macOS Server Account Lockout Policy Enforcement

In light of macOS Server removing the Account Lockout Policy Enforcement feature from the GUI, one can still apply this enforcement by way of terminal command on the Open Directory Server itself. For Example: Set LDAP Account Policy Enforcement: pwpolicy -a <<diradmin>> -p <<password>> -u <<username to unlock> -setpolicy "maxFailedLoginAttempts=1" ** This sets 5 password … Continue reading macOS Server Account Lockout Policy Enforcement

Changing OD password by command line

Login to the server running Open Directory and run the following to be prompted to change snoopdog's password sudo passwd -i OpenDirectory -l /LDAPv3/127.0.0.1 -u diradmin snoopdog found here: https://discussions.apple.com/thread/1509269 NAME      passwd -- modify a user's password SYNOPSIS      passwd [-i infosystem [-l location]] [-u authname] [user] DESCRIPTION      The passwd … Continue reading Changing OD password by command line

dscl

Get a list of all users' short names: dscl . -list /Users Get detailed user info on a particular user: dscl . -read /Users/ Get a particular value in a user's info: dscl . -read /Users/ Example of are UniqueID Get detailed user info for all users: dscl . -readall /Users Get a particular value … Continue reading dscl

Reset the Open Directory administrator password

Reset the Open Directory administrator password You can reset the Open Directory administrator password for macOS Server without affecting user data. If an administrator departs without leaving their password, this is the best way to access their account. On the Open Directory server, open Terminal and use this command: ldapsearch -LLL -x -H ldap://127.0.0.1 -s … Continue reading Reset the Open Directory administrator password