Lightroom Catalog and Apple Open Directory Users

Similar Messages

• Authentication Delays / Slow Authentication for Open Directory Users

  I'm experiencing delays when authenticating Open Directory users and it absolutely has me at my wit's end.
  The problem is quite simple: any time an Open Directory user authenticates his password there is a delay of at least 5-10 seconds. This goes for clients that are bound to the directory server and also authenticating locally on the server. Here are some examples:
  * On the server, there is a several second delay on the Login Window screen when trying to log in using an Open Directory account. Logging in as a local user is instantaneous.
  * In Workgroup manager, authenticating as the Directory Administrator takes several seconds.
  * On a remote computer, sharing the screen using an Open Directory user take several seconds and again, a local user is instantaneous. Screen sharing takes particularly long and often temporarily shows a sheet saying it has lost the connection with the server while authenticating.
  * Connecting with AFP takes several seconds when using an Open Directory login
  * On a client computer, unlocking the screen after sleep or screen saver takes several seconds for Open Directory users
  * Connecting with SSH does NOT exhibit the behavior
  In addition to all of this, I've seen periodic random unexplainable freezes for several seconds on client computers that are bound to the directory even when logged in as a local user account (and with no other users logged in.) For example, launching applications often results in a freeze. After unbinding the computer from the directory the problem goes away entirely.
  The history of the problem:
  Used Tiger Server for over a year = no problems
  Clean install of Leopard Server 10.5.0 back in October = no problems
  Update to Leopard Server 10.5.1 = no problems
  Then, all of the sudden one day several weeks back I started having problems. The server had been up for a few weeks. I didn't install any updates. I didn't change any configuration. Literally the only thing that I had done recently was unplug the Apple Cinema Display and keyboard+mouse that was connected to the server. Then I started having problems so I plugged the display, keyboard and mouse back in to troubleshoot it. I cleared the directory services caches on my server and clients and rebooted the Airport Base Station that's serving as my router and eventually the problem went away. I wish I could tell you which of those things resolved the problem but I have no idea. It was fine for a couple more weeks (and incidentally I once again unplugged the display, keyboard and mouse from the server). Then last week I started having problems again and this time no amount of rebooting, cache clearing, rebinding, troubleshooting using information in these forums or anything else will fix the problem. I only mention the display/keyboard/mouse thing because it's literally the only thing I changed around the time the problems started happening. I truly don't think it has anything to do with it.
  So in desperation I backed up and did a clean install today. Here's the process I used:
  0. Erase the disk
  1. Install Leopard Server 10.5.0 from the install DVD
  2. In the setup assistant, use the Advanced Configuration option but I didn't enable any services. Set up network settings and host name of myserver.mydomain.private.
  3. Reboot
  4. Use Software Update to update to 10.5.1 and Security Update 2007-009 v1.1
  5. Reboot
  6. Configure DNS (see below for detailed configuration)
  7. Reboot
  8. Change role to Open Directory Master
  9. Reboot
  ... and the problem is still there. Simply logging into the server GUI with the Directory Administrator account has the delay. Authenticating in Workgroup Manager has the delay. I haven't even bothered to set up AFP or any other users yet. I'm truly at my wit's end and I'm ready to chuck the server out the window.
  I've done a lot of googling and searching of these forums looking for answers. All of the responses seem to point to a problem with DNS or with the Kerberos realm. I believe all of my setup is correct. Here it is:
  == Basic Configuration ==
  OS: Mac OS X Server 10.5.1 (9B18) with Security Update 2007-009 v.1.1
  Services Enabled:
  DNS
  Open Directory
  (All other services are not yet enabled)
  == DNS Setup ==
  Primary Zone: mydomain.private.
  Allows zone transfer: no
  Nameservers: ns.mydomain.private.
  myserver (Machine) 10.0.22.201
  ns (Alias) myserver.mydomain.private.
  Reverse Zone: 22.0.10.in-addr.arpa.
  10.0.22.201 (Reverse Mapping) myserver.mydomain.private.
  Accept recursive queries from the following networks:
  localnets
  Forwarder IP Addresses:
  208.67.222.222
  208.67.220.220
  == Open Directory Setup ==
  Role: Open Directory Master
  LDAP Search Base: dc=myserver,dc=mydomain,dc=private
  Kerberos Realm: myserver.mydomain.private
  == Network Configuration ==
  Configure: Manually
  IP Address: 10.0.22.201
  Subnet Mask: 255.255.255.0
  Router: 10.0.22.1
  DNS Server: 127.0.0.1
  Search Domains: mydomain.private
  == Other Stuff ==
  Using 'changeip -checkhostname' verifies that the hostname and DNS hostname are both myserver.mydomain.private.
  I set the realm to myserver.mydomain.private (though the default was myserver.local) based on the advice of another poster to this forum. Kerberos.app reveals something interesting: the kdc and admin servers are both myserver.local and the domains are .local and local. I tried changing all instances of 'local' to 'mydomain.private' to see if that would solve the problem. No luck.
  I verified on a client that 'host myserver' and 'host 10.0.22.201' return proper DNS and reverse DNS resolutions.
  Hopefully one of the gurus out there will be able to help me out.
  Thanks,
  jeff

