Branch users in workgroup

Similar Messages

• I can't see system users in Workgroup Manager

  How do I get the user accounts that are already on Mac OS X Server to show up as users in Workgroup Manager? Re-adding the user from "Add User" creates a conflict, so I know the account is being seen by Workgroup Manager. Thanks for the help.

  Hi
  Yes. Firstly de-select the option to show System Users and Groups. Use the Filter to only show you Users with UIDs above a certain number. If you've used the default numbering system start with IDs over 1000. This gets around you inadvertently exporting and/or deleting the default Administrator account.
  Select the users you're interested in the Local node. Go the Server Menu and select Export. Save the exported file to the Desktop and give it a meaningful name. Now delete those exported users from the local node. You can't have the same users in both directory nodes. Select the LDAP node and select Import from the Server Menu. The rest should be fairly obvious.
  A couple of things to look out for. When importing those Users they should automatically be assigned Open Directory for their User Password Types in the Advanced Tab. Change them to suit if they come in as Crypt. Passwords don't carry over so you will have to either assign these again or force users to change them at next log on. Assuming these are users with networked home profiles?
  Tony

• Exporting users from Workgroup Manager to Excel

  Hi all,
  Just wondering if anyone knows of a way to export users from Workgroup Manager in a "normal" format, eg CSV or Excel etc? Or if a program exists to post-process the current exported file?
  The current file has bits like this in it:
  <key>kAPOPRequired</key>\
  <string>APOPNotRequired</string>\
  <key>kAltMailStoreLoc</key>\
  <string></string>\
  <key>kAttributeVersion</key>\
  <string>Apple Mail 1.0</string>\
  <key>kAutoForwardValue</key>\
  <string></string>\
  <key>kIMAPLoginState</key>\
  <string>IMAPAllowed</string>\
  <key>kMailAccountLocation</key>\
  Which I would like to remove, or put into various columns in Excel.
  Sadly we are moving to Windows, so I need to get everything out of OD into a format that can be imported into AD. So basically a spreadsheet with firstname, lastname, email address, location/address, group memberships etc etc.
  Any help appreciated

  Thanks Andbrowny
  I gave it a go, but got a strange error, does this mean anything to you?
  admin$ sudo ldapsearch -LLL -H ldap://127.0.0.1 -b "cn=users,dc=my,dc=domain,dc=net" > userexport.ldif
  Password:
  SASL/GSSAPI authentication started
  ldapsasl_interactive_binds: Local error (-2)
  additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No credentials cache found)
  I suspect my OD is screwed, as slapd maxes out all 8 cores every few days, and takes out the mail server as a side effect.
  The Linux link wasn't applicable to this, all the commands and paths are different to MacOS X unfortunately.

• Problem with home directories NOT in Users and Workgroup manager

  I am setting up a Leopard server (10.5.3) with the users directories in /h1. This is mounted as /Volumes/h1.
  It is exported under AFP as /h1.
  When I try to get Workgroup manager to create a home directory, I can enter the home directory as:
  afp://quattro.innocon.com/h1
  path is 'user'
  Full path is:
  /Network/Servers/quattro.innocon.com/Volumes/h1
  However, when I try to log in as this this user, it says that the directory /Network/Servers/quattro.innocon.com/h1/username does not exist.
  I cannot seem to figure out why the 'Volumes' part of the full path is being lost.
  Any ideas on how to get this right?

  have you checked to see if /Network/Servers/quattro.innocon.com exists?
  I'm having ALOT of issues with automount not picking up on the mount-maps set by Open Directory.. If anyone has any solutions on this it would be great.

• Error -14135 Creating New User In Workgroup Manager

  Hello,
  I'm running 10.5.8 on a Mac Server, and until today have had no issues adding new users with a preset I've created in Workgroup Manager. Today, I've received the message:
  Got unexpected error
  Error of type eDSRecordAlreadyExists (-14135) on line 1268 of SourceCache/WorkgroupManager/WorkgroupManager-361.2.1/PMMUGMainView.mm
  This error appears before I'm even able to enter any information.
  I would appreciate any suggestions! Right now I'm running Disk Utility and repairing permissions. I haven't found any other ideas online.
  Thank you!

