Binding AD to OD server

Similar Messages

• Lion Clients 10.7.4 show network accounts are unavailable and server is not responding when binding to Snow Leopard server 10.6.8

  Hello,
  I am running Snow Leopard Server 10.6.8 and my clients are Lion 10.7.4.  While testing I had no issues binding 10.7.4 to our 10.6.8 server's OD.  I created a 10.7.4 image to push to all of our machines and in the beginning of last week I was able to push the image and get the machines to bind with OD and apply preferences on these machines through workgroup manager.  Towards the end of the week though this stopped working.  Now any time I bind a 10.7.4 client to OD it allows me to perform an authenticated bind and the machine shows up in workgroup manager but immediatley after binding the client the status jelly next to the OD server in the directory list is red and says "This server is not responding".  If I reboot the client I get a notification that "Network accounts are unavailable" at the login screen.  My preferences from workgroup manager are also not applying, which is my main concern because without workgroup manager my mac server is somewhat pointless as we use it for very little else. 
  I've since tried to bind a snow leopard machine (10.6.8) and this still is working with a green status jelly.  I've also built a lion machine from scratch, updated to the 10.7.4 combined update and am still getting the same issue where it shows the server is not responding when binding to OD.  I then applied the subsiquent OS update after the 10.7.4 combined update but the problem still persists.
  Is anyone else having this issue?  Any help would help me keep my sanity.
  Thanks,
  Dane

  Have you had any luck finding a solution to this?  The only thing I have found was to unbind and then bind without authentication.  Any help with progress on your end would be appreciated!
  Nick.

• Error using bind variables with SQL server with SQL92 mode

  I am using 2 bind variable in my VO (JDBC positional) . The mode is SQL 92 for ADF BC. I do not use the bind variable directly but in a view criteria. I see following error in the logs.
  The logs show the query executed and error.  I tried both ways - making bind variable required and not required. I have set -Djbo.SQLBuilder=SQLServer property. My other page works which has an updatable VO.
  JDEV version is - JDEVADF_11.1.1.7.0_GENERIC_130226.1400.6493
  <ViewObjectImpl> <getQueryHitCount> [4567] Estimated Row Count for ViewObject: [oracle.epm.fm.bc4j.queries.admin.UserOnSystemROVO]AdministrationAM.UserOnSystemROVO1, Query Statement:
  <ViewObjectImpl> <getQueryHitCount> [4568] "SELECT count(1) FROM (SELECT * FROM (SELECT
      TABLE1.SUSERNAME USERNAME,
      TABLE2.SMODULENAME MODULENAME,
      TABLE2.LACTIVITYCODE ACTIVITYCODE,
      TABLE2.DSTARTTIME STARTTIME,
      TABLE2.SSERVERNAME SERVERNAME,
      TABLE2.SAPPNAME APPNAME,
      TABLE2.LSESSIONID SESSIONID,
      TABLE2.LSESSIONSTATUS SESSIONSTATUS,
      TABLE2.LUSERID USERID,
      TABLE2.DSTILLALIVETS STILLALIVETS,
      TABLE2.LTASKID TASKID,
      TABLE2.SACTIVITYDESC ACTIVITYDESC,
      TABLE1.LUSERID USERID1,
      TABLE1.SUSERDESC USERDESC
  FROM
      TABLE2 TABLE2,
      TABLE1 TABLE1
  WHERE
      TABLE2.LUSERID = TABLE1.LUSERID) QRSLT  WHERE ( ( ( ( UPPER(SERVERNAME) = UPPER(?)  )  OR  ( ? IS NULL ) ) AND ( ( UPPER(APPNAME) = UPPER(?)  )  OR  ( ? IS NULL ) ) ) )) ESTCOUNT"
  <ViewObjectImpl> <getQueryHitCount> [4569] Bind params for ViewObject.getQueryHitCount: UserOnSystemROVO1
  <ViewRowSetImpl> <doSetWhereClauseParam> [4570] UserOnSystemROVO1 ViewRowSetImpl.doSetWhereClause(0, null, null)
  <ViewRowSetImpl> <doSetWhereClauseParam> [4571] UserOnSystemROVO1 ViewRowSetImpl.doSetWhereClause(1, null, null)
  <ViewRowSetImpl> <doSetWhereClauseParam> [4572] UserOnSystemROVO1 ViewRowSetImpl.doSetWhereClause(4, null, null)
  <ViewRowSetImpl> <doSetWhereClauseParam> [4573] UserOnSystemROVO1 ViewRowSetImpl.doSetWhereClause(5, null, null)
  <ViewRowSetImpl> <doSetWhereClauseParam> [4574] UserOnSystemROVO1 ViewRowSetImpl.doSetWhereClause(2, null, null)
  <ViewRowSetImpl> <doSetWhereClauseParam> [4575] UserOnSystemROVO1 ViewRowSetImpl.doSetWhereClause(3, null, null)
  <ADFLogger> <addContextData> Estimated row count
  <BaseSQLBuilderImpl> <bindParamValue> [4576] Binding null of type 12 for 1
  <BaseSQLBuilderImpl> <bindParamValue> [4577] Binding null of type 12 for 2
  <BaseSQLBuilderImpl> <bindParamValue> [4578] Binding null of type 12 for 3
  <BaseSQLBuilderImpl> <bindParamValue> [4579] Binding null of type 12 for 4
  <BaseSQLBuilderImpl> <bindParamValue> [4580] Binding null of type 12 for 5
  <ViewObjectImpl> <getQueryHitCount> [4581] ViewObjectImpl.getQueryHitCount failed...
  <ViewObjectImpl> <getQueryHitCount> [4582] java.sql.SQLException: [FMWGEN][SQLServer JDBC Driver]Invalid parameter binding(s).
    at weblogic.jdbc.sqlserverbase.dda4.b(Unknown Source)
    at weblogic.jdbc.sqlserverbase.dda4.a(Unknown Source)
    at weblogic.jdbc.sqlserverbase.dda3.b(Unknown Source)
    at weblogic.jdbc.sqlserverbase.dda3.a(Unknown Source)
    at weblogic.jdbc.sqlserverbase.ddb8.a(Unknown Source)
    at weblogic.jdbc.sqlserverbase.ddb9.a(Unknown Source)
    at weblogic.jdbc.sqlserverbase.ddb9.setNull(Unknown Source)
    at weblogic.jdbc.wrapper.PreparedStatement.setNull(PreparedStatement.java:622)
    at oracle.jbo.server.BaseSQLBuilderImpl.bindParamValue(BaseSQLBuilderImpl.java:2215)
    at oracle.jbo.server.BaseSQLBuilderImpl.bindParametersForStmt(BaseSQLBuilderImpl.java:3687)
    at oracle.jbo.server.ViewObjectImpl.bindParametersForCollection(ViewObjectImpl.java:22684)
    at oracle.jbo.server.ViewObjectImpl.getQueryHitCount(ViewObjectImpl.java:4944)
    at oracle.jbo.server.ViewObjectImpl.getQueryHitCount(ViewObjectImpl.java:4857)
    at oracle.jbo.server.QueryCollection.getEstimatedRowCount(QueryCollection.java:4204)
    at oracle.jbo.server.ViewRowSetImpl.getEstimatedRowCount(ViewRowSetImpl.java:2677)
    at oracle.jbo.server.ViewObjectImpl.getEstimatedRowCount(ViewObjectImpl.java:10632)

