Lion Server just for Podcast Producer?

Similar Messages

• Using Lion Server Radius for authenticating "other" clients

  Hi I've been trying to get the Radius service in Lion Server to authenticate users of my SQUID web proxy. I have followed the squid wiki's instructions to configure the squid server as a radius client and pass authentication requests to the Lion Server Radius (I hope). However I'm trying to configure and test the Lion Server Radius. As Lions Server Admin GUI for radius only lets to add Airport Basestations, I've been trying to dig around for what underlying config files to edit.  I have tried 2 methods of adding the client details to radius:
  1. By editing the /etc/raddb/client.conf, and adding/changing (for example):
  client localhost {
       secret     = mysecretpassphrase
  client 192.168.0.0/24 {
       secret              = mysecretpassphrase
       shortname       = local-lan-clients
  and restarting squid. Nothing seems to get mentioned in the radius log file! So I'm not completely convinced that the Lion Radius took any notice of this!
  2. Instead of above, added the same client info using radiusconfig:
  $ sudo radiusconfig -addclient 192.168.0.0/24 local-lan-clients other <return>
  - then it prompts for the secret. With this command I notice the entry/event is recognised in the radius log file, and also looks like some SQL activity. If I dont specify "other" for the nas-type, it defaults to "Aiport Base Station" or similar.
  OK, so forgetting about SQUID for a minute, I can't even get that far as I'm just trying to test the config using the "radclient" utility from the Lion Server and the squid server:
  $ sudo radclient localhost auth mysecretpassphrase <return>
  and... no response, just hangs, nothing in radius log either.
  The Lion Firewall allows TCP and UDP requests into the Radius authentication port.
  Any ideas what else I need to do? Scratching my head, I'm wondering if it is anything to do with SSL? e.g. do I need to make the authentication using the self-signed certificate that Open Directory has? I presume any Airport Base Stations added to radius will use this certificate to establish a secure connection for authentication.

  The RADIUS server in OS X Server is a standard FreeRADIUS implementation with Apple's own custom GUI frontend for configuring it and which only allows adding AirPort base-stations. In Mountain Lion Server it is even limited to a specific configuration for the AirPort base-station.
  However if you follow the normal command-line instructions and steps for configuring FreeRADIUS then it will be possible to add any type of RADIUS client.
  While as far as I can see by manually configuring the FreeRADIUS server in OS X Server should enable you to do what you want, most people chose to configure Squid to use either a PAM or the LDAP modules for Squid to in this case authenticate directly to Open Directory (which is of course based on LDAP).
  I myself have used a PAM in the past with Squid to successfully configure Squid to authenticate users via Open Directory. I was even able to specific an Open Directory group and only allow members of that group access via the Squid Proxy Server. I then went a bit OTT and set up another open-source tool (which was discontinued and I had to fix to get working) to process the Squid logs and store them in MySQL, and then setup FileMaker Pro to connect to the MySQL database via ODBC to allow producing reports.
  Unfortunately the AFP458 website had a major redesign a while ago and many previous technical articles on it are now hard to find. I had used two articles on that site to guide me through setting up Squid and the PAM on a Mac server. I believe the two articles I used are the ones listed below.
  http://afp548.com/2004/09/08/using-os-x-open-directory-to-authenticate-squid-pro xy-server/
  http://afp548.com/2004/12/13/squid-server-using-ldap-authentication/

• Is Lion Server just Lion with added server tools ?

  From what I am reading, buying Lion Server is just the same as buying Lion..... except you get some additional tools ?  I have never had the server version of OS X before... but I always thought that installing the Server version (at least prior to Lion) would not always give you the same experience as purchasing the non-server version....
  I only own mac laptops right now, but was thinking seriously about using one for a server..... and for $49 I can get it, install it as a server on one, and non-server on the remainder ?
  TJ

  Correct.
  tj4shee wrote:
  Oh...... so if I read this right.... the total cost for setting up a Lion Server is $29 for Lion + $49 for the server tools.... so $88 total....
  I didn't catch on to that prior.....

• SMTP Settings for Podcast Producer

  Recently our University changed email providers, which required us to change settings on our devices.  I updated the SMTP settings in Podcast Producer to reflect the new service, however I am no longer receiving the administrator emails whenever XGrid starts or starts a job.
  Here's the rub... the user notification emails are working fine using the same SMTP settings.  Is there somewhere else that SMTP settings are stored in Podcast Producer that I missed?  I am able to ping the SMTP server fine with no problems.
  Best,
  James McNab
  Multimedia Producer, Drake University

  Hi,
  Check and see if this helps:
  What firewall ports do I need open to connect to Office 365 for Education?
  https://blogs.technet.com/b/educloud/archive/2011/11/30/what-firewall-ports-do-i-need-open-to-connect-to-office-365-for-education.aspx
  Connect Office 365 to your Outlook desktop application
  http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff637593.aspx
  Regards,
  Flynn

• Fix for Podcast Producer Removing Metadata?

