Apple 10.5 Leapard manual If You Can’t Modify a User’s Open Directory Password

An administrator account in the computer’s local directory domain can’t be used to authenticate as an administrator of a shared LDAP directory.

If You Can’t Modify a User’s Open Directory Password

To modify the password of a user whose password type is Open Directory, you must be an administrator of the directory domain where the user’s record resides. In addition, your user account must have a password type of Open Directory.

Setting up an Open Directory master (using Server Assistant or the Open Directory service settings in Server Admin) creates a directory administrator account with an Open Directory password. This account can be used to set up other user accounts as directory domain administrators with Open Directory passwords.

If You Can‘t Change a User’s Password Type to Open Directory

To change a user’s password type to Open Directory authentication, you must be an administrator of the directory domain where the user’s record resides. In addition, your user account must be configured for Open Directory authentication.

When the Open Directory master was set up (using the Open Directory service settings in Server Admin) the initial user account is a domain administrator account with an Open Directory password. This account can be used to set up other user accounts as domain administrators with Open Directory passwords.

If You Can’t Assign Server Administrator Privileges

To assign server administrator privileges to a user on a particular server, connect to the server in Workgroup Manager and authenticate in the directory domain. Select the user’s account (or create an account for the user), and then select “User can administer this server” in the Basic pane.

If Users Can’t Log In or Authenticate

If a user can’t log in or authenticate to his or her account, a number of approaches might be required to determine whether the source of the authentication problem is configuration-related or due to the password. Try these techniques:

ÂReset the password to a known value and then determine whether there is still a problem. Try using a 7-bit ASCII password, which is supported by most clients.

ÂMake sure the password contains characters supported by the authentication protocol. Leading, embedded, and trailing spaces, as well as special characters (such as pressing Option-8 to form a bullet), are not supported by some protocols. For example, leading spaces work with POP and AFP, but not IMAP.

ÂMake sure the user’s keyboard can generate all characters in the user’s password.

ÂCrypt passwords don’t support many authentication methods. To increase the probability that a user’s client applications are supported, set the user’s password type to Open Directory or suggest that the user try a different application.