  After making all the bind variables not required, the error is no longer coming.

• How to programmatically Deploy Library of Variables binded to Custom IO Server?

  Hello,
  I'm developing an application where I've created a Custom Periodic IO Server  doing  special custom scaling of values read from  CompactFieldPoint module.  Then I've created a Library of Network-Published variables, where each variable is binded to a different item on Custom Server.
  Now I want to do a programmatic deployment of server and variable library at the start-up of application,because I need the customer to get a list of all variables from variable library to select which one he will be using in a measurement. The idea is to set various properties of selected variables, like enable logging, set alarm values etc. I can get a list of variables only from deployed libraries.
  The problem is that I can not deploy a library of binded variables neither with Deploy Library.vi or Libraryeploy method. I receive an error code 1, Invoke Node in PRC_Deploy.vi->Deploy Library.vi<APPEND>
  If I manually deploy the same library from Project Explorer, everything works as expected and no error is thrown. I'm using DSC 8.0.1 on XP Prof
  Can you give me some tips or advise how to achieve this. Is this approach OK or do you have better idea?
  Thank you,
  Roman

  Hello,
  I found the answer to my own question. Solution is very simple. When you create a data binding on a shared variable, you need to browse for item in Network Items and not on Project Items, doesn't matter if item is actually inside the same project.
  This solve my problem and I can now successfuly deploy library using Deploy Library.vi
  So far, my problems are solved, until the next one, of course
  Good luck,
  Roman

• How to bind flash to sql server DB or any DB?

  hi everyone
  i have searched a lot in the net and haven't found what i am looking for so i though asking you nice people out there.im working on a project, in which i need to bind my flash to SQL server data base and i don't know how.
  what i want to do is: i have this "text area component" / "text input component" on the stage and i want the text written in it passed to a SQL server data base(be saved in the DB table). and also i want to dynamically show content of the database(mainly texts) on the stage(which i think i should use dynamic text for it ).
  please can anyone help? im in urgent need of that.
  thanks in advanced.