  I gathered together some log information for when I try to authenticate user 'diradmin' in Workgroup Manager. You can see from the log messages that this authentication took 4 seconds. There's an interesting error message in slapd.log (see below) but it doesn't say what it's looking for in the keytab that it's not finding. Grr! I've provided a listing of the principles in my keytab. I haven't monkeyed around with it at all -- this is just what resulted from promoting the server to an Open Directory Master.
  == kdc.log ==
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](debug): handling authdata
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](debug): handling authdata
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](debug): .. .. ok
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](debug): .. .. ok
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) fe80::216:cbff:fea5:f3ce: ISSUE: authtime 1199060508, etypes {rep=16 tkt=16 ses=16}, [email protected] for krbtgt/[email protected]
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) fe80::216:cbff:fea5:f3ce: ISSUE: authtime 1199060508, etypes {rep=16 tkt=16 ses=16}, [email protected] for krbtgt/[email protected]
  Dec 30 18:21:52 myserver.mydomain.private krb5kdc[79](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) fe80::216:cbff:fea5:f3ce: ISSUE: authtime 1199060508, etypes {rep=16 tkt=16 ses=16}, [email protected] for ldap/[email protected]
  Dec 30 18:21:52 myserver.mydomain.private krb5kdc[79](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) fe80::216:cbff:fea5:f3ce: ISSUE: authtime 1199060508, etypes {rep=16 tkt=16 ses=16}, [email protected] for ldap/[email protected]
  == slapd.log ==
  Dec 30 18:21:48 myserver slapd[36]: <= bdbsubstringcandidates: (authAuthority) index_param failed (18)
  Dec 30 18:21:52 myserver slapd[36]: SASL [conn=20] Failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No principal in keytab matches desired name)
  == sudo klist -k ==
  Keytab name: FILE:/etc/krb5.keytab
  KVNO Principal
  3 afpserver/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4 D0DDB570D64ED88C5D06A78A34B7167C
  3 afpserver/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4 D0DDB570D64ED88C5D06A78A34B7167C
  3 afpserver/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4 D0DDB570D64ED88C5D06A78A34B7167C
  3 cifs/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB 570D64ED88C5D06A78A34B7167C
  3 cifs/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB 570D64ED88C5D06A78A34B7167C
  3 cifs/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB 570D64ED88C5D06A78A34B7167C
  3 vnc/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB5 70D64ED88C5D06A78A34B7167C
  3 vnc/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB5 70D64ED88C5D06A78A34B7167C
  3 vnc/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB5 70D64ED88C5D06A78A34B7167C
  3 cifs/[email protected]
  3 cifs/[email protected]
  3 cifs/[email protected]
  3 ldap/[email protected]
  3 ldap/[email protected]
  3 ldap/[email protected]
  3 xgrid/[email protected]
  3 xgrid/[email protected]
  3 xgrid/[email protected]
  3 vpn/[email protected]
  3 vpn/[email protected]
  3 vpn/[email protected]
  3 ipp/[email protected]
  3 ipp/[email protected]
  3 ipp/[email protected]
  3 xmpp/[email protected]
  3 xmpp/[email protected]
  3 xmpp/[email protected]
  3 XMPP/[email protected]
  3 XMPP/[email protected]
  3 XMPP/[email protected]
  3 host/[email protected]
  3 host/[email protected]
  3 host/[email protected]
  3 smtp/[email protected]
  3 smtp/[email protected]
  3 smtp/[email protected]
  3 nfs/[email protected]
  3 nfs/[email protected]
  3 nfs/[email protected]
  3 http/[email protected]
  3 http/[email protected]
  3 http/[email protected]
  3 HTTP/[email protected]
  3 HTTP/[email protected]
  3 HTTP/[email protected]
  3 pop/[email protected]
  3 pop/[email protected]
  3 pop/[email protected]
  3 imap/[email protected]
  3 imap/[email protected]
  3 imap/[email protected]
  3 ftp/[email protected]
  3 ftp/[email protected]
  3 ftp/[email protected]
  3 afpserver/[email protected]
  3 afpserver/[email protected]
  3 afpserver/[email protected]

