Creating admin account in ldap
Hi,
I have a mac client, which authenticats to the ldap running on a mac os x server for user login. How can I configure a user in the ldap on the server, so hat when this user logs in to the mac client, he will be a local administrator for that mac client.
Thanks.
You don't create those accounts on the Server.
On a Workstation, the initial account you create when you install Mac OS X, or any new account you add to that Workstation using:
System Preferences > Accounts
... will be a strictly local \[this Mac ONLY] account. Of course, you must be an Admin to create new accounts there.
By contrast, Network-visible accounts are created with Workgroup Manager, provided you point WorkGroup Manager at the correct network-visible LDAPv3 directory when you create those new accounts.
I find it very convenient to have a "Standard" Administrator ID on every Workstation, so that I can always log on and do maintenance and updates, even without a connection to the Server. I use a name that starts with X so that it alphabetizes near the end of the list and does not get in the way. This really is a multitude of accounts -- one per workstation -- that have the same name, but do NOT share a Home Directory on the Server.
The down side of this is if the kids ever discover the password for one of those accounts, they know the password for every similar account on every Workstation.
If that does not make sense, or I have not answered your intended question, please ask again!
Message was edited by: Grant Bennet-Alder
Similar Messages
-
I have one user account currently that obviously also serves as my admin account.
For security reasons, I would like to create a true admin account and then have a user account I primarily use.
I am not sure how to do this. Should I create a new user account without admin privileges and them move my docs, etc to that account?
Tony StinsonHi Tony
That's one way, but it would be easier to first create a new account with admin privileges, then change your existing working account to non-admin. That way you don't have to move anything.
regards roam -
AppleScript to create Admin Account
This is what I have but it keep failing.
Any help would be great
set T_password to text returned of (display dialog "Set Password" default answer "")
set longUser_name to text returned of (display dialog "Set Long Username" default answer "")
set user_name to text returned of (display dialog "Set Username" default answer "")
set userID to 600
set groupID to 1001
if (do shell script "/usr/bin/dscl . -search /Users name " & user_name) is not "" then
display alert "User name " & user_name & " already exists, modify the user name and try it again "
return
end if
-- create account, if (the user ID or the group ID) already exists, loop until the id is unique
do shell script "declare dscl=/usr/bin/dscl;t_uid=" & userID & ";g_uid=" & groupID & ";userA=" & user_name & "
while [[ -n \"$($dscl . -search /Users uid $t_uid)\" ]]; do
t_uid=$[t_uid+1]
done
while [[ -n \"$($dscl . -search /Users uid $g_uid)\" ]]; do
g_uid=$[g_uid+1]
done
$dscl . -create /Users/\"$userA\"
$dscl . -create /Users/\"$userA\" UserShell /bin/bash
$dscl . -create /Users/\"$userA\" RealName " & longUser_name & "
$dscl . -create /Users/\"$userA\" UniqueID $t_uid
$dscl . -create /Users/\"$userA\" PrimaryGroupID $g_uid
$dscl . -create /Users/\"$userA\" NFSHomeDirectory /Users/\"$userA\"
$dscl . -passwd /Users/\"$userA\" " & T_password & "
$dscl . -append /Groups/admin GroupMembership \"$userA\"
/usr/sbin/createhomedir -l -u \"$userA\"
/bin/echo \"Admin account: \"$userA\" successfully created\"" with administrator privileges
display alert the result
I get this errorOk I reworked the script but it fails.