  Following is the text from Note for Custom Password Validation logic:
  Customers who wish to use their own password validation logic may do
    so by writing their own Java classes that implement the
    oracle.apps.fnd.security.PasswordValidation Java interface.  The
    interface requires 3 methods to be implemented:
    1) public boolean validate(String user, String password)
      - This method takes a username and password, and then returns true
    or false, indicating whether the user's password is valid or invalid,
    respectively.
    2) public String getErrorStackMessageName()
      - This method returns the name of the message to display when the
    user's password is deemed invalid (i.e., the validate() method returns
    false).
    3) public String getErrorStackApplicationName()
      - This method returns the application shortname for the
    aforementioned error message.
    After writing the Java class to perform customized password
    validation, the customer must then set the value of the profile option
    SIGNON_PASSWORD_CUSTOM to be the full name of the class.  If, for
    example, the name of the Java class is
    oracle.apps.fnd.security.AppsPasswordValidation, then the value of the
    SIGNON_PASSWORD_CUSTOM profile option must be
    oracle.apps.fnd.security.AppsPasswordValidation.  Note that AOL/J
    will attempt to load this class dynamically.  Hence it is necessary to
    make the class accessible by AOL/J.  This means that in Forms, the
    class must first be loaded into the database using the loadjava
    command.
  You will need to apply the following patches for 11.5.1:
     1344802
     1363919
     1472974
     1351004
     1377615
  You will need to apply the following patches for 11.5.2:
     1377615

• Server admin not seeing directory users from workgroup manager

  I am setting up a new Xserve with Snow Leopard (get 'em while we can). We have eight other XServes running Leopard or Snow Leopard server. On those machines we have set up file sharing over AFP. The machines are connected to our Active Directory server and our users authenticate using their domain passwords. All of our other servers were setup in Leopard and were upgraded to Snow Leopard. We have not had any issues authenticating to those boxes.
  This is the first one that we have actually setup new-out-of-the-box in Snow Leopard. I can set Workgroup Manager up to connect to our AD, and can see and search my domain users and groups in Workgroup Manager. When I try to set up my File Shares in Server Admin, none of my domain users show up-only local accounts.
  What have I missed? In Leopard, when I connected to the domain, the users immediately became available in Server Admin. Not so in SL, at least on this box.
  Help?

  Hi
  The first thing to check is if you've bound the Server to the AD Domain. The second thing is if the /Active Directory/All Domains is in the Search Policy. If you don't do either of these WorkGroup Manager won't display anything coming from the AD Schema.
  In 10.6 Apple moved the Directory Utility from where it used to be in /Applications/Utilities and made it part of the Accounts Preferences Pane. Perhaps it's this change that's confusing you? I would not advise doing this but it's also possible you used the Server Setup Assistant to do most of the configuration? If you did maybe something went wrong at that stage (won't be the first time) and you need to manually bind the Server instead?
  As ever make sure this server is using the same NTP Server as the others.
  Tony

• Restriction of one branch user master data  to another branch user

  Hello  Experts,
  My client is having 3 different branches in Kolkatta, Ranchi and Bhubaneswar and the requirement is client wants to maintain privacy from one branch to other branch. Here what i mean to say is one branch end-user should't see the other branch BP, Inventory master data's and Chart of accounts vice-versa.
  Thanks,
  Varalakshmi.

  hi varalakshmi,
  Check this link ur question is already answered.
  Hide Database or limit access to database
  Jeyakanthan
  Edited by: Jeyakanthan A on May 8, 2009 10:27 AM

• Can't see mail accounts after adding users in Workgroup Manager

  I am running OS X Server 10.5.3...
  When I add user accounts in WGM and "Enable" Mail, the account doesn't show up in Server Manager -> Maintenance -> Accounts and there is no access through WebMail for that user...
  Am I missing something...??
  Thanks
  Mike

  Yes (Both POP and IMAP is selected)... and Yes (I can get to the WebMail login page)...
  I am getting this in the log...
  badlogin from: localhost [::1]. plaintext user: eileen. service ACL is not enabled for this user
  This is new, I wasn't getting any errors earlier...