  I am not familiar with working with an sql server, but the way to get Flash interacting with a database is to have a server-side script, such as PHP, acting as the middle man for sending and receiving data between Flash and the DB.
  Here's a link to a tutorial showing how to have Flash work with a MySQL DB with PHP...
  http://www.gotoandlearn.com/play?id=20

• OS X Server 10.9.x Client will not bind to LDAP/OD Server 10.9.x

  I've done multiple server updates, installs etc. with no luck.
  I cannot get OS X Maverick 10.9.x clients to bind to a OS X Server Maverick 10.9.x Open Directory LDAP. I've tried clients & server installs of 10.9.1 , .2, & .3 with no luck. When I go to bind I get the mesage seen below. I know it's connecting because if I pruposly put in a wrong password for the "diradmin" user it tells me that credentials are wrong. If I put in the correct password I get this message.
  The funny thing is that I still have setup two test servers with 10.7 & 10.8 server and clients of all version bind like they should. The issue is only with Mavericks Server 10.9.x
  With searching around in Apple Disscussions I've seen articles that talk about changing DNS to the Mac Server which has not helped me plus we have DNS server in our network already so I do not wish to add more.
  Anyone else having this issue?
  Thank you!

  Many Open Directory problems can be resolved by taking the following steps. Test after each one, and back up all data before making any changes.
  1. The OD master must have a static IP address on the local network, not a dynamic address.
  2. You must have a working DNS service, and the master's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. On the Accessing your Server sheet, change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.
  3. The primary DNS server used by the master must be 127.0.0.1 (that is, itself) unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.
  4. Follow these instructions to rebuild the Kerberos configuration on the master.
  5. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases.
  6. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.
  7. Reboot the master and the clients.
  8. Don't log in to the server with a network user's account.
  9. Export all OD users, delete them, turn off OD, turn it back on, and import. Ensure that the UID's are in the 1001+ range.

• LDAP binding to OSX4.7 server  - Tiger vs. Panther.

  For the purpose of re-imaging, I am in the process of creating disk images to be deployed from external firewire drives as well as Netinstall onto all my clients over the summer. Due to the fact that some of my clients are incapable of running OSX4 Tiger (no firewire, as well as other hardware limitations), I am creating two disk images - one "Full Tiger" and one "Limited Panther".
  I have ran into problems with the LDAP settings for my two images: The Tiger image (OSX4.6) connects fine to the Open Directory (OSX Server 4.7) server, but the Panther image (OSX 3.9) doesn't. I have been rummaging around in all the nooks and crannies of the LDAP settings and they seem to be set identically in the two images, but yet, the Panther image does not bind to OD.
  Are there substantial differences in how Panther and Tiger connect, beyond basic settings, via LDAP to OD OSX.4 server that I may be unaware of?
  I already tried to delete and recreate the LDAP connection details on the Panther.
  Thanks.
  Sigurd
  Panther Tiger Mac OS X (10.4.6) LDAP Bindings

  Got some help from my IT Dept. and they took care of it.

• Authenticated Bind succeeds but "This server is not responding"

  Hey everyone,
  I have a "from scratch"  magic triangle setup. AD has 2 DC's in a domain named domain.priv, 1 Lion (10.7.4) OD server successfully bound to AD and authentication is working flawlessly and fast! There are a handful of clients running SL which have mobile homes. There are also a handful of Lion clients with mobile homes.  DNS is running on AD.
  Here's the rub. I can bind the SL clients to AD and OD just fine.  I do an authenticated bind to OD so that it creates the computer record.  On the Lion clients I bind them to AD without a problem and OD without and error message however once I bind Directory Utility has a red light stating "This server is not responding".  Search paths are correct, pinging works the server works. Because authentication and mobile homes are working I think it's fairly safe to assume DNS is setup properly.
  For clarification, I have a script that does the binding but I promise I've tried every available option in dsconfigldap without success.  I've obviously tried using the GUI as well with no luck.  I've tried turning on SSL and no SSL.  I've tried enabling other security options without success as well. A work around I have found for the Lion clients was first do an authenticated bind to create the computer record and add it to appropriate computer groups then unbind the client and rebind UNauthenticated. Binding without authentication works perfectly and the client never loses contact with the OD server.
  The reason I am posting this problem is because I am finally getting around to adding a secondary OD server for replication. I do not have the option to do an unauthenticated bind with OS Server and I have not found a way to successfully setup a replica without binding first, obviously.
  I will post log files as needed but I have not found anything that is out of the ordinary except for:
  9/20/12 7:34:16.560 PM servermgrd: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
  9/20/12 7:34:16.562 PM servermgrd: -[PasswordServerPrefsObject loadXMLData]: Unable to locate passwordserver config record's plist attribute: -1 Can't contact LDAP server
  9/20/12 7:34:16.564 PM servermgrd: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
  9/20/12 7:34:16.567 PM servermgrd: -[PasswordServerPrefsObject saveXMLData]: ldap_modify_ext_s of the passwordserver config record's plist attribute: -1 Can't contact LDAP server
  It goes on like that...
  Also, IPv6 is not setup on the AD DNS servers. Not sure that matters but I figured I should put it out there.
  Any help or ideas of where to look would be greatly appreciated!  Thanks!
  Nick.