• Mountain Lion Open Directory Users PhotoShop Elements 6.0

  Under Mac 10.8.5 , Licensing works fine for local users, but it fail for Open Directory Users.
  specifically I'm trying to launch Adobe Photoshop Elements 6.
  none of my workstations are connected
  it worked just fine under Leopard and Snow Leopard.
  running disk utilities repair permissions did not help.
  running the License Repair tool from adobe did not help.
  deleting the FLEXnet Publisher
  and Preferences/FLEXnet Publisher
  and the
  Preferences/FLEXnet Publisher/FLEXnet did not help
  all of my open directory users are group 1028
  i have
  chgrp -R 1028 /Library/Application Support/Adobe/
  chgrp -R 1028 /Applications/Adobe*
  chmod 775 /Library/Application Support/Adobe/Elements Organizer/11.0/
  chmod 775 /Library/Application Support/Adobe/Adobe PCD/cache
  chmod 775 /Library/Application Support/Adobe/Adobe PCD
  chmod 775 /Library/Application Support/Adobe/SLStore/
  chmod 777 /Library/Application Support/Adobe/Premiere Elements/11.0/AMTInfo.txt
  many of the files in these directories have permissions 664.
  several of the files that are frequently accesses were already 664 before i looked at them.
  i have over 80 user workstations.
  Mountain Lion OSX 10.8.5
  MacPro workstations 2 3.06 GHz 6-core intel Xeon
  12 Gigs of Ram
  Note i also have Adobe Premiere 11.0 installed on the workstations.
  Adobe Premiere 11.0 works fine after all the ownership and permission issues are solved.

  Hi OpenDirectoryDude,
  Photoshop Elements 6 has not been tested and has compatibility issues with Mac 10.8.5

• Cannot find bookmarks - open directory user

  We have LDAP v3 at our school. A teacher logged on to a different computer and her bookmarks were missing. Since she is an open directory user, I believe her books should follow her. We were trying to figure out where on a Mac the bookmarks are stored...and we could not figure it out.
  We see the profile where an internet search told us the bookmarks were -- but we could not see them. What specific folder are they in and what is the name of the file/folder that contains the bookmarks?

  The name of the file is '''places.sqlite'''.

• How do I unbind a local user from an Open Directory user?

  I have a couple MacBook Pros running Leopard that successfully bound a local account to a corresponding Open Directory account using Directory Utility.
  I had to re-install Leopard Server (using Standard configuration) and re-create Open Directory accounts. Now these laptops are unable to bind to the new Open Directory accounts. They receive an error that the Open Directory user ID and password provided is incorrect. In addition the local user can no longer reset or change their password. I'm thinking this is because their local accounts are still bound to the old Open Directory accounts that no longer exist. Is there are way to unbind a local account in Leopard that has been bound to an Open Directory account via the Directory Utility.

  What account are you using to bind the machine? When binding you must authenticate using the OD admin login which is usually setup as diradmin or as the current client you are logged into the machine with, but this client needs to exist on the OD server.

