Mac OS X,  Mac OS X Server,  Mac Security

Find The Search Base In OS X Server

Once upon a time, Server Admin was a tool that allowed Admins of OS X Server to look at settings for an OS X Server using a graphical tool. As Server Admin is no longer being used, we frequently find there are certain settings we need to find in the replacement Server app that just aren’t in graphical tools any longer. One of the settings that you need when integrating other systems is the search base. This defines the location that searches start when queries against the directory tree are run. When other systems are integrated into Open Directory they need to use this to be able to enumerate information from Open Directory.opendirectoryThe Mac doesn’t really support some of the more esoteric information that can be kept in other directory servers, such as OU= information, so it’s worth mentioning that by default the search base should be dc= followed by each element of the fqdn (and delimited by a ,) of your first Open Directory server. For example, if your first Open Directory Master for a realm was called odm.krypted.lan then the search base would have been “dc=odm,dc=krypted,dc=lan”. I’ve found that over the years realms are moved, hostnames changed, etc, so oftentimes the name doesn’t match the search base.

To find the search base, use the serveradmin command. The service is called dirserv and we’re looking for LDAPSettings:LDAPSearchBase, so the actual command to get this information would be:

serveradmin settings dirserv:LDAPSettings:LDAPSearchBase

The output will show the correct search base setting to use for heterogenous settings.