Filter
Top Products
Chapter 11 Solving Problems 243
An administrator account in the computer’s local directory domain can’t be used to
authenticate as an administrator of a shared LDAP directory.
If You Can’t Modify a User’s Open Directory Password
To modify the password of a user whose password type is Open Directory, you must be
an administrator of the directory domain where the user’s record resides. In addition,
your user account must have a password type of Open Directory.
Setting up an Open Directory master (using Server Assistant or the Open Directory
service settings in Server Admin) creates a directory administrator account with an
Open Directory password. This account can be used to set up other user accounts as
directory domain administrators with Open Directory passwords.
If You Can‘t Change a User’s Password Type to Open Directory
To change a user’s password type to Open Directory authentication, you must be an
administrator of the directory domain where the user’s record resides. In addition, your
user account must be configured for Open Directory authentication.
When the Open Directory master was set up (using the Open Directory service settings
in Server Admin) the initial user account is a domain administrator account with an
Open Directory password. This account can be used to set up other user accounts as
domain administrators with Open Directory passwords.
If You Can’t Assign Server Administrator Privileges
To assign server administrator privileges to a user on a particular server, connect to the
server in Workgroup Manager and authenticate in the directory domain. Select the
user’s account (or create an account for the user), and then select “User can administer
this server” in the Basic pane.
If Users Can’t Log In or Authenticate
If a user can’t log in or authenticate to his or her account, a number of approaches
might be required to determine whether the source of the authentication problem is
configuration-related or due to the password. Try these techniques:
 Reset the password to a known value and then determine whether there is still a
problem. Try using a 7-bit ASCII password, which is supported by most clients.
 Make sure the password contains characters supported by the authentication
protocol. Leading, embedded, and trailing spaces, as well as special characters (such
as pressing Option-8 to form a bullet), are not supported by some protocols. For
example, leading spaces work with POP and AFP, but not IMAP.
 Make sure the user’s keyboard can generate all characters in the user’s password.
 Crypt passwords don’t support many authentication methods. To increase the
probability that a user’s client applications are supported, set the user’s password
type to Open Directory or suggest that the user try a different application.