• Admin user not available in workgroup

  When I set up my server, I first set up the main admin user, called 'admin'. This is the user used to login in to the server.
  In Workgroup Manager, I created various users for web, mail, files haring etc. However the 'admin' user is not listed as one of the users in Workgroup Manager but is the only user is System preferences/Accounts.
  Does it matter if I set a user in Workgroup Manager, called admin, or will break the system?
  Thanks.

  I would not prefer to have duplicate users with the same name around in multiple directories.  (I tend to use host-local admin names for the local admin users.)
  In WGM launched on the server, and located immediately below the Server Admin icon in the upper left of the WGM display, you'll see a small blue globe and a disclosure triangle and the text "Authenticated as ... to..." and you'll want to select that and explore the local directory.
  In other words, when you're running Open Directory as a network accounts (domain) server, there are two user account directories.  The local one that all Mac boxes have, and the networked one.

• Workgroup manager crash on creating a new user?

  Everytime I add a new user to workgroup manager, it crash.
  When I launch it again it has created a new user called untitled,
  I can edit that user but not change its shortname,
  so that user will forever be called untitled.
  I run 10.4.7 with 10.4.7 admin tools, even tho workgroup manager still say 10.4.4
  Is there some way I can manually add a user to give it the proper shortname and then edit it with workgroup manager?
  I've had this problem for a long time, and system upgrading and permission fixes doesnt solve the problem!

  I am having the same issues. I will let you know what I find out.

• Workgroup Manager: Adv, User Password Type grayed out (was Shadow Password)

  I've set Workgroup Manager, Advanced, User Password Type: Shadow Password, Options to inactive after 90 days, fail after 5 attempts, allow user to change password, at least 8 characters every 90 days. Today after user logged in to the console, the user locked herself out remotely via sftp, ssh, & xterm from a WinXP PC running ReflectionX.
  I went to the console, used Fast User Switching to bring up my admin account (her account was still logged in), we reset the password with Workgroup Manager so the red X is no longer on her username.
  However, the Advanced User Password Type: drop down list is blank and grayed out and she can't log in? How do I reset this? The user has a lot of files, I'm afraid to delete and recreate the user account. That seems pretty drastic for an invalid password attempt. I've rebooted and ran Apple Updates for good measure. Any ideas how to put Shadow Password back in that box?

  To unlock the user's account, after backing everything up and noting the user's uid, home dir, groups, etc, we deleted the user in WorkGroup Manager and readded her putting the user id, home dir, etc back the way it was. Everything seems to work again. The home directory files were not deleted when the user account was deleted so everything just reattached.
  Still have no idea how we managed to get things so confused in the first place? The Server UI is so much more complicated and inconsistent from the client OS for dealing with users. The Mac OS X Server for Dummies book I found did not have a troubleshooting section and was no help in resolving this. We ended up contacting the Mac User's Group.
  I was blown away to get an email survey from Apple support asking me to rate my opinion of my help request. I didn't get any help! They told me my 3 years of AppleCare don't apply to the Server OS I installed separately after buying the mac. Mac OS X Server has 90 days of support that I never used but had expired. They offered to sell me a help ticket for $99.
  This has not lived up to the user experience I was hoping to have. I regret the day we "upgraded" to the server. Is there a way to downgrade? Now that there is only 1 unlimited version, we're totally stuck. We have no mac client connected, just PCs via sftp, ssh, vnc, & X windows...

• Recreate user account in Workgroup Manager, empty mailbox

  We have OS X 10.3.8 Server version. Postfix mail server.
  We have a user/account with email problems and a huge mailbox. He (user: gordon) had over 16000 emails in his mailbox (/var/spool/imap/user/gordon). All other mail users on this server work fine, including newly created user accounts.
  Our solutions was to try and delete all mail from his mailbox via Terminal. This did not seem to decrease the size of his mailbox. Our next idea was to delete this user in Workgroup Manager and then re-created this user. Hoping to created an new mail setup and empty mailbox. This idea failed aswell.
  How does one basically purge an old account/user in Workgroup Manager, and then, recreate that same user name and effectively recreate the user with a new account, including a new/empty mailbox?
    Mac OS X (10.3.8)  

  cyradm is not part of 10.3.x
  To use it you would have to install it first. See here:
  http://www.afp548.com/article.php?story=20040814204411280&query=cyradm
  And then follow the instructions given beforehand.
  Having said that, your issue can be resolved differently. You deleted all mail manually in the file system (not a good idea, but what is done is done). So the mail is actually gone. What you are seing is Cyrus' index. Since you deleted manually the index didn't get updated. To get rid of the problem either reconstruct that users mailbox throgh Server Admin - > Mail or alternatively run:
  sudo -u cyrus reconstruct -r user/gordon (assuming that's the user's name)
  Alex

• How do you remove a deleted user's cyrus mailbox?

