The command to create and tear down an Open Directory environment is slapconfig. When you disable Open Directory from the Server app you aren’t actually removing users. To do so, you’d use slapconfig along with the -destroyldapserver. When run, you get a little insight into what’s happening behind the scenes. This results in the following: bash-3.2# slapconfig -destroyldapserver The logs are as follows: 2015-09-08 04:17:58 +0000 slapconfig -destroyldapserver 2015-09-08 04:17:58 +0000 Deleting Cert Authority related data 2015-09-08 04:17:58 +0000 Removed directory at path /var/root/Library/Application Support/Certificate Authority/Krypted Open Directory Certificate Authority. 2015-09-08 04:17:58 +0000 command: /usr/sbin/xscertadmin add –reason 5 –issuer Krypted Open Directory Certificate Authority –serial 3449505949 2015-09-08 04:18:19 +0000 command:…
-
-
Setup The Contacts Server In OS X Server 5
OS X has an application called Contacts. OS X Server 5, running on Yosemite or El Capitan, has a service called Contacts. While the names might imply very different things that they do, you’ll be super-surprised that the two are designed to work with one another. The Contacts service is based on CardDAV, a protocol for storing contact information on the web, retrievable and digestible by client computers. However, there is a layer of Postgres-based obfuscation between the Contacts service and CardDAV. The Contacts service is also a conduit with which to read information from LDAP and display that information in the Contacts client, which is in a way similar to how the…
-
Install A vpptoken In OS X Server 5 for El Capitan and Yosemite
In order to use the Apple Volume Purchase Program, you will need an MDM solution (Profile Manager, Casper, MobileIron, Meraki, FileWave, etc). Also, token options were traditionally for one to one (1:1) environments until iOS 9, which marked a change where you can now leverage per-device licensing. This removes the requirement that you need an Apple ID running on each device that you choose to install apps on. Suddenly, VPP is for multi-tenant environments. You can also use codes and options for iOS 7 and up as well as OS X 10.9 and up, but those will use Apple IDs. Also, if you install your vpptoken on OS X Server and you’re running that…
-
Configure The Mail Service in OS X Server 5
Mail is one of the hardest services to manage. Actually, mail is pretty simple in and of itself: there’s protocols people use to access their mail (such as IMAP and POP), protocols used to communicate between mail servers and send mail (SMTP, SMTPS) and then there’s a database of mail and user information. In OS X Server 5 for El Capitan and Yosemite, all of these are represented by a single ON button, so it really couldn’t be easier. But then there’s the ecoysystem and the evil spammers. As a systems administrator of a large number of mail servers, I firmly believe that there is a special kind of hell where…
-
Configure Messages Server in OS X Server 5
Getting started with Messages Server couldn’t really be easier. Messages Server in the OS X Server 5 version of the Server app uses the open source jabber project as their back-end code base. The jabber binary is located at /Applications/Server.app/Contents/ServerRoot/private/var/jabberd directory and the autobuddy binary is at /Applications/Server.app/Contents/ServerRoot/usr/bin/jabber_autobuddy. The actual jabberd binary is also stored at /Applications/Server.app/Contents/ServerRoot/usr/libexec/jabberd, where there are a couple of perl scripts used to migrate the service between various versions as well. Setting up the Messages service is simple. Open the Server app and click on Messages in the Server app sidebar.  Click on the Edit… button for the Permissions. Here, define which users and interfaces are allowed…
-
Use SSH, ARD, SNMP, And The Server App Remotely on OS X Server 5
SSH allows administrators to connect to another computer using a secure shell, or command line environment. ARD (Apple Remote Desktop) allows screen sharing, remote scripts and other administrative goodness. You can also connect to a server using the Server app running on a client computer. To enable any or all of these, open the Server app (Server 5 for El Capitan and Yosemite), click on the name of the server, click the Settings tab and then click on the checkbox for what you’d like to enter. All of these can be enabled and managed from the command line as well. The traditional way to enable Apple Remote Desktop is using…
-
Upgrading To OS X Server (4.0) on Yosemite
Setting up OS X Server has never been easier. Neither has upgrading OS X Server. In this article, we’ll look at upgrading a Mac from OS X 10.8 or 10.9 running Server 2 or Server 3 to OS X 10.10 (Mavericks) running Server 4. The first thing you should do is clone your system. The second thing you should do is make sure you have a good backup. The third thing you should do is make sure you can swap back to the clone should you need to do so and that your data will remain functional on the backup. The fourth thing you should do is repeat all that…
-
Changing the Xcode Server Log Path in OS X 10.10 Yosemite Server
The logs in Xcode Server (Server 3) by default point to /Library/Server/XcodeLogs/credserver.log. This takes all of the output from xcscredd and xcscredhandler. If you’re doing a lot of debugging then logs can be pointed to another location, such as another drive. The path to the logs is defined in the /Applications/Server.app/Contents/ServerRoot/System/Library/LogConfiguration directory. The file to edit is a standard property list, XCSCredentialServer.plist: <?xml version=”1.0″ encoding=”UTF-8″?> <!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”> <plist version=”1.0″> <dict> <key>claimedFacilities</key> <array> <string>servermgrd</string> <string>servermgr-listener</string> <string>servermgr-notify</string> </array> <key>claimedSenders</key> <array> <string>servermgrd</string> <string>servermgr-listener</string> <string>servermgr-notify</string> </array> <key>logMaximumLevel</key> <string>debug</string> <key>logPath</key> <string>/Library/Server/Logs/servermgrd.log</string> </dict> </plist> Once open, look for a key called logPath. Change that to the desired path, such as /Volumes/MyDrive/Logs/credserver.log…
-
Use The FTP Server In OS X Yosemite Server
Yosemite Sam Server (Server 3.5 running on OS X Yosemite) sees little change with the FTP Service. Instead of sharing out each directory the new incantation of the FTP service allows administrators to share a single directory out. This directory can be any share that has previously been configured in the File Sharing service or a website configured in the Websites service. To setup FTP, first open the Server app and then click on the FTP service. Once open, use the Share: drop-down list to select a share that already exists (output of sharing -l basically) and click on one of the shares or Custom to create a new share…
-
Set Up The VPN Server and Client on Yosemite Server
OS X Server has long had a VPN service that can be run. The server is capable of running the two most commonly used VPN protocols: PPTP and L2TP. The L2TP protocol is always in use, but the server can run both concurrently. You should use L2TP when at all possible. Sure, “All the great themes have been used up and turned into theme parks.” But security is a theme that it never hurts to keep in the forefront of your mind. If you were thinking of exposing the other services in Yosemite Server to the Internet without having users connect to a VPN service then you should think again,…