set userPass to text returned of (display dialog "Set Password" default answer "")
set longUser to text returned of (display dialog "Set Long Username" default answer "")
set shortUser to text returned of (display dialog "Set Username" default answer "")
set userID to 502
set groupID to 80
set theCommand to ""
set theCommand to ""
-- Build the dscl command
set theCommand to theCommand & "/usr/bin/dscl / -create /Users/" & shortUser & ";"
set theCommand to theCommand & "/usr/bin/dscl / -create /Users/" & shortUser & " UserShell /bin/bash;"
set theCommand to theCommand & "/usr/bin/dscl / -create /Users/" & shortUser & " RealName " & quoted form of longUser & ";"
set theCommand to theCommand & "/usr/bin/dscl / -create /Users/" & shortUser & " UniqueID " & userID & ";"
set theCommand to theCommand & "/usr/bin/dscl / -create /Users/" & shortUser & " PrimaryGroup " & groupID & ";"
set theCommand to theCommand & "/usr/bin/dscl / -create /Users/" & shortUser & " NFSHomeDirectory /Users/" & shortUser & ";"
set theCommand to theCommand & "/usr/bin/dscl / -passwd /Users/" & shortUser & space & userPass & ";"
set theCommand to theCommand & "/usr/bin/dscl / -append /Groups/admin GroupMembership " & shortUser
do shell script theCommand with administrator privileges
Error:
tell current application
do shell script "/usr/bin/dscl / -create /Users/kyle;/usr/bin/dscl / -create /Users/kyle UserShell /bin/bash;/usr/bin/dscl / -create /Users/kyle RealName 'kyle';/usr/bin/dscl / -create /Users/kyle UniqueID 502;/usr/bin/dscl / -create /Users/kyle PrimaryGroup 80;/usr/bin/dscl / -create /Users/kyle NFSHomeDirectory /Users/kyle;/usr/bin/dscl / -passwd /Users/kyle k;/usr/bin/dscl / -append /Groups/admin GroupMembership kyle" with administrator privileges
--> error "Data source (/) is not valid.
Data source (/) is not valid.
Data source (/) is not valid.
Data source (/) is not valid.
Data source (/) is not valid.
Data source (/) is not valid.
Data source (/) is not valid.
Data source (/) is not valid." number 69
Result:
error "Data source (/) is not valid.
Data source (/) is not valid.
Data source (/) is not valid.
Data source (/) is not valid.
Data source (/) is not valid.
Data source (/) is not valid.
Data source (/) is not valid.
Data source (/) is not valid." number 69 -
Creating local client's admin account in ldap
Hi,
I have a mac client, which authenticats to the ldap running on a mac os x server for user login. How can I configure a user in the ldap on the server, so hat when this user logs in to the mac client, he will be a local administrator for that mac client.
Thanks.If you haven't received an answer yet, its quite simple. Take a user with whom you want to have admin control on a local machine and make that users primary group 80 via Workgroup Manager.
-
Hello Experts,
We have setup E-Sourcing 5.1 connected to a MS AD server as LDAP. This LDAP was created exclusively for E-Sourcing application.
We want to try a scenario where the user administration is handled only by E-Sourcing system, and credentials and passwords are stored in the LDAP. Note that this means that there won't be any user Administration in LDAP, it would be done through e-Sourcing. Is this possible?
We tried creating "New Accounts" in the LDAP by creating a new user in E-Sourcing, but so far it's been unsuccessful. We get a "driver error" in the ESO UI. It seems the system requires the account to be previously created in LDAP so it can be created in E-Sourcing.
Has anybody tried doing this?
Your help is appreciated.
Regards,
Gilberto GallardoHi Gilberto,
If I understand correctly, when you create a new user account in Sourcing, you want Sourcing to create that account in LDAP as well. This should be possible. I would check if the right Driver is selected in the Directory Configuration. Also, make sure the LDAP related fields on the Directory Configuration such as Host, Port, Directory User Name, Password, BASE DN, etc. has the right values.
Also, can you provide more details on the error message? I would check the Sourcing logs, it should contain more information on the error.
Once the account is successfully created in LDAP, the attributes on the directory configuration can be set to push or pull depending on what is desired.
Regards,
Vikram -
Problem creating account in LDAP directory domain
Hi all,
I am trying to create a new account in the LDAP directory on a machine running OS X Server 10.3. I can do this by selecting Other from the directory dropdown, then choosing LDAPv3/127.0.0.1 and authenticating. However, after I create the account, I choose Advanced to change the password type to Open Directory. However, when I do so, a popup informs me that I must first run Password Admin, and that I can do so from Server Admin. I cannot find this anywhere in Server Admin, nor can I find any documentation on it. Am I missing something here?Never mind, I found the solution myself - I had to reinitialize the LDAP administrator.