  Hi everyone,
  I am having a little trouble with a user's account on Mac OS X 10.4.8 Server. This is a short description of what has happened.
  1. Created a user in WGM.
  2. User then sends and recieves lots of email over a long period, with no apparent issues and uses the webmail interface as well as pop3 mail application on home PC (as expected!).
  3. User uses webmail one day and discovers a server error in red writing.
  4. Semi intelligent server admin guy (me) decides to delete the user account in WGM and then re-create the user in WGM in the hope of deleting the mailbox in the process.
  5. Semi intelligent server admin guy discovers that the delete/re-create procedure doesnt remove the mailbox so he decides to search apple support forums.
  Hence the reason for this post. Can anybody show me how to delete the mailbox for a user, either in GUI server admin or WGM or even terminal?
  Also I have tried adding the diradmin account to the list of cyrus admins in imapd.conf so that the IMAP application can access all mailboxes but I only get read access, so I cant delete it that way, well unless I skipped a step.
  Thanks in advance,
  Kyran McGlasson

  Yes, I saw that but was a tad puzzled. I see in your help file that you advise creating a new user for imap administration, but (lazy me) I just plugged my server admin into the imapd.conf file and did not create a separate user. My thinking was that the OSX Server mail manual states:
  1 In Server Admin, select Mail in the Computers & Services pane.
  2 Click Settings.
  3 Select the General tab and select Enable IMAP, if it is not already checked.
  4 Select an existing user or create a new user using Workgroup Manger to be an IMAP
  administrator.
  5 If you have not created a user record for the mail administrator’s account, see the user
  management guide.
  6 Open /etc/imapd.conf in a text editor.
  If you are not comfortable using a terminal text editor like emacs or vi, you can use
  TextEdit.
  7 Find the line that reads “admins:”
  8 Edit the line to add the UID number of the administrator account after the colon.
  9 Save your changes.
  10 In your email client application, create an account that uses IMAP to connect to your
  mail service using the mail administrator name.
  For more information, see the man page for imapd.conf.
  And therefore I didn't think a separate user necessary. However, even using their method, I cannot connect to the folders via a client, so I gather you are correct!
  So, I create a separate user, name him "imapadmin" or some such, mod the imapd.conf file accordingly, restart, and then . . . how do I give my new imapadmin the necessary permissions?
  I can, by the bye, delete folders using the direct Cyrus Admin method spelled out on pterobyte's site here:
  http://downloads.topicdesk.com/docs/ProperlyDeleting_OS_X_Server_MailUsers.pdf
  Thanks for the quick reply (on a Saturday!) and for crafting this very cool GUI.
  Lost count   Mac OS X (10.4.9)  

• How to change default /Users and /Groups to different Volume?

  Users are created in /Volumes/<boot>/Users and groups in /Volumes/<boot>/Groups.
  We need these to be created on a different volume, eg., /Volumes/External/Users, and /Volumes/External/Groups.
  Setup Assistant correctly put user Backups into */Volumes/External/Shared Items/Backups* and also correctly put web services on /Volumes/External/ServiceData -- we want to do the same for Groups and Users.
  Groups are the most critical, as the group needs bulk storage. Users we could leave as is if it can't be done.
  How can this be configured? We've read File Server Admin, Open Directory Admin, and Advanced Server admin from http://www.apple.com/server/macosx/resources/documentation.html without finding an answer.
  Thanks in advance.

