How to reset an Open Directory Administrator’s password

Resting a Open Directory PasswordThis is a trivial task when you are a Directory Administrator, however what if you find yourself in a situation of when your admin has left or disappeared without notice and no one else has the directory admin password … or in my case: Something really bad happened to your Open Directory Master and the directory administrator can no longer access the directory.

In the latter some might say restore from backups, but that should be an absolute last resort, and in reality backups are good for data restoration NOT system states. Well the key here is you still have to have full (root) access to the Directory Master (locally). In plain english you need to retrive the slot-id for the directory administrator and change its db password hash. I think if I have to explain it all to you then you probably shouldn’t be the one in charge to remedy this situation or you will understand by just looking how to do it. So for both cases here is a little script


# Author: Joseph J. Viscomi    E-Mail: jjviscomi [at] gmail [dot] com || jviscomi [at] brehm [dot] org
# Date: 2/10/2010
# Description: This script is interactive, it prompts you for a new password. It
#              will get the slot-id for the given user and attempt to change it's
#              password. This needs to be run using sudo.

if [ $# = 1 ]; then
  echo "Going to change password for $1"
  echo -n "slot id: "
  echo `sudo mkpassdb -dump | grep $1 | awk '{ print $3 }'`
  sudo mkpassdb -setpassword `sudo mkpassdb -dump | grep $1 | awk '{ print $3 }'`

The above script takes exactly one argument, the short name of the directory administrator.  If you follow the manual when creating your Open Directory Master it is labeled as diradmin (which should be changed …) so this command would be run like the following:

sudo ./ diradmin

Simply follow it if you want to know what it is doing, line 13 is where the magic happens! I have never actually run this script so their might be a typo or something. If there is a problem let me know and I will correct it, but it looks good. I hope no one ever needs to deal with this.

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Performance Optimization WordPress Plugins by W3 EDGE