-
How Do I create an Admin account?
Hi
This sounds silly but.... How do I set up an administrator account ?
I am using DW CS3 and ADDT and PHPMYADMIN
I can create a table with a level_user field and al the other usual fields
I can use the login wizard and / or the ADDT control panel to set and add user levels so I have added user and admin levels and I can figure out the rest I think but h I have read many tutorials and I still can't figure out how to create an admin account? I have thought I have to create a temp form with a level field just to upload my admin level into the user_level field in my database table, say level "1" and then creat another form with no user level field for users to upload their info and have their level set by the default value in the login wizard say level "2"
Does this sound like the correct way to go about thing?
Is there a better more logical way to do this?
I have asked this question in the nonrmal dreamweaver and I was told to
"Use a frontend like PHPMyAdmin to construct the db and set one of the account's user levels to something like "admin" instead of "y" or whatever and then filter on "admin."
I really don't understand this as I only want to set acces levels to one table so that I can delete records as administrator and so that noone else can access certain pages
Anyone got any ideas?
Any help would be more than helpful
Have a nice dayHi Charis,
I have asked this question in the nonrmal dreamweaver and I was told to
"Use a frontend like PHPMyAdmin to construct the db and set one of the account's user levels to something like "admin" instead of "y" or whatever and then filter on "admin."
folks in the regular DW forums don´t necessarily know how ADDT handles the "user levels", so here´s my suggestion:
a) create the ADDT "login" table with PhpMyAdmin, add one default record
(probably your own account) and set its "level_usr" column´s value to "1"
b) add this very column to ADDT´s array of session variables within the Control Panel and name it, say "kt_level"
I really don't understand this as I only want to set acces levels to one table so that I can delete records as administrator and so that noone else can access certain pages
once you have the additional session variable "kt_level" defined, you can always filter against this one -- for example...
a) in a "Show If Conditional Region"
(for hiding certain page elements)
b) in a "Restrict Access To Page" behaviour
(to prevent access to a whole page)
and then creat another form with no user level field for users to upload their info and have their level set by the default value in the login wizard say level "2"
that´s a good approach :-)
Cheers,
Günter Schenk
Adobe Community Expert, Dreamweaver -
Have a Mini with "Default User" account. Can an admin account be created instead of using that?
I purchased an Early 2009 Mini on eBay. The seller reinstalled Leopard on it (that's what it came with) after erasing his stuff on it. He put "Default User" as the user name, but no password. He said for security that I should make an account with a password.
When I upgraded to Snow Leopard, I thought it would have an option to create a user name and password. It didn't. Can I make up another user account as the administration account; then use a third user account for documents, pics, etc. (not to disturb the admin account) and forget using the "Default User" account?
I really hate to take the time to erase and reinstall Leopard and Snow Leopard just to remove the "Default User" account.
Thanks.
silverado93In order to create another account the account you are using needs to have admin privileges. Does it? If so you unlock the Accounts prefpane by clicking the lock in the lower left and entering the admin password (hence the reason the account you're using needs to be an administrator). Then you can create other accounts and click the checkbox for an account that says "Allow user to administer this computer".
Not you can change the admin password for an account by using booting from your installer disk.
Now having said all that are you currently in a state where you have a single account that is not an admin account? -
How to Create a New Admin Account and Change Original to Standard Account?
I have a single user admin account that I set up when I got my PowerBook. Now I want to have two accounts with the new one being the admin account. This way I can leave most of the data files, email accounts, etc. with the old account and use the new one for personal data and admininistration. Then I could give out the password for the original account without fear that a user could change permissions and get access to the new account with the personal data. Can I create a new admin account and then change the original account to "Standard" instead of "admin"? What problems will this create?
PowerBook G4 Mac OS X (10.3.9)i2:
Not sure if you are asking if or how. Templeton has
answered if. Here's how.
