Reset the Open Directory administrator password

You can reset the Open Directory administrator password for macOS Server without affecting user data.  If an administrator departs without leaving their password, this is the best way to access their account.

  1. On the Open Directory server, open Terminal and use this command:
    ldapsearch -LLL -x -H ldap:// -s base namingContexts
  2. In the output, look for the dc= entries, such as dc=ldap1,dc=example,dc=com. Note these entries.
  3. Log in to the server as an administrator.
  4. Open Terminal, then use the following command. Replace the sample dc= entries with the entries you noted before. Also, if the directory administrator account's uid is not diradmin, change the command accordingly.
    sudo ldappasswd -x -H ldapi://%2Fvar%2Frun%2Fldapi -S uid=diradmin,cn=users,dc=ldap1,dc=example,dc=com
  5. Enter your administrator account password when prompted.
  6. At the "New Password:" prompt, enter the new directory administrator password you want to use. Enter it again when prompted.
Published Date: