I have an XServe running Snow Leopard Server (10.6.2). It has some local administrator accounts on it and it is also an OpenDirectory master.
I noticed earlier today that I was not able to login with local administrator credentials via a VNC connection. However, I was able to login with a directory account. Once logged in, I could escalate privileges to perform any privileged operation with local administrator account credentials.
Even after a reboot I was unable to login with my local credentials. So I opened Directory Utility and modified the Search Policy tab to be Automatic. When I did so, I noticed it removed the LDAP directory from the search policy, so I applied my changes and logged out.
As you may surmise by now, I can't log in any more- with either my directory credentials (because I removed them: OOPS!) or with my local credentials (because they still aren't working).
So my question is two-fold:
- How do I log in to this server now with no credentials that seem to work? Is there a configuration file I can change if I can mount this machine's disk? Maybe in single user mode?
- How do I get the search policy working like it should be all along? (I.e., check local user accounts, then directory accounts). This had previously worked, but like I said, seemed to stop working for no apparent reason.
Best Answer
Found out that I couldn't use dscl in single user mode, or via the root account in a >console login. I'm not exactly sure why, but I did realize that the plists that dscl manipulates still had the right data except for one little value.
This thread pointed me in the right direction. I need to set the value of the Search Policy key to INT 3 (meaning Custom Search Policy) instead of INT 1 (the value I had set meaning Automatic):