• Just download lightroom cc and not open at all. Have desistarei and will install several times and the problem continues ... I need a solution .. thank you  Operating System Windows 7 64bit

  just download lightroom cc and not open at all. Have desistarei and will install several times and the problem continues ... I need a solution .. thank you  Operating System Windows 7 64bit

  Try the following user tip:
  Troubleshooting issues with iTunes for Windows updates

• Lion: All Open Directory users obliterated

  After a rough migration from SLS, I've been running Lion Server successfully for a couple of weeks now.  However, this morning I saw that the file sharing services were down.  When I brought the server up on the monitor, the Finder was frozen solid.  I had to do a hard restart, and once it came up, all the Open Directory users are gone.  Only local users remain.  When I attempt to open the LDAP directory in Workgroup Manager it throws up a -14006 error.
  I'm going to attempt to rebuild the machine from a backup last night, but I'm wondering if anyone has any (quicker) advice.
  I'm tempted to just try and copy /var/db/openldap from the backup image over to the server, but I'm afraid it'll simply explode.  Is there a better alternative?  I don't have a current backup archive of *just* the open directory stuff...

  Restoring from a backup image "fixed" it of course, but I'm still curious how to restore the open directory database from a mirrored partition (i.e. without the use of an explicite restore from an open directory backup)

• Apple Open Directory

  I'm looking at synchronizing OID with Apple Open Directory (import from open directory), and am looking for any help with this. Does anyone have examples of how to do this?
  thanks in advance,
  Mark

  just came accross this technote that mentions odutil
  http://support.apple.com/kb/HT4696
  man odutil
  take a look at that there are also  command line administration guides for 10.6 that has a large collection of tools described.

• Adobe Premiere CS5 and Open Directory users - Premiere fails to start

  We have several class rooms with desktops that are configured for Open Directory.
  When a student logs in he's actually working in his home folder on the server and his user is also managed by the server.
  This works fine for all the applications that we're using except for Adobe Premiere CS5 and Adobe After Effects CS5. Whenever a student tries to start one of them the application will hang and only a force quit can stop it. It is impossible to start these applications.
  However, it is possible to use Premiere and After Effects using a local standard on the desktops. But I don't want to go that route. I want the managed users to be able to use those applications.
  Has anyone found a solution for this?
  Are you able to use this applications in a same environment?
  I've played a lot with the permissions on the library, system and Adobe folders, but the problem doesn't seem to be related to them.
  Setup:
  AFP Server: Xserve intel running Mac OS X Server 10.6.5
  OD Servers: Mac Mini Servers running Mac OS X Server 10.6.5
  Clients: iMacs intel running Mac OS X 10.6.6

  Safe Mode disables a lot of drivers and services, like networking.  That would seem to indicate that something is running on your system that interferes somehow.
  I'm just not sure how you'd go about tracking that down.

• OSX server open directory users and logic

  Hi guys,
  Can anyone shed light on this issue, I can't be the 1st person to encounter it. We have a lab with 10 emacs, plus a OSX Xserve, which is set up as a Open Directory Master, the students log in to the workstations through the xserve.
  When they try and run logic, we get a load of permission errors, I have tried changing the ownership and permissions to read write everyone, but it doesn't help, has anyone got a fix for this problem

  I am assuming you are not using network home directories here, purely using open directory for logging in right? Logic does not play well over a network, but using OSX server for managing users should NOT affect being able to run logic locally on a machine. If you are using network home directories for users then this WILL be a problem. For example, you will get permission errors when trying to record something.