  We can create a file with all of our metadata included in the file. Then when we upload it to our server using Podcast Producer it strips out our metadata. Can anything be done to preserve our metadata during upload?
  Thanks,
  C Lyman

  You have 2 options, both are using the podcast command line
  1- remove the feed using podcast --removefeed --feed_uuid UIID
  2- disable the feed using podcast --disablefeed --feed_uuid UIID
  UUID is the feed_uuid of the workflow feed

• Lion Server upgrade for Snow Leopard Server

  I can't seem to get the App Store to sell me Lion Server for my Snow Leopard Server.  I'm trying to remain positive about this but I'm getting really ****** that money isn't enough to make this happen.  My experiencewith the App Store and Apple policies in general is its almost time to dump OS X and head back to Open Source. 
  So, what's the secret?  I put money in my iTunes account.  I've done the 15 logins it takes to satisfy AppleID my account is complete and up-to-date in the store and the Support Communities.  How do I buy the software and actually download and install it?
  Thanks

  Upgrading Snow Leopard Server to Lion and then adding Lion Server is the ONLY way to go, There is no other way to install Lion Server.
  http://www.apple.com/macosx/server/how-to-buy/

• Is there a dual video sources workflow anywhere for Podcast Producer 2?

  I looked at the standard "dual source" workflow, but the QTZ compositions appear to use output from a plugin rather than direct "video input" patches. I'd love to be able to plug in both a Canopus ADVC-55 firewire codec (to capture PTZ camera image) and an Epiphan USB encoder (to capture whatever XGA signal is being sent to the room projector). Ideally, this would show up with whatever setting was chosen for the dual source workflow (e.g. "Overlay" or "Keynote"). Has anyone worked this out or have an idea as to how to proceed?

  The QTZ compositions already expect video as input sources for both primary and secondary source. As far as I know you can use two different video input, but then you will have to you two different bound Macs to control the recording. With Podcast Capture you can't select two connected cameras on one machine. So you will need to bind two machines, start the recording from Podcast Capture and select the remote cameras for each input.

• Does lion server have podcast producer 2

  The Apple Lion Server description lists podcast producer 2 but I'm only finding pod cast capture and pod cast publisher.

  In Lion Server, Apple made some changes to the way podcasts can be handled. However, Podcast Producer is still available, and can be configured using the Server Admin app.

• Can I get podcast producer going on my Macbook?

  I make tutorial videos for classes I teach.  Podcast producer looks like a good option for me. I gather I need podcast capture too.  Is it worth it for me to buy OS X Lion and the Lion server just for that purpose?  Otherwise, I'm looking at buying something like Camtasia so that I can record my screen and voice.

  Podcast Producer is, as you say, part of OSX Server and is outside my experience (though I would have thought that what you suggest was going a complicated route to achieve your ends). The best place to ask would be in the OSX Lion Server Forum.

• Use Lion Server to set up security in Web Sharing

  Can I use Lion Server to set up security in Web Sharing?
  I want a password prompt to appear when someone comes to look at my Web Sharing files.
  I have tried to do this manually in Snow Leopard and Lion, and am considering buying Lion Server just for this one purpose.
  Does the admin GUI in Lion Server have an option that allows you to set up a password prompt for folks that look at my Web Sharing files?
  THanks.
  mac

  Miracles do happen.
  Because I just bought Lion Server, I was able to get a guy from the Apple Server support group on the phone, for a long time, and he helped me set this up using the Server app and the Server Admin app.
  Now I have a password prompt on my Web Sharing files.
  It's an incredible relief to have this working.
  Thanks for the responses.

• Lion & Podcast Producer?

  Does anyone have an idea of the implications of Lion on Podcast Producer?  Initially, information on the Apple website seems vague on whether PCP will be included/integrated with Lion Server.  It seems odd to think that support would disappear, but I finding mixed thoughts on how PCP will look in Lion.  Is anyone out there testing a beta version of Lion?

  I got from Apple Enterprise that there are 2 different apps - Podcast (as in Server App) and Podcast Producer (which is the legacy app from Snow Leopard Server).  Podcast Publisher in Lion works with Podcast and integrates into the Lion Wikis.  Podcast doesn't require Xgrid to run as where PCP did.  You can still use the workflows from PCP in Podcast.  PCP is in there and we had it running, but opted to go with the new Podcast app.
  It's very confusing and not clear at ALL in the Advanced Server Admin manual, but we