  I ended up opening a ticket with Apple and the cause has been identified and even a "fix"!
  Turns out that I skipped a vital step prior to binding to AD or setting up the OD Master; preparing the server to connect to another directory.
  It's necessary to go to Server Admin, select Open Directory, Settings, then Change. Select "Connect to another directory" and then continue. After that the normal steps should be taken; Connect to AD with Directory Utility and then Create Open Directory Master with Server Admin.
  Since I have a test enviroment that consists of 1 week old backups of the AD Domain Controllers and OD Master I decided to destroy the current OD and start over and testing this out.  Guess what? Everything works as it should. Bount a couple of Lion clients, tested management, and even created a replica with the GUI!
  Here's the rub...
  In order to keep my current environment in tact (computers and computer groups) I exported all of the computers and computer groups from WGM prior to destroying the Open Directory Master. Once I completed setting everything up and created a new Directory Master I reimported the archive. With this method all currently I was back to square one. SL clients were bound, I could unbind and re-authenticaed bind with no problems. Lion clients however, had the same issue, could not bind with authentication. Fail.
  I also tried exporting the computers and computer groups from WGM prior to destroying the Master. Set everything back up, imported the computers and computer groups. Nice part is that new binds both SL and Lion work wonderfully. However, any machines that were already bound don't work. I assume this is because even though the Kerberos realm has the same name, there has to be some differences in hash or whatever else Kerberos is using for encryption. There are log entries telling me about all the computers trying to connect that the server can't find in it's database.
  Where to go from here?
  Not sure. How do I find out what is broken in the Archive? I know that 10.7 took out the option of -merge in slapconfig which may or may not have worked here. Knowing what the "Connect to another directory" option in Server Admin is doing would help out greatly. Not knowing why that simple step does changes everything is deflating to say the least.
  I should be talking to an Apple Engineer tomorrow. I will post back.
  Nick.

• Patch for Bind on OS X server 10.3.9 ?

  Where can I find the patch for Bind for my OS X server 10.3.9 (we have 9.3.4-1) ?

  Or better yet, see if you can get shasum working,
  http://search.cpan.org/~mshelor/Digest-SHA-PurePerl-5.47/shasum
  http://search.cpan.org/src/MSHELOR/Digest-SHA-PurePerl-5.47/shasum
  You'll need to use CPAN to get Digest::SHA installed,
  which (if you've not used CPAN before) will be an adventure in itself.
  An absolutely necessary one. If you want to be empowered to have the option to handle a matter such as this on your own (a worthy goal !!), then using CPAN should already be part of your toolkit.
  From there, put shasum in (for example) /usr/local/bin
  Then you can use
  /usr/local/bin/shasum -a 512 /Users/yournamehere/Downloads/bind-9.4.2-P1.tar.gz

• Bind Mavericks to Windows Server 2012 R2 domain

  I have a Windows 2012 R2 domain controller (only one in the domain) with the forest and domain in native (not mixed) mode.
  I am trying to bind a Mavericks Macbook Pro to the domain.
  I have checked that I can ping the domain and domain controller by name and IP address.
  I have set the NTP on the Macbook to use the domain controller as the time source.
  I even set the "Prefer this domain server" to the domain controller.
  When I attempt bind the Macbook, the time tested message of "Authentication server could not be contacted."
  Any suggestions?  Something about Windows Server 2012 R2 that I am missing?  I admit that I am just learning Windows
  Server 2012 R2, so it is possible my lack of knowledge of it is the adding to the problem.
  Thank you in advance!

  I have 3 Server 2012 DC's here on my network.  No issues binding Macs to the DC.  I haven't had the time to roll out R2 DCs yet, but will be doing so shortly as I am now done with some other upgrades.  I would roll out one right now so I can test this for you, but don't have the time...sorry man.
  One of the most important thing with AD is DNS.  1 of my 3 AD's is my DNS and DHCP server.  I have not had to mess with any special settings, just let my Mac get it's IP from the DC and then bind away.  Are your windows machines (if you have any) on the same LAN able to bind?  Also make sure the account you are logged into the mac with is an Admin on the local mac. 
  Remove all the custom info you put in, keep it simple, I have never had to fill in any of those details, and make sure you use the FQDN of your DC (host.domain.com).  Once you put in the FQDN, does the utility recognize the Domain and then ask for the AD admin credentials?  If yes, then thats a good sign. 
  Let me know if it's still not working.  Also make sure you are using the correct login and password, the admin of your DC. 
  Is your DC virtual or Physical?  Do you have the firewall enabled on your DC?  Are you using wireless or wired? 
  I'm sure you will get this... S12R2 is really sweet, all my Hyper-V hosts are S12R2. 