Apple Menu > System Prefs > Accounts. Click on the +
under User Options to create new account. Go to
Security and check box at bottom to make account
admin. You can take care of the other items, picture
etc, login options etc.
To make the other account Standard select the
account, go to Security and deselect box "Allow User
to Administer".
Hope this answers your questions.
Good luck.
cornelius
PismoG4 550,
100GB 5400 Toshiba internal, 1 GB RAM; Pismo 500 OS
(10.4.4) Mac OS X (10.3.9) Beige G3 OS
8.6
Thanks, I'm tying to find out if I will run into problems, such as not being able to use the new admin account to change permissions in the old. -
I just purchased a one year old iMac. How do I create a brand new admin account?
I just purchased a one year old iMac. How do I create a brand new admin account?
The first thing to do with a second-hand computer is to erase the internal drive and install a clean copy of OS X. You—not the original owner—must do that. How you do it depends on the model, and on whether you already own another Mac. If you're not sure of the model, enter the serial number on this page. Then find the model on this page to see what OS version was originally installed.
It's unsafe, and may be unlawful, to use a computer with software installed by a previous owner.
1a. If you don't own another Mac
If the machine shipped with OS X 10.4 or 10.5, you need a boxed and shrink-wrapped retail Snow Leopard (OS X 10.6) installation disc from the Apple Store or a reputable reseller—not from eBay or anything of the kind. If the machine is very old and has less than 1 GB of memory, you'll need to add more in order to install 10.6. Preferably, install as much memory as it can take, according to the technical specifications.
If the machine shipped with OS X 10.6, you need the installation media that came with it: gray installation discs, or a USB flash drive for a MacBook Air. You should have received those media from the original owner, but if you didn't, order replacements from Apple. A retail disc, or the gray discs from another model, will not work.
To start up from an optical disc or a flash drive, insert it, then restart the computer and hold down the C key at the startup chime. Release the key when you see the gray Apple logo on the screen.
If the machine shipped with OS X 10.7 or later, you don't need media. It should start up in Internet Recovery mode when you hold down the key combination option-command-R at the startup chime. Release the keys when you see a spinning globe.
Some models shipped with OS X 10.6 and received a firmware update after 10.7 was released, enabling them to use Internet Recovery. If you have one of those models, you may not be able to reinstall 10.6 even from the original discs, and Internet Recovery may not work either without the original owner's Apple ID. In that case, contact Apple Support, or take the machine to an Apple Store or another authorized service provider to have the OS installed.
1b. If you do own another Mac
If you already own another Mac that was upgraded in the App Store to the version of OS X that you want to install, and if the new Mac is compatible with it, then you can install it. Use Recovery Disk Assistant to prepare a USB device, then start up the new Mac from it by holding down the C key at the startup chime. Alternatively, if you have a Time Machine backup of OS X 10.7.3 or later on an external hard drive (not a Time Capsule or other network device), you can start from that by holding down the option key and selecting it from the row of icons that appears. Note that if your other Mac was never upgraded in the App Store, you can't use this method.
2. Partition and install OS X
If you see a lock screen when trying to start up from installation media or in Recovery mode, then a firmware password was set by the previous owner, or the machine was remotely locked via iCloud. You'll either have to contact the owner or take the machine to an Apple Store or another service provider to be unlocked. You may be asked for proof of ownership.
Launch Disk Utility and select the icon of the internal drive—not any of the volume icons nested beneath it. In the Partition tab, select the default options: a GUID partition table with one data volume in Mac OS Extended (Journaled) format. This operation will permanently remove all existing data on the drive.
After partitioning, quit Disk Utility and run the OS X Installer. If you're installing a version of OS X acquired from the App Store, you will need the Apple ID and password that you used. When the installation is done, the system will automatically restart into the Setup Assistant, which will prompt you to transfer the data from another Mac, its backups, or from a Windows computer. If you have any data to transfer, this is usually the best time to do it.
