
An administrator account in the computer’s local directory domain can’t be used to authenticate as an administrator of a shared LDAP directory.
If You Can’t Modify a User’s Open Directory Password
To modify the password of a user whose password type is Open Directory, you must be an administrator of the directory domain where the user’s record resides. In addition, your user account must have a password type of Open Directory.
Setting up an Open Directory master (using Server Assistant or the Open Directory service settings in Server Admin) creates a directory administrator account with an Open Directory password. This account can be used to set up other user accounts as directory domain administrators with Open Directory passwords.
If You Can‘t Change a User’s Password Type to Open Directory
To change a user’s password type to Open Directory authentication, you must be an administrator of the directory domain where the user’s record resides. In addition, your user account must be configured for Open Directory authentication.
When the Open Directory master was set up (using the Open Directory service settings in Server Admin) the initial user account is a domain administrator account with an Open Directory password. This account can be used to set up other user accounts as domain administrators with Open Directory passwords.
If You Can’t Assign Server Administrator Privileges
To assign server administrator privileges to a user on a particular server, connect to the server in Workgroup Manager and authenticate in the directory domain. Select the user’s account (or create an account for the user), and then select “User can administer this server” in the Basic pane.
If Users Can’t Log In or Authenticate
If a user can’t log in or authenticate to his or her account, a number of approaches might be required to determine whether the source of the authentication problem is
ÂReset the password to a known value and then determine whether there is still a problem. Try using a
ÂMake sure the password contains characters supported by the authentication protocol. Leading, embedded, and trailing spaces, as well as special characters (such as pressing
ÂMake sure the user’s keyboard can generate all characters in the user’s password.
ÂCrypt passwords don’t support many authentication methods. To increase the probability that a user’s client applications are supported, set the user’s password type to Open Directory or suggest that the user try a different application.
Chapter 11 Solving Problems
243