>
> On Dec 10, 2007, at 6:29 AM, Simon Slavin wrote:
>
>>
>> On 8 Dec 2007, at 3:10pm, Gerben Wierda wrote:
>>
>>> I get a panel "Authenticate to Directory /LDAPv3/127.0.0.1" with
>>> my admin's name and password pre-filled. When I click OK I get a
>>> panel telling me "The login information is not valid for this
>>> server".
>>>
>>> However, when I start Workgroup Manager, I use exactly the sam
>>> ecredentials succesfully to connect to the directory.
>>
>> Delete one of the two accounts that share the same name, and make a
>> new one, with a different name and shortname, with admin privs.
>> This will let you diagnose which account is giving you the
>> problems. I generally make an account with the name 'Simon Admin'
>> or 'John Smith' or something like that.
>>
>> If you want to use an account to admin /LDAPv3/127.0.0.1 then you
>> must make an account in /LDAPv3/127.0.0.1 which has Full admin privs.
>
> I still advocate separate admin accounts for machine domain and shared
> domains.
>
> When I was consulting I would always run into customers who had set
> everything up with "admin". So you would log into a workstation as
> "admin" then connect to a server with "admin" then authenticate to
> LDAP with "admin". Good luck guessing who you really are on the
> machine at any given point! Apple made this a pain in 10.3 by
> duplicating the promoting user into LDAP. On 10.4 it was resolved by
> making you pick a new name, but on 10.5 it's back to haunt us in the
> training wheel configs.
>
> What I recommend is to name the local admin accounts with something
> related to the machine, and name the LDAP admin as something related
> to the domain (Although not necessarily diradmin.)
>
> Let's pretend we have 3 Xserves; an OD master named "master", a mail
> server named "mail", and a replica named "replica". Names would be as
> follows with my regular conventions:
>
> master: masteradmin
> mail: mailadmin
> replica: replicaadmin
> OD: odadmin
>
> See? Now no matter where I log in I can clearly see what is going on.
> I won't bang my head against the wall because I can't figure out why
> "admin" isn't working, when it turns out that I am using the wrong
> "admin" user.
I agree that is a good idea. However, how do I set this up using command
line tools I can run as root? Because I cannot change my LDAP using
Workgroup Manager as I am currently unable to authenticate for edit.
G
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