Then run Software Update and install all available system updates from Apple. To upgrade to a major version of OS X newer than 10.6, get it from the Mac App Store. Note that you can't keep an upgraded version that was installed by the original owner. He or she can't legally transfer it to you, and without the Apple ID you won't be able to update it in Software Update or reinstall, if that becomes necessary. The same goes for any App Store products that the previous owner installed—you have to repurchase them.
3. Other issues
If the original owner "accepted" the bundled iLife applications (iPhoto, iMovie, and Garage Band) in the App Store so that he or she could update them, then they're irrevocably linked to that Apple ID and you won't be able to download them without buying them. Reportedly, Mac App Store Customer Service has sometimes issued redemption codes for these apps to second owners who asked.
If the previous owner didn't deauthorize the computer in the iTunes Store under his Apple ID, you wont be able to authorize it immediately under your ID. In that case, you'll either have to wait up to 90 days or contact iTunes Support.
When trying to create a new iCloud account, you might get a failure message: "Account limit reached." Apple imposes a lifetime limit of three iCloud account setups per device. Erasing the device does not reset the limit. You can still use an iCloud account that was created on another device, but you won't be able to create a new one. Contact iCloud Support for more information. The setup limit doesn't apply to Apple ID accounts used for other services, such as the iTunes and Mac App Stores, or iMessage. You can create as many of those accounts as you like. -
How to create Users/Roles for ldap in weblogic without using admin console
Is it possible to create Users/Roles for ldap in weblogic without using admin console? if possible what are the files i need to modify in DefaultDomain?
or is there any ant script for creating USers/Roles?
Regards,
Raghu.
Edited by: user9942600 on Jul 2, 2009 1:00 AM
Edited by: user9942600 on Jul 2, 2009 1:58 AMHi..
You can use wlst or jmx to perform all security config etc.. same as if it were perfomred from the admin console..
.e.g. wlst create user
..after connecting to admin server
serverConfig()
cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator")
cmo.createUser("userName","Password","UserDesc")
..for adding/configuring a role
cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/RoleMappers/XACMLRoleMapper")
cmo.createRole('','roleName', 'userName')
...see the mbean docs for all the different attributes, operations etc..
..Mark. -
Creating limited admin account
Hello,
We are using Win2008R2 Std Active Directory and I would like to create a new group for new IT starters. They will need access to join computers to the domain, install software on domain computers, look at logs, run maintenance tasks and create accounts and
reset passwords. I don't want them to be able to mess with domain admin accounts.
I have created a group "First Line" and made it a member of "Account Operators", "Performance Log Users", "Performance Monitor Users" and "Print Operators". I assigned my test user to the group and logged
onto a domain computer using the account. I found that I could reset the domain Administrator's password!
Please could someone explain what I'm obviously misunderstanding here? How can a non-admin change admin passwords? Am I going about this all wrong?
Thanks in advance.
ElliotHi Elliot,
Based on my research, under normal circumstances, members reside in Account Operators group should not be able to modify Domain Administrators, nor the Domain Controllers OU, which is by design.
Moreover, the Account Operators group belongs to Protected Groups, which means that the ACL of this group is fixed because a background process runs every hour by default to make sure that the ACL stays the same.
Have you added this user to the domain admins group accidentally?
More information for you:
Default groups
http://technet.microsoft.com/en-us/library/cc756898(v=WS.10).aspx
can account operators reset domain administrator password?
http://social.technet.microsoft.com/Forums/windowsserver/en-US/bcda44e8-0056-4b53-9c66-ffeebe85e86e/can-account-operators-reset-domain-administrator-password?forum=winserverDS
AdminSDHolder, Protected Groups and SDPROP
http://technet.microsoft.com/en-us/magazine/2009.09.sdadminholder.aspx
Best Regards,
Amy Wang -
How to delete current owner/admin account and create a new owner/admin acct
I am the owner and only user of my G5. I've owned it since 2007 when it was new.
I need to delete my current account and establish a new owner/admin account. When completed the new owner/admin account should be the only account on the machine.
Can anyone offer some help.
ThanksHere's the deal..