• Leopard and panther open directory server hate each other

  So I got Leopard the first day but didn't install it till a week later 'coz I was working on a Final Cut project. When I was ready to install I saw all these problems people are having and decided to backup all my user files before I do it which I've never done before (what can you say, I trust Apple engineers!) Anyway, after an upgrade install I found that my PowerMac Dual 2.7GHz G5 with 3.5GB of RAM was slow, very slow, crawling slow. Every button I pressed, every app I tried to open, every response seemed it'd take at least 5 mins and Activity Monitor showed that those apps I was trying to interact with were not responding but if I was patient enough to wait, most of them would eventually come around.
  After a whole night searching the Apple forum and googling, I couldn't find any solution. So I decided to wipe the hard disk clean and do a clean installation. Amazingly everything worked just as they should and installation only took like 15 mins or so. After I finished installing all my usual apps back into my PowerMac I was, again, busy working on another Final Cut project. And finally that project was concluded so I can look at my new Leopard installation and see if I've missed anything after the clean installation. I found out that I forgot to add my office LDAP server information into the Directory Access and I went ahead and added it.
  I was distracted by something else after I added the LDAP info and an hour or so later when I restart my PowerMac, it started to act weird and crawling slow again, just like when I first did the upgrade installation. I totally forgot what I did to make it slow and I was super worry. After like 2 hours of ghost hunting in my PowerMac, I decided to let it sleep for the night and try to figure it out in the morning. On my way home I finally remembered what I did to make it slow! It's the LDAP info!!!! That's the only system related thing I added since before I did the last Final Cut project.
  I searched the Apple forum again last night to see if anyone has the same or related problem but I couldn't find anything close. I came to work this morning and decided to test my finding. The PowerMac was still super slow and I figured if it's directory access related, then if I unplug the network cable, my Mac should be smart enough to understand that there is no point in searching for a directory and simply gives up. I unplug the cable and my Mac is up and running smoothly again. I opened the Directory Access app and delete the LDAP entry, restart the Mac, plug the network cable back in and everything is fine now!
  I believe the problem is more on my Panther (10.3.9) server (ok fine! we are cheap, we didn't think a Tiger server was worth it! was I wrong!) than on the Leopard itself and that's why I couldn't find anything related on the forum. Is the Panther server LDAP module faulty to begin with that caused the problem? I don't know. I just know that Leopard does not play well with Panther's Open Directory service.

  I've convinced myself that all the problems which I'm experiencing with failures to mount, disappearing CD/DVD drives are nothing to do with Windows XP because all my problems are occurring under Windows 2000 (on different computers). Looks like Apple have taken a leaf out of Microsoft's rule book (put the product out in the market before it's ready and let the punters do all the hard work finding and fixing the bugs).

• 10.6.8 to Mavericks Server Upgrade loses Open Directory Users

  Hi,
  I have an OpenDirectory Master running OSX Server 10.6.8. An upgrade to Mavericks 10.9 has just failed.
  The server has about 50 OD users and passwords need to be retained across the upgrade. Apart from OD, the only other active service is AFP file sharing.
  DNS is good forward and back as per this article: OS X Server: Steps to take before upgrading or migrating the Open Directory database
  I followed these Apple guidelines for server migration: OS X Server: Upgrade and migration from Lion Server or Snow Leopard Server.
  I cloned the boot drive, booted from the clone, upgraded to Mavericks, then installed the Mavericks Server app.
  On opening the Mavericks Server app "Configuring services' showed for 5 minutes, but then an error message appeared. I did not record it exactly, but it was something like, "There was an error configuring the server. Certificate not valid!".
  I was able to continue through the error but on opening Server app there were no OD (local/network) users showing. Authentication was not happening.
  I had underestimated the time to get the installation done and I had used up the window of downtime I had booked - I did not have much time to troubleshoot. So, I cut back to the original hard drive and the server is back to 10.6.8 again.
  Can anyone point me in the right direction to find out what may have gone wrong? How can I get my users into 10.9 Server?
  Many thanks,
  b.

  Linc Davis advice is spot-on, as usual.
  There seem to be dozens of sub-databases in the LDAP database. A problem in any of them seems to derail the entire conversion process. I tried a straight conversion and was also disappointed that there were unresolved issues, and it meant that the conversion failed.
  So I did the export route using WorkGroup Manager, and exported four sets:
  Users
  Groups
  Computers
  Computer groups
  go to the appropriate pane (e.g., Users) and Select All, then choose Export, and give it a name (probably with an embedded date in case you need to do it again later)
  Then use 10.9 WorkGroup Manager (available as a separate download) to Import.
  When re-imported, everything worked just fine (except the passwords, which cannot be carried forward using this method). I did have to manually enable at least one service, such as File Sharing service in Server [admin], or users showed up as "not allowed" [to log in].
  This entire process of getting Server 3 to work is fraught with peril, and everything converges on ONE diagnostic, "Network users can't log in". Which means you blew it, but provides no additional information about WHERE you blew it.
  There do not appear to be any magic bullets. It is just a tough slog. Users who reported success after failing the first time reported they returned to fundamental principles and did all the steps over, in order, to attain success.