• Rc.local script to bind and add ldap server

  Greetings All,
  For the past few years, I've used the script below to bind and add authentication servers to my client machines. The process is simple enough, copy the rc.local script (ref'd below) to /etc/ as root and reboot the client. The problem now, is I don't know if this will work in 10.6. As I read this script, I realized there have been enough changes in location of files and file names between 10.5 and 10.6 that this script isn't going to work.
  My question to you guys is this: Is anyone else taking care of their binding/auth services in a similar manner? If so, would you mind sharing the script you're using?
  Thanks,
  -dave
  Here's mine:
  #!/bin/sh
  # WARNING -- REMEMBER TO UNCOMMENT THE SELF-DELETING LINE!
  #Site and/or District-specific Variables
  #Local Admin in Image
  LOCADMIN="tech" # Local admin user in your image
  LOCPASSWD="techpwd" # Local admin password in your image
  #Open Directory
  ODSITESERVER="odr1.mydomain.edu" # FQDN of the Open Directory Server
  ODADMIN="diradmin" # Directory Admin for Open Directory
  ODPASSWD="diradminpwd" #Password for OD Directory Admin
  ### DO NOT EDIT BELOW THIS LINE!
  OSMAJORVER=`sw_vers | grep ProductVersion | awk '{print $2}' | cut -c 1-4`
  ENETADDRESS=`ifconfig en0 | grep ether | awk '{print $2}'`
  #Give the network time to come online
  logger "Sleeping 30 seconds"
  sleep 30
  #Set Date and Time
  case $OSMAJORVER in
  10.3) date > /Library/Logs/binder.log 2>&1
  /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-panther -setusingnetworktime off >> /Library/Logs/binder.log 2>&1
  /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-panther -setusingnetworktime on >> /Library/Logs/binder.log 2>&1
  date >> /Library/Logs/binder.log 2>&1 ;;
  10.4) date > /Library/Logs/binder.log 2>&1
  /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-tiger -setusingnetworktime off >> /Library/Logs/binder.log 2>&1
  /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sys temsetup-tiger -setusingnetworktime on >> /Library/Logs/binder.log 2>&1
  date >> /Library/Logs/binder.log 2>&1 ;;
  10.5) date > /Library/Logs/binder.log 2>&1
  /usr/sbin/systemsetup -setusingnetworktime off >> /Library/Logs/binder.log 2>&1
  /usr/sbin/systemsetup -setusingnetworktime on >> /Library/Logs/binder.log 2>&1
  date >> /Library/Logs/binder.log 2>&1 ;;
  esac
  #Set Bonjour and Computer Names
  # logger "Setting Bonjour and Computer Names"
  # SERIALNUMBER=`ioreg -l |grep IOPlatformSerialNumber | awk '{print $4}' | cut -d \" -f 2`
  # SECONDOCTET=`ifconfig -a | grep inet | grep -v inet6 | awk '{print $2}' | grep ^10\. | head -n 1 | awk 'BEGIN {FS="."}; { printf "%03d", $2 }'`
  # COMPUTERID="A""$SECONDOCTET""$SERIALNUMBER"
  # logger "Computer name is $COMPUTERID"
  # scutil --set LocalHostName "$COMPUTERID"
  # scutil --set ComputerName "$COMPUTERID"
  # sleep 3
  #Set the Open Directory Server we are binding to based on the second octet of the IP address received from the DHCP lease
  # case $SECONDOCTET in
  # 002|005|047|110|112|115|119|121|123|128|133|153|241|247|250|251|253) ODSITESERVER="a941wgm.austinisd.org" ; RING="A1N";;
  # 009|045|046|052|053|107|109|117|131|132|138|144|151|154|155|179) ODSITESERVER="a117wgm.austinisd.org" ; RING="B1N";;
  # 004|006|010|048|055|056|102|106|118|129|141|149|152|157|159|161|163|164|165|178 |189|244|249) ODSITESERVER="a006wgm.austinisd.org" ; RING="C1N";;
  # 003|012|015|044|051|105|108|111|116|122|124|125|126|127|139|142|145|150|245) ODSITESERVER="a044wgm.austinisd.org" ; RING="D1N";;
  # 007|043|049|058|103|104|114|140|146|160|162|168|171|174|175|176|185|190|246|101 ) ODSITESERVER="a007wgm.austinisd.org" ; RING="B1S";;
  # 101) ODSITESERVER="a007wgm.austinisd.org" ; RING="B2S";;
  # 008|013|017|054|059|061|120|130|136|147|156|166|172|173|182|184) ODSITESERVER="a008wgm.austinisd.org" ; RING="C1S";;
  # 057|060|113|143|148|158|170|180|181|183|248) ODSITESERVER="a008wgm.austinisd.org" ; RING="C2S";;
  # *) ODSITESERVER="a000wgm.austinisd.org" ; RING="A0N";;
  # esac
  #Remove Existing Directory Services Config
  logger "Removing existing DS Config"
  rm -R /Library/Preferences/DirectoryService/ActiveDirectory*
  rm -R /Library/Preferences/DirectoryService/DSLDAPv3PlugInConfig*
  rm -R /Library/Preferences/DirectoryService/SearchNode*
  rm -R /Library/Preferences/DirectoryService/ContactsNode*
  rm -R /Library/Preferences/edu.mit.*
  rm -R /etc/krb5.keytab
  #Enable and disable appropriate plugins
  case $OSMAJORVER in
  10.3) defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Inactive" >> /Library/Logs/binder.log 2>&1
  defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" "Active" >> /Library/Logs/binder.log 2>&1
  defaults write /Library/Preferences/DirectoryService/DirectoryService "AppleTalk" "Inactive" >> /Library/Logs/binder.log 2>&1
  defaults write /Library/Preferences/DirectoryService/DirectoryService "SLP" "Inactive" >> /Library/Logs/binder.log 2>&1
  defaults write /Library/Preferences/DirectoryService/DirectoryService "BSD" "Inactive" >> /Library/Logs/binder.log 2>&1
  defaults write /Library/Preferences/DirectoryService/DirectoryService "SMB" "Inactive" >> /Library/Logs/binder.log 2>&1
  plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist >> /Library/Logs/binder.log 2>&1 ;;
  10.4) defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Inactive" >> /Library/Logs/binder.log 2>&1
  defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" "Active" >> /Library/Logs/binder.log 2>&1
  defaults write /Library/Preferences/DirectoryService/DirectoryService "AppleTalk" "Inactive" >> /Library/Logs/binder.log 2>&1
  defaults write /Library/Preferences/DirectoryService/DirectoryService "SLP" "Inactive" >> /Library/Logs/binder.log 2>&1
  defaults write /Library/Preferences/DirectoryService/DirectoryService "BSD" "Inactive" >> /Library/Logs/binder.log 2>&1
