One of the new features introduced in Mac OS X Server is the new invitation to bind. You can send an email to a user, once you have created their account. To do so, from Server Preferences, click on the account you would like to send an invitation for and then click on the cog icon below the list of users. Amongst the options will be a choice to “Send Invitation to ” followed by the users short name. If you send this then the user will get an html formatted email similar to the following:
If the user then clicks on the Automatically Configure My Mac icon they will get a username and password dialog and then a dialog to authenticate into the local machine. The authentication into the local machine will automatically configure the local binding.
The path for the invitation is the following, where USERNAME is replaced with the users short name and https://krypted.com/ is replaced with the domain of your environment:
macosxserverinvite://USERNAME@osxserver.krypted.com
A self destructing launchd item could then be generated for each user if you have a dual directory environment, thus having somewhat of a pull mechanism for users to bind. You could also generate a web site with a linke that points to macosxserverinvite://USERNAME@osxserver.krypted.com. If you leave off the USERNAME@ portion then users will simply be prompted to authenticate into the domain with no name automatically filled into the box.
Once the process is complete the client will be bound into the domain and then be able to log in with accounts that have been pre-configured with functional Mail, iCal and Address Book accounts. Overall, this represents a solution similar to what you can do with the iPhone and a similar deployment mentality if you choose to go that route rather than the traditional route that we have taken with imaging. You can also setup an automatically generated email with each users username by looping the contents of your OD through a quick shell script.
I don’t think I’ll be using this a lot. However, it’s nice to have this new option, even if certain questions like “how is the user going to log into that email account if it is part of our domain” haven’t necessarily been addressed. And at the end of the day I’m sure I’ll end up using it at some point (and it will be exactly the tool I need at the time)…