• Can't create new open directory user

  hi.
  If I use the workgroupmanager to create a new user it automatically creates one with a "crypt" password.
  first it is shown as open directory, but then if I re-load, it says "crypt" password.
  If I try to change it to open directory the system tells me that I am not authorized to do so.
  it does not matter if I try the workgroupmanager locally or via my macbook remotely.
  if I create them via the server preferences it works fine.
  since I am a newbie here, maybe I am doing something wrong... ideas? please.
  thanks.
  martindavid

  Check out this tread, you are not alone but there doesn't seem to be a single solution...
  http://discussions.info.apple.com/thread.jspa?threadID=2262981
  I had this code and MY solution came from the fact that I had turned OFF DNS because I couldn't see that "I" was using it. turning it back on and ensuring that it was correctly configured solved it for me!

• Open Directory users prompted to change password after 10.8 to 10.9 server upgrade

  I just upgraded our 10.8.5 server to 10.9.3. I also upgraded Server.app to the most recent version (3.1.2). I made a complete backup first as a precaution.
  Existing non-admin users are being prompted to change their password when logging in. I've narrowed the problem down to a checkbox in the "Global Password Policy" settings in Server.app, specifically this checkbox: "Passwords must: be reset on first user login". I had that box checked in 10.8 so that new users would be prompted to create a password the first time they logged into a bound computer. It worked great and I'd like to continue using this feature in 10.9.
  If I uncheck this box in Server.app in 10.9.3, existing users can log in just fine with their existing passwords. If I re-check the box, non-admin users are suddenly prompted to change their password when logging in, even though they've logged in countless times in the past.
  Here are some things I've tried:
  * stopping and restarting the Open Directory service in Server.app
  * restarting the server
  * disabling and re-enabling an existing user account
  * inspecting user records in Directory Utility for any peculiar attributes
  * I used the mkpassdb -dump command to verify that the correct "last login time" is present for a particular user, but I'm not enough of an Open Directory expert to know if this is the attribute that the Global Password Policy relies on.
  Does anyone have any other ideas or suggestions?

  UPDATE: It looks like this issue applies to new (post-upgrade) accounts, too, suggesting that this has nothing to do with the upgrade process. Can anyone confirm this behavior? It's easy to test:
  1) Make sure the "Passwords must: be reset on first user login" box is unchecked.
  2) Create a new user in Open Directory.
  3) Log in once. No problem.
  4) Now check the "Passwords must: be reset on first user login" box.
  5) Try to log in again. Were you prompted to change your password? Logically, you shouldn't have been prompted, but users on my server are being prompted.

• IChat not working with Open Directory users

  I have a Mac Mini running Snow Leopard Server 10.6.1. It provides services like Address Book, iCal, iChat, Mobile Access, MySQL, Web, SMB, Push, etc... I named the server 'Alpha' with the hostname 'alpha.markhadjar.com'
  I use DynDNS to help update my dynamic IP address with my ISP. They host my domain markhadjar.com. I created an 'A' record for markhadjar.com using my current IP. The DynDNS software client sends my current dynamic IP address and updates the record. I also created an alias for 'www'.
  Airport Extreme port forwards the correct ports to the requested server providing those services.
  All my users are listed in the Open Directory. My trouble is I can't seem to get iChat to work for the OD users. I get a connection error.
  The jabber account i'm using is the [email protected] I use the server 'ichat.markhadjar.com' with port 5222 without SSL as I do not have a SSL certificate.
  In the ichat settings of Server Admin, I specified ichat.markhadjar.com as the server name. I also created an alias in DynDNS for ichat.markhadjar.com - not sure if that was needed.
  I cannot connect using iChat to the server. I even changed the server in the iChat preferences (client side) to just markhadjar.com with no luck.
  Any help is greatly appreciated!
  Thanks.

  Mark, you mention that this server 'alpha' is running many things including Mobile Access Server. Do you also run Open Directory on the server? I am trying to figure out if Open Directory is required to be running on the server that runs Mobile Access for it to work in authenticating users and granting them appropriate access. I am hoping it is not required, because I'm having problems getting it to replicate from the Master OD server. It would be easier if it doesn't need to run OD at all. But then if it doesn't run OD, what do I need to do to "bind" it to the other internal origin server? I have read all the MObile Access doc's 50 times, and this is not clear to me. Just wondering how you are using Mobile Access. thanks man!