  defaults write /Library/Preferences/DirectoryService/DirectoryService "SMB" "Inactive" >> /Library/Logs/binder.log 2>&1
  plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist >> /Library/Logs/binder.log 2>&1 ;;
  10.5) defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Inactive" >> /Library/Logs/binder.log 2>&1
  defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" "Active" >> /Library/Logs/binder.log 2>&1 ;;
  esac
  #Copy in updated ldap.conf file for Leopard machines, which disables the verification of SSL certs used for LDAP Authentication
  case $OSMAJORVER in
  10.5) cp /etc/ldap.conf-leopard /etc/openldap/ldap.conf ;;
  esac
  #Kill Directory Services and respawn to return to DS Defaults
  logger "Respawning DS"
  killall -9 DirectoryService
  #Running "id" triggers a DS Respawn
  id "$LOCADMIN" >> /Library/Logs/binder.log 2>&1
  sleep 3
  #Fix SearchNode plist
  case $OSMAJORVER in
  10.3) logger "Disabling LDAP via DHCP"
  defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "DHCP LDAP" -dict "/Sets/0" -bool FALSE >> /Library/Logs/binder.log 2>&1
  plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist >> /Library/Logs/binder.log 2>&1
  killall -9 DirectoryService >> /Library/Logs/binder.log 2>&1
  sleep 3 ;;
  10.4) logger "Disabling LDAP via DHCP"
  defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "DHCP LDAP" -dict "/Sets/0" -bool FALSE >> /Library/Logs/binder.log 2>&1
  plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist >> /Library/Logs/binder.log 2>&1
  killall -9 DirectoryService >> /Library/Logs/binder.log 2>&1
  sleep 3 ;;
  esac
  #Configure LDAPv3 Plugin -- fix with site-specific data
  logger "Configuring LDAPv3 Plugin"
  case $OSMAJORVER in
  10.4) dsconfigldap -v -l "$LOCADMIN" -q "$LOCPASSWD" -a "$ODSITESERVER" -n "Open Directory" >> /Library/Logs/binder.log 2>&1 ;;
  10.5) dsconfigldap -v -l "$LOCADMIN" -q "$LOCPASSWD" -a "$ODSITESERVER" -n "Open Directory" >> /Library/Logs/binder.log 2>&1 ;;
  esac
  sleep 3
  #Make sure we init DS and confirm connectivity to each LDAP directory
  logger "Checking OD Node Connectivity"
  date >> /Library/Logs/binder.log
  echo "Checking OD Node Connectivity" >> /Library/Logs/binder.log
  dscl localhost -list /LDAPv3/$ODSITESERVER/Groups >> /Library/Logs/binder.log 2>&1
  #Configure Search Path
  logger "Configuring Search Nodes"
  date >> /Library/Logs/binder.log
  echo "Configuring Search Nodes" >> /Library/Logs/binder.log
  dscl localhost -read /Search >> /Library/Logs/binder.log 2>&1
  case $OSMAJORVER in
  10.3) defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Policy" -int 3
  defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" -array "/LDAPv3/$ODSITESERVER"
  killall -9 DirectoryService ;;
  10.4) dscl /Search -append / CSPSearchPath "/LDAPv3/$ODSITESERVER" >> /Library/Logs/binder.log 2>&1
  dscl /Search -create / SearchPolicy CSPSearchPath >> /Library/Logs/binder.log 2>&1 ;;
  10.5) dscl /Search -append / CSPSearchPath "/LDAPv3/$ODSITESERVER" >> /Library/Logs/binder.log 2>&1
  dscl /Search -create / SearchPolicy CSPSearchPath >> /Library/Logs/binder.log 2>&1 ;;
  esac
  date >> /Library/Logs/binder.log
  echo "Confirming Search Nodes" >> /Library/Logs/binder.log
  dscl localhost -read /Search >> /Library/Logs/binder.log 2>&1
  #Remove any stale computer records from Open Directory
  logger "Removing stale computer records from OD"
  dscl /LDAPv3/"$ODSITESERVER" -search Computers ENetAddress "$ENETADDRESS" | awk 'BEGIN {FS="\t\t"}; { print $1 }' | while read COMPNAME
  do
  dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -delete Computers/"$COMPNAME" >> /Library/Logs/binder.log 2>&1
  done
  #Add computer record to Open Directory
  logger "Adding new Computer Record to OD"
  dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -create Computers/`scutil --get LocalHostName` ENetAddress "$ENETADDRESS" >> /Library/Logs/binder.log 2>&1
  #Add to designated computer list - this is ONLY for 10.4 server. This will need to be replaced for 10.5 server.
  COMPUTERGROUP="Unprovisioned" # Computer List
  logger "Adding to Computer List: $COMPUTERLIST"
  dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -create Computers/"$COMPUTERID" ENetAddress "$ENETADDRESS"
  dscl -u "$ODADMIN" -P "$ODPASSWD" /LDAPv3/"$ODSITESERVER" -append ComputerLists/"$COMPUTERGROUP" Computers "$COMPUTERID"
  #Refresh the MCX Cache
  logger "Refeshing the MCX Cache"
  case $OSMAJORVER in
  10.3) /System/Library/LoginPlugins/MCX.loginPlugin/Contents/MacOS/MCXCacher -f >> /Library/Logs/binder.log 2>&1
  /System/Library/LoginPlugins/MCX.loginPlugin/Contents/MacOS/MCXCacher >> /Library/Logs/binder.log 2>&1 ;;
  10.4) /System/Library/CoreServices/mcxd.app/Contents/Resources/MCXCacher -f >> /Library/Logs/binder.log 2>&1
  /System/Library/CoreServices/mcxd.app/Contents/Resources/MCXCacher >> /Library/Logs/binder.log 2>&1 ;;
  esac
  #Disable automatic login on the client
  defaults write /Library/Preferences/.GlobalPreferences com.apple.userspref.DisableAutoLogin -bool TRUE
  #Enable login hooks on the client
  case $OSMAJORVER in
  10.4|10.5) defaults write /var/root/Library/Preferences/com.apple.loginwindow EnableMCXLoginScripts -bool true
  defaults write /var/root/Library/Preferences/com.apple.loginwindow MCXScriptTrust Anonymous ;;
  esac
  #Enable Directory Services Status by default on loginwindow
  # case $OSMAJORVER in
  # 10.4|10.5) defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo DSStatus ;;
  #esac
  #Modify the binder log so that only admin viewers may access the file
  chmod u=rw,go= /Library/Logs/binder.log
  sleep 5
  #killall loginwindow
  sleep 5
  #Comment the lines below, until shutdown if you do not want the script to replace itself with a 30 second delay on startup to ensure the client receives a DHCP lease before loginwindow appears
  case $OSMAJORVER in
  10.3|10.4) echo sleep 30 > /etc/rc.local ;;
  *) srm /etc/rc.local ;;
  esac
  shutdown -r now
  #Exit
  exit 0

