Randy Saeks has posted a paper on integrating Open Directory with Google Apps. It’s a nice read and takes a lot of the guessing game out of getting Google Apps to authenticate users based on Open Directory. Many of the steps can also be leveraged to use the GoogleAppsToolkit for LDAP running on other platforms as well.
-
-
SSHKeychain
In an earlier post about SSH security, I mentioned using an application for using SSH keys with Keychain. Well, SSHKeychain was the application I was talking about. Sorry for the confusion and thanks for those who mentioned it (but no thanks goes out to the guy who called me on my cell at 7am to tell me – you know who you are;).
-
Pushing Additions to CoRD from Shell
Since I already started down this path, we can also push out information for a Windows box therefore programatically allowing you to push updates to two programs and be able to manage all your boxen. You would push something along the following (creating a file that matches your naming convention followed by .rdp): connect to console:i:0 bitmapcachepersistenable:i:1 redirectdrives:i:0 disable wallpaper:i:1 disable full window drag:i:1 disable menu anims:i:1 disable themes:i:0 audiomode:i:0 desktopwidth:i:1024 desktopheight:i:768 session bpp:i:16 cord save password:i:0 startdisplay:i:0 cord fullscreen:i:0 cord row index:i:2 full address:s:10.10.10.10 username:s:charles domain:s: cord label:s:charles So programatically you can change any of the settings by replacing it with a variable. Therefore, in a script if we…
-
Adding Man Pages
There are a number of man pages in Mac OS X that don’t show up when you type man followed by the command – especially if you’ve gone and started bolting new open source software onto your OS that keeps its man page in its own directory structure. If you have the path to a directory of man pages then you can view these using the man command easily once you add it to your MANPATH. The MANPATH is an environment variable that can be set by editing a users .bash_profile directory. Simply add the directory you’d like to scan in a new line that starts with MANPATH=. For example…
-
Mac OS X 10.5.7 Available
The 10.5.7 update is out. The update comes most notably with a number of security fixes. Also, you’ll find some fixes for network performance (in certain environments), home directories, improved Finder searching for network volumes, directory services updates, mcx updates, synchronization issues (iCal, Notes from Mail, MobileMe) and some printing improvements (most notably with the annoying allowing non-admin users to add printers issue). Overall it’s a good update and if you need to run things through a lab in your environment then you’re big enough to likely see some benefits from this update and should start doing so sooner rather than later. Not that it’s only for larger environments, but…
-
MinneSec
May 21st at the Bulldog in NE Minneapolis – MinneSec. Provided I’m allowed by the evil travel lords I will be there to partake in what I’m sure will be fantastic discussions on security topics. The website.
-
Using Mac OS X's Built-in Port Scanner
It’s not nmap, but then it’s not meant to be. Network Utility has a port scanner – it’s built in and really easy to use. Since Network Utility is distributed with every copy of Mac OS X it stands to reason that every copy of Mac OS X has the ability to scan a port without using a GUI tool. Enter one of the best named tools in Mac OS X, stroke. Stroke is the command line back-end to the Port Scan tab of Network Utility. To use stroke, you will need to cd into the Network Utility application bundle and then cd into Contents and then Resources. Once you are…
-
Self Destructing Scripts
I have mentioned creating a self destructing script or launchd item a few times in articles on this site. But it was recently pointed out that I never actually showed how to go about doing so. Until recently I would actually use an out-of-band script to remove a script, a launchd agent or a launchd daemon. However, this would invariably leave elements somewhere on a file system of the script. For example, within a script I would echo out another script, fire off that script and then use it to delete (rm) the original script. When I planned out a deployment or a series of scripts I would always have…
-
Integrating Mac and Linux with eDirectory
Mac OS X clients can be integrated with Novell’s eDirectory out of the box for the purposes of authentication. Beyond that, I often see questions about other integration options with eDirectory and Mac OS X online and I almost always point people to this article, by Randall Saeks, which is a great document to get you started. Given that the article was written in 2006, a little more work may be needed to get specific features of Leopard working (to be specific, schema extensions), but it’s a great starting point overall. But Novell isn’t targeting just Mac OS X clients. They also provide a document on getting started with Linux…
-
Accessing the Final Cut Server Database Remotely
Before I get started: By remote, I mean from another machine – I sincerely hope that you will not be opening your Final Cut Server database to the WAN. So again, please be careful with this as there is no security around the database and you will be limiting access via IP for now. This article lays the beginning framework for a series (no promises on when the next in the series will be posted) on clustering the stored role of Final Cut Server, which provides the database (back end functionality) of Final Cut Server. All of this is done using built in tools for Final Cut Server. Don’t do…