a LDAP user


On Oct 10, 2007, at 7:15 PM, Lee Nicholls wrote:

My Ldap database is currently locked and I am unable to authenticate.  I have used all username and passwords I can think off even diradmin etc and it just does not authenticate.  In the meantime I need to add users to the ldap database.  What are the commands used to add an account on a network ldap database?  I have found a some but it only adds it locally and not in the network database.

Thanks

I recommend you find the directory administrator account's password server slot ID, contained in the AuthenticationAuthority user record attribute (see the Open Directory PDF, in the Mac OS X Directory Data section, under Standard Attributes in User Records). A user's password server slot ID can be viewed as follows (substituting 'diradmin' for the name of your directory admin account):

{4} root@tiny [~] # dscl /LDAPv3/127.0.0.1 read /Users/diradmin AuthenticationAuthority
AuthenticationAuthority: ;ApplePasswordServer;0x466529874fce8ee40000000300000003,1024 35 122636978345382208938388312105595316214449375669760560300230105170840486617109338444006009773951467750252796108593933119359703345326827937044433152678522925041956011658130043202546350964711103529034997570967343363583899602249692571481131050627548979604527320731960202107658589402013295084518967518471857383151 email@hidden:10.0.1.202 ;Kerberosv5;0x466529874fce8ee40000000300000003;diradmin@937;937;1024 35 122636978345382208938388312105595316214449375669760560300230105170840486617109338444006009773951467750252796108593933119359703345326827937044433152678522925041956011658130043202546350964711103529034997570967343363583899602249692571481131050627548979604527320731960202107658589402013295084518967518471857383151 email@hidden:10.0.1.202

The password server slot ID (the docs call it "HexID") is the highlighted portion.

Once you know the slot ID, you can reset the password as root using mkpassdb -setpassword. This should allow you to regain control over your network directory.

Cheers,
-Andre
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden
References: 
 >Add a LDAP user (From: "Lee Nicholls" <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.