  The first thing I would verify is if you can connect and traverse your Active Directory/Domain Controller using Softerra's free ldap browser.
  1. Softerra ldap browser link
  http://download.softerra.com/files/ldapbrowser26.msi
  Put in the IP/hostname of the domain controller, use the same BASE DN, and user credentials that you used on the IronPort appliance.
  I would highly recommend that you create a separate account for the IronPort. (i.e. ironportldap). Do this so that you don't have to worry about accidentially resetting the password and then forgetting to update the IronPort appliance.
  2. Once you've verified that you can connect and see your tree, use the same settings from Softerra ldap browser and put them in the IronPort ldap interface.
  Try this for your Accept query string
  (|(mail={a})(proxyAddresses=smtp:{a}))
  3. If it still fails, enable the ldap debug log if you haven't already and paste in the error.
  We are trying to add an LDAP Server Profile but everytime we try to test the Accept Query we get an
  "Error - Error: configuration error" message.
  We are using AD, top of the tree for base DN. dc=domain, dc=local.
  We tried communicating with 2 different servers via telnet on ports 389, 3268, both are open.
  Tried port 389 and 3268, no SSL, Anynomous and User Password authentication methods.
  The error left us clueless since we followed the instructions on the user manual.
  For the accept query we tried this query string: (proxyAddresses=smtp:{a})
  Any ideas or pointers to what could be causing this are very appriciated.
  Thanks.
  Ed.

