Open Directory has never been this easy to setup for a basic environment as it is in macOS Server 5.2 (for macOS 10.12 on Sierra). It’s also never been so annoyingly simple to use that to do anything cool requires a bunch of command line foo. And never has removing replicas been so difficult. No offense to the developers, but this whole idea that the screens and concepts that were being continually refined for a decade just need to be thrown out seems to have led to a few babies thrown out along with that OD bathwater. Features mean buttons. Buttons make things a tad bit more complicated to use than…
-
-
Demote Open Directory Servers Using The Command Line
The command to create and tear down an Open Directory environment is slapconfig. When you disable Open Directory from the Server app you aren’t actually removing users. To do so, you’d use slapconfig along with the -destroyldapserver. When run, you get a little insight into what’s happening behind the scenes. This results in the following: bash-3.2# slapconfig -destroyldapserver Note: Currently the system is not working as intended on replicas. The replica will remove, but the Open Directory Master will not remove the replica from the Open Directory list. The process will fail in 10.12 and above. I’ve filed a radar on this. You can archive and restore the master and then rebuilt…
-
Automating The Server.app Setup Using A Script
There are a couple of parts to this article. The first is to describe the server command, stored in /Applications/Server.app/Contents/ServerRoot/usr/sbin/server. The description of the command by Brad Chapman was so eloquently put on this JAMF Nation post that I’m just gonna’ paste it in here: So … I just installed Server 5.0.x tonight on my Mac Mini running Yosemite (10.10.5). There was a question that came up during JNUC about upgrading Server and having a way to accept the license agreement without going through the GUI. So for shits and giggles I tried: server setup It’s not documented. And lo and behold, I got the prompt to accept the license agreement just…
-
Encrypting OS X Server 5 Volumes In El Capitan
Encrypting a volume in OS X couldn’t be easier. In this article, we will look at three ways to encrypt OS X El Capitan volumes in OS X Server 5. The reason there are three ways is that booted volumes and non-booted volumes have different methods for enabling encryption. Encrypting Attached Storage For non-boot volumes, just control-click or right-click on them and then click on Encrypt “VOLUMENAME” where the name of the volume is in quotes. When prompted, provide an encryption password for the volume, verify that password and if you so choose, provide a hint. Once the encryption process has begun, the entry previously clicked on says Encrypting “VOLUMENAME” where…
-
Demote Open Directory Servers In OS X Server 5 Using The Command Line
The command to create and tear down an Open Directory environment is slapconfig. When you disable Open Directory from the Server app you aren’t actually removing users. To do so, you’d use slapconfig along with the -destroyldapserver. When run, you get a little insight into what’s happening behind the scenes. This results in the following: bash-3.2# slapconfig -destroyldapserver The logs are as follows: 2015-09-08 04:17:58 +0000 slapconfig -destroyldapserver 2015-09-08 04:17:58 +0000 Deleting Cert Authority related data 2015-09-08 04:17:58 +0000 Removed directory at path /var/root/Library/Application Support/Certificate Authority/Krypted Open Directory Certificate Authority. 2015-09-08 04:17:58 +0000 command: /usr/sbin/xscertadmin add –reason 5 –issuer Krypted Open Directory Certificate Authority –serial 3449505949 2015-09-08 04:18:19 +0000 command:…
-
Manage The Adaptive Firewall Options In OS X Server 5
OS X Server 5 (El Capitan 10.11 or Yosemite 10.10) has an adaptive firewall built in, or a firewall that controls incoming access based on clients attempting to abuse the server. The firewall automatically blocks incoming connections that it considers to be dangerous. For example, if a client attempts too many incorrect logins then a firewall rule restricts that user from attempting to communicate with the server for 15 minutes. If you’re troubleshooting and you accidentally tripped up one of these rules then it can be a bit frustrating. Which is why Apple gives us afctl, a tool that interacts with the adaptive firewall. The most basic task you can…
-
Roundcube for OS X Server
The latest Roundcube installer for OS X Server is now available at http://topicdesk.com/downloads/roundcube. This update, which provides a pretty awesome WebMail interface to OS X Server’s Mail Service provides the following: One installer that supports all Mavericks and Yosemite Roundcube WebMail 1.0.3 installed as a WebApp Automatically Configured Plugins Roundcube CardDav: Server-based address books Roundcube Managesieve: Server-side mail filtering and vacation messages PHP and Roundcube Config automatically configured for a typical Mac installation sqllite database – we no longer use Postgres Integration with the Mail Service running on OS X Server
-
Configure An Open Directory Master In OS X Yosemite Server
Open Directory has never been so easy to setup for a basic environment as it is in OS X Yosemite Server (OS X 10.10, Server app 4). It’s also never been so annoyingly simple to use that to do anything cool requires a bunch of command line foo. No offense to the developers, but this whole idea that the screens that were being continually refined for a decade just need to be thrown out and started fresh seems to have led to a few babies thrown out along with them. Not often as I’m kinda’ digging most of the new config screens in OS X Yosemite Server, but with Open Directory, it’s…
-
Use Server Admin Web Modules In Mavericks Server
Since the early days, OS X Server has supported performing the serveradmin commands through a web interface. This interface was accessible at the address of the server followed by a colon and then 311 in a web browser. This feature was disabled by default in Mountain Lion. But fear causes hesitation, and hesitation will cause your worst fears to come true, so we’re going to turn it back on here in Server 3. To enable, use the following command: sudo defaults write /Library/Preferences/com.apple.servermgrd requireUserAgent -bool false Once done, open https://127.0.0.1:311 in a web browser, or replace 127.0.0.1 with the address of the server if accessing from another location. This is…
-
Configure DHCP in Mavericks Server
DHCP, or Dynamic Host Control Protocol, is the service used to hand out IP addresses and other network settings by network appliances and servers. The DHCP Server built into OS X Server 3, installed on Mavericks Server is easy-to-use and fast. It’s pretty transparent, just as DHCP services should be. To install the service, open the Server app and then click on the Show button beside Advanced in the server sidebar. Then click on DHCP. At the DHCP screen, you’ll see two tabs: Settings, used for managing the service and Clients, used to see leases in use by computers that obtain IP address information from the server. You’ll also see…