Open Directory has never been so easy to setup for a basic environment as it is in OS X Yosemite Server (OS X 10.10, Server app 4). It’s also never been so annoyingly simple to use that to do anything cool requires a bunch of command line foo. No offense to the developers, but this whole idea that the screens that were being continually refined for a decade just need to be thrown out and started fresh seems to have led to a few babies thrown out along with them. Not often as I’m kinda’ digging most of the new config screens in OS X Yosemite Server, but with Open Directory, it’s…
-
-
Chapter 4 of Take Control of OS X Server Now Available
The chapters from my upcoming Take Control book keep rolling into the TidBits website. The next installment is Chapter 4: Directory Services, which can accessed at http://tidbits.com/article/14821. Hope you enjoy!
-
Configure A Mavericks File Server
File Services are perhaps the most important aspect of any server because file servers are often the first server an organization purchases. There are a number of protocols built into OS X Mavericks Server dedicated to serving files, including AFP, SMB and WebDAV. These services, combined comprise the File Sharing service in OS X Mavericks Server (Server 3). File servers have shares. In OS X Mavericks Server we refer to these as Share Points. By default: File Sharing has some built-in Share Points that not all environments will require. Each of these shares is also served by AFP and SMB, something else you might not want (many purely Mac environments…
-
Manage Groups In Mavericks Server
There are a number of ways to create groups in OS X Mavericks Server (Server 3). The first is using the Server app, the second is using Workgroup Manager (which could be running on an older operating system and connecting to the Mavericks Server in question), the third is using the Users & Groups System Preference pane and the fourth is using the command line. In this article we will look at creating groups in the Server app. Once a server has been an Open Directory Master all user and group accounts created will be in the Local Network Group when created in Server app. Before that, all user and…
-
Configure Open Directory Replicas In Mavericks Server
Yesterday we looked at setting up an Open Directory Master in OS X Mountain Lion Server. An Open Directory Replica keeps a copy of the Open Directory database available for users even when the Master goes offline. But it can also take a part of the load from the Open Directory Master and when using the new Locales feature, balance network traffic. To get started with an Open Directory Replica, first enable SSH, now disabled by default. Next, use the changeip to check the host name. While the Server app is cool, it caches stuff and I’ve seen it let things go threat shouldn’t be let go. Therefore, in order…
-
“Address already in use” When Trying To Bind Open Directory Master
From time to time you’ll see an error that “daemon: bind(8) failed errno=48 (Address already in use)” when trying to promote a Mac OS X Server to be an Open Directory Master. The address in question is usually fine and the DNS usually checks clean with changeip: changeip -checkhostname However the error recurs no matter what you do, even if you try and change the name of the Open Directory Master or the address you still usually end up seeing the same error. If it isn’t the address or the name then could it be the port? If you run lsof to see about that whole ldap port: lsof -i…
-
Resolve “rootDSE not found” Error in Open Directory
Occasionally, when we go to install an Open Directory Replica for a new Open Directory environment, where the Master is running 10.8.4 we run into an error that: NSMutableDictionary *_getRootDSE(const char *): rootDSE not found At the GUI this just looks like: This could mean that you need to check the SSL box in the Directory Utility for the replica. You’ll know that’s the case if the Replica appears in the Server app but is still throwing errors when trying to work. This could also be an issue where the Master can’t get a version or the DSE from the Master. Assuming you already checked IP/DNS, let’s see if the…
-
Find The Search Base In OS X Server
Once upon a time, Server Admin was a tool that allowed Admins of OS X Server to look at settings for an OS X Server using a graphical tool. As Server Admin is no longer being used, we frequently find there are certain settings we need to find in the replacement Server app that just aren’t in graphical tools any longer. One of the settings that you need when integrating other systems is the search base. This defines the location that searches start when queries against the directory tree are run. When other systems are integrated into Open Directory they need to use this to be able to enumerate information…
-
Recovering Open Directory Databases
Every now and then I see an Open Directory database that’s gotten corrupt for one reason or another. To be more specific, while I see Kerberos get wonky and password server issues from time to time, every now and then I see the actual LDAP database throw errors like this one, when checked with slapd: /usr/libexec/slapd -Tt Corruption usually looks a little something like this: 51890ba0 ldif_read_file: checksum error on "/var/db/openldap/openldap-data/cn.bdb" 51890ba0 bdb_monitor_db_open: monitoring disabled; configure monitor database to enable config file testing succeeded If the bdb (Berkeley Database) files can’t be read in properly then you can do a sanity check with slaptest to see if there are other…