• Snow Leopard Client Dock Behavior & Binding to Snow Leopard Server

  Hi,
  I am at a loss on this issue. I am running a test server and client. I had bound my client to the server and was having difficulties with the dock settings on the client. I assumed it was a managed preferences issue on the server, so I checked all the ones I knew to check. It didn't appear that my client dock was being managed by my server. The problem was that the dock would switch from auto-hide to fixed and the preferences under dock could not be altered on the client.
  I've found that the only way to resolve this problem is to unbind the client from the server. Can anyone tell me what I need to be looking for within the server? Could there be an inherited preference from somewhere within the server?
  The other element to this is that this issue didn't arise until after I upgraded to 10.6.3. Prior the upgrade I was bound to the server, and the dock was fine. After the upgrade the dock preferences on the client were no longer able to be managed.
  I am new to server and need some help.
  Thanks

  Thanks!
  So, when I click Join..., type in the server, and then click on the Set Up Services button, I enter the username and password for the account I created on Snow Leopard Server. It switches the sheet to show that it's "Joining the server", and then fails with: "kGotAuthenticationFailure". The Password Service Server Log shows that is actually succeeded: "AUTH2: {0x4b5897f87cada0f20000001500000015, diana} DIGEST-MD5 authentication succeeded".
  If I actually enter an incorrect password, it right away gives me an "Authentication failed" message right below the password dialog in red.
  The console on the Snow Leopard client shows:
  10-01-21 11:10:16 AM System Preferences[248] -[ODCOSXServerJoinController(XSServiceDiscoveryProtocol) gotServicesInfo:fromServer:error:]: got error kGotAuthenticationFailure
  I don't see any other messages on the server that might explain this. Any ideas?
  This server was upgraded from Leopard Server, if that matters...

• Any idea on binding the iplanet directory server to portal server profile server.

  i need to know the functionality of profile server and LDAP server with respect to SUN one portal server

  Directory Server allows you to store, manage, and search for entries and their associated attributes in a number of different languages. An internationalized directory can be an invaluable corporate resource, providing employees and business partners with immediate access to the information they need in the languages they can understand.
  The directory supports all international characters set by default because directory data is stored in UTF-8.Further, Directory Server allows you to specify matching rules and collation orders based on language preferences in search operations.
  Note :
  You must use ASCII characters for attribute and object class names.
  visit this
  http://docs.iplanet.com/docs/manuals/directory/50/html/ag/i18n.htm#2835992

• How do I get OS X Lion workstation to bind to OS X Leopard Server?

  I encounter insurmountable error when trying to get my new mac mini to bind to my network server.
  Mac Mini running Mac OS X 10.7.2
  XServer running Mac OS X Server 10.5.8
  On the mini, when in System Preferences > Users & Groups and clicking Join... I type in the IP of my Server.  It firstly returns the message, "This server does not provide a secure (SSL) connection.  Do you want to continue?".
  After I click Continue it prompts for Client Computer ID (which I leave as the default).
  For User Name and Password I enter the Directory Admin details.
  It then returns the error, "Unable to add server.  Your account on the server does not have privileges to overwrite the computer record <computername>.  Please inform the server administrator.
  Any help would be gratefully received.

  Hi Tony,
  Thank you for your tip.
  Using Server Admin > OD > Settings > Policies > Binding, I have ensured that the 'Enable authenticated directory binding' option in unchecked.  Still no luck.
  I then used Directory Utility to add the server to the search path etc.  In System Preferences > Accounts > Login Options on the mini it now shows the correct address for the Network Acccount Server and a green light.  However, when I then try to login using a network account it simply pauses for a minute, then returns to the login prompt.
  I shall continue to try...

• Adding OSX server to AD--binding questions and server type

  Currently my Macs are simply bound to AD, but I am going to add ML server to the mix so I can simplify management. After all my reading I am still unsure what to do with my current clients. I know the server is bound to both AD and OD, but does each client need to be bound to both?
  Regarding the server type is, should my OD be a master, replica, or relay?

  Yes, you have to bind the client and server to both OpenDirectory and ActiveDirectory. The configuration is commonly called "Magic Triangle". You'll find lots of examples online under that moniker.