• Active Directory,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Destroy Open Directory Servers Using The Server App

    You can destroy an LDAP server using the Server app (and still using slapconfig -destroyldapserver). To do so, open the Server app and click on Open Directory. Then click on the Open Directory server in the list of servers. When prompted to destroy the LDAP Master, click on Next. When asked if you’re sure, click Continue. When asked if you’re really, really sure, click Destroy. Wait.

  • Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Setting Up An Open Directory Replica In Yosemite Server

    Previously, we looked at setting up an Open Directory Master in OS X Server. An Open Directory Replica keeps a copy of the Open Directory database available for users even when the Master goes offline. But it can also take a part of the load from the Open Directory Master and when using the new Locales feature, balance network traffic. To get started with an Open Directory Replica, first enable SSH, now disabled by default. Next, use the changeip to check the host name. While the Server app is cool, it caches stuff and I’ve seen it let things go threat shouldn’t be let go. Therefore, in order to make…

  • Mac OS X Server

    Promote A Replica To A Master In Mavericks Server

    You’ve got Open Directory running and humming beautifully in Mavericks Server (Server 10.9). You show up to work and the hard drive has died on that perfectly configured Open Directory Master. Luckily, you have a replica and you have an archive of your Master. You can restore or you can promote your Replica to a Master. What to do? Well, I can’t tell you what you should do, but I can tell you that Apple has planned for this. Here, we’re going to look at promoting that Replica to a Master. Because after all, hard drives fail. Let’s look at what all this looks like. Create An Open Directory Archive…

  • iPhone,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Integrating Mac OS X Lion Server's Profile Manager With Active Directory

    Over the years, the terms Magic, Golden, Triangle, Augments, Directory, Domains and Active have given the administrators of Mac OS X environments fits. So when you think about using Active Directory to manage iOS devices through the Profile Manager service, built into Lion Server, you may think that it’s a complicated thing to piece together. You may remember those days when you had to manually craft service principals because xgrid wouldn’t play nice with Acive Directory, or you might think of twisting augmented records to support CalDAV. But you’re gonna’ have to forget all that, ’cause getting Profile Manager to talk to Active Directory is one of the easiest things…

  • Active Directory,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Directory Services Scripting Changes in Lion

    opendirectoryd Scripting directory services events is one of the most common ways that the OS X community automates post-imaging tasks. As such, there are about as many flavors of directory services scripts are there engineers that know both directory services and have a little scripting experience. In OS X Lion, many aspects of directory services change and bring with them new techniques for automation. The biggest change is the move from DirectoryService to opendirectoryd. In Snow Leopard and below, when you performed certain tasks, you restarted the directory services daemon, DirectoryService. The same is true in Lion, except that instead of doing a killall on DirectoryService, you do it on…

  • Active Directory,  Mac OS X Server

    New GUI Directory Services Debug Tool

    DSDebug is a small, quick little tool that just puts a server into Directory Services debug mode, waits for a specified amount of time and then drops a file on your desktop with the logs, placing the server back into a non-Directory Services debug mode. That’s all. It’s mostly designed to send to an Open Directory server’s administrator, tell them to double-click on it and not have to step anyone through typing much. It waits mostly so you can know how long it’s going to wait… Nice, small and compact. In the future I will likely build in a pattern matcher with some known, common errors, color coding, etc (or…

  • Active Directory,  Mac OS X,  Mac OS X Server,  Mac Security

    Mac OS X Directory Services Plug-ins

    In a number of contexts, we hear about directory services plug-ins.  A directory services plug-in is a way for a Mac OS X computer to leverage the DirectoryServices daemon to obtain account information (be it authentication or policy information) from a server.  This might be an Active Directory server that uses the Active Directory Plug-in or an Open Directory server that uses LDAP. You disable plug-ins that you don’t need and enable plug-ins (ie Active Directory plug-in or third party plug-ins) that you need in order to access directory services of various types.  These  plug-ins are developed in the form of .dsplug files.  The default plug-ins that Apple includes with…

  • Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Mac OS X Server 10.5: Managed Preferences Update

    I originally posted this at http://www.318.com/TechJournal If you’re familiar with Managed Preferences in Tiger then you’re basically already familiar with Managed Preferences in Leopard Server. But there are some great new features that Apple has provided us with by popular demand. These include the following: Applications There are now more features to the Applications Managed Preference. You can allow or disallow applications by selecting them individually or a folder. This means that you can allow access to applications located in the /Applications folder but disallow all applications located in the /Applications/Utilities folder. There are also now controls for allowing specific widgets and disabling Front Row. Finder There are new options…

  • Mac OS X Server

    Kerberos Keys

    Kerberos uses keys to transmit information between hosts.  There are  session keys and service keys kept in the keytab file on the KDC.  The KDC (Key Distribution Center) then does out keys as needed.  To see the service keys: klist -k /etc/krb5.keytab