  1. Create new folders on the external volume to hold users and groups, but to prevent confusion name them something other than "Users" and "Groups". /Volumes/External/NetUsers and /Volumes/External/NetGroups would be reasonable choices.
  2. Share both of these folders (in Server Admin -> server name in sidebar -> File Sharing -> Volumes & Browse modes -> select each folder -> click Share near the top right).
  3. Enable both folders for automounting on clients (Server Admin -> server name in sidebar -> File Sharing -> Share Points-> select each folder -> Share Point tab under that -> Enable Automount option) with the default options (Directory: /LDAPv3/127.0.0.1, Protocol: AFP, Use for: User home folders and group folders). Be sure to click Save (not just OK in the dialog).
  4. To migrate users, run Workgroup Manager, and change the home location for the users you want to move (select Accounts in the toolbar -> /LDAPv3/127.0.0.1 from the hidden pop-up menu under that -> User icon tab at the left -> select the user(s) you want to change -> Home tab on the right -> select the NetUsers option from the "Where" list). Then, for each user, run this command on the server: "sudo cp -Rp /Users/username /Volumes/External/NetUsers".
  5. Similarly, move Group folders in WGM (Accounts -> /LDAP... -> Groups icon on left -> select groups to move -> Group Folder tab on right -> NetGroups in the list). Then, for each group, run "sudo cp -Rp /Groups/groupname /Volumes/External/NetGroups".
  6. Test to make sure all is working before deleting the old user and group folders from /Users and /Groups (do NOT delete /Users and /Groups themselves, just the individual folders from under them).

• Server 4.0.3 - user aliases no longer valid e-mail addresses

  Until recently I was running a server with Mavericks 10.9.5 and OS X Server 31.2. I recently upgraded it to Yosemite (10.10.2) and OS X Server 4.0.3. After the upgrade I see a significant behaviour change in the mail server.
  In my original setup I had several users who had some 'aliases' (also known as 'Short Names' in Workgroup Manager) defined for them. Under Server 3.1.2 these aliases were treated as valid (alternate) e-mail address. For example, if  the user 'abcd' with primary e-mail address '[email protected]' had the aliases a1 and a2 defined then mail sent to [email protected] and [email protected] would be delivered to that user. Under server 4.0.3 this behaviour seems to have changed and it no longer treats the aliases as alternate e-mail address; mail sent to them is rejected with 'user unknown'. Alternate e-mail addresses now need to be specifically assigned via Server.app/Users or Workgroup Manager.
  I am surprised (though I probably should not be) that there is such a significant change in functionality without any warning; does anyone know if this is intentional or a bug? I have worked around it by adding the alternate e-mailaddresses explicitly (luckily only a few users were affected or this could have been a huge job). Of course, the issue was not noticed until a couple of days after the upgrade so for sure some legitimate mail has been lost :-(
  Thoughts or comments anyone? Should I log a bug on this?

  Hi Chris,
  I think I found a way to create e-mail aliases on the newest OS X Server 4.0.3. Actually, two ways. In the end it doesn't work, but maybe it gives you or people on the forum clues on how to set it up properly.
  You can either go to the Mail service, double-click on your domain, add a new e-mail address for the same member multiple times, editing the e-mail address on the right side:
  Or you can open the user from Users accounts and add an extra e-mail address in the Email Addresses box:
  Since I know Postfix is behind the OS X Server Mail feature, I looked for Postfix configuration files. Both ways of adding aliases as shown above will add entries to the Postfix "/Library/Server/Mail/Config/postfix/virtual_users" file. The file now looks like this:
  # greengaroo.biz
  [email protected] pleblanc
  [email protected]     pleblanc
  [email protected]     pleblanc
  Of course I restarted the Mail service, and I checked the date of the "virtual_users" file and the "virtual_users.db" file, both were freshly updated.
  Still, it doesn't work. If I send an e-mail from my Gmail account to either alias, I get the following in the SMTP Log:
  Feb 13 23:47:33 x.x.x postfix/smtpd[8219]: NOQUEUE: reject: RCPT from mail-ie0-f172.google.com[209.85.223.172]: 450 4.7.1 <[email protected]>: Recipient address rejected: Service is unavailable; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-ie0-f172.google.com>
  But if I send an e-mail to pleblanc AT greengaroo DOT biz, it works. I googled more and many people have similar problems since Mavericks. Maybe it's a bug?
  Anyone else has an idea?
  EDIT: While I was writing and formatting this post, I suddenly received the e-mails I was expecting for one of my aliases... I will do more tests to make. I don't know what else I did that would have fixed the problem, or maybe it just took some time for the configuration to be applied, I don't know.