I own a software titled "Kinemac". It's a 3D animation software which creates QT movies to import into Final Cut Pro. I've had the software since last April and about a month ago, all of a sudden, the program would no longer open. I contacted Kinemac's Support. They said my computer had apparently been "banned" by the software. (Maybe it saw the computer as trying to pirate the program.?????)
I tried downloading a new copy of the software, reinstalled, entered serial#, etc. and still would not open. There was no crash. It just would not open.
Kinemac said its only way to correct the problem was to enter into a screen share with iChat. I tried for 20 minutes with them to establish screen share with no luck. We could "chat" but not screen share. So, I came to the Apple Discussions pages on iChat and spent about an hour with a Discussions' User on iChat with NO luck there either. I gave up on iChat. Not certain I wanted someone unknown on a screen share anyway.
Which brings us to this point. Kinemac says I can also add a new Admin Acct. Delete the current Admin and then rename the new user with the old user's name. I frankly don't want to mess around doing that but apparently there's alternative for Kinemac. So that's why I'm seeking info on how to do it. I really like the software and want to rectify the situation.
Hope this explains the situation. Thanks. -
Creating new admin account and deleting old one
I am handing my MacbBook Pro to my wife
I am thinking about deleting my account (which is an admin, of course). I made her an admin account and she has access to all my apps when she logs in...
I WANT her to have access to my applications as if they were hers even when my account is deleted (e.g. Adobe CS3, Skype, etc.).
My Question:
When I delete my admin account (with which the applications were installed), will she automatically not have access to the apps in the "applications folder" anymore? In other words, when I delete the admin account with which the application where installed, do all applications and setting from that account get deleted as well from all other users?
Thank you.
(transfering, sync'ing, etc. can be so easy but such a headache from a personal standpoint: managing changes)So, this would create her a new admin account but:
1. my old account folder will be there but without being associated with a user
2. same for her old folder
3. all I have to do is drag her old account's application folder + application support folder onto her new admin account and all applications would run like we never even even left her old account behind?
Will any Leopard boot CD work or does it have to be one made specifically with her computer (it didn't come with a boot CD)...
thanks... -
I need to create a new admin account. but i lost the cd that came with the macbook, and forgot my password. also can the cd be replaced.
You can purchase replacement discs from AppleCare:
Apple Store Customer Service at 1-800-676-2775 or visit online Help for more information.
To contact product and tech support visit online support site.
You can try the following to reset the password without the DVD:
How to change your username and/or password from the Terminal
1. Boot into single-user or verbose mode
2. At the prompt enter the following commands. Press RETURN after each:
fsck -fy
mount -uw /
launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist
dscl . -passwd /Users/username password
Replace username with the targeted user and password with the desired password.
reboot
This allows you to reset the password in single user mode without booting from the install media. The above tip is attributed to Satcomer.
Maybe you are looking for
-
Data Migration from Legacy system to ECC systems via ETL through SAP PI
Hi All, I wanted to know if we can migrate the data from Legacy systems to ECC systems via PI. What I understand is there is ETL tool is used to extract the data from legacy system, and what client is looking to load that data via PI? Can we do that
-
I guess Flock is no longer supported/updated so the website asked me to move over to Firefox which I've done. How do I get all my website bookmarks from Flock to Firefox? Thanks.
-
ITunes match says "matched" I delete the song to download better version and get the same bit rate
HI, title says it all. :-) I made a smart playlist to filter out the tracks that I can upgrade to a better version. This worked well for most of my library but there are a couple of songs that are listed at 128kbps. I delete these and then click
-
Trouble opening CD-ROM: 'application quits unexpectedly'
Hi there, I've been trying to open and use a language learning CD-ROM (Talk Now! Hungarian) on my MacBook Air using the external CD/DVD superdrive. I'm able to open it for about 20 seconds, but every time it closes and I get the error message, 'Talk
-
IP Adressing and subnetting for small company
Hey everybody. I'm trying to come up with the best solution for this topology. The descryption is as follows: A small company with 50PCs, 10Printers, 5Web Servers and 5 IP phones is functioning in two places. City A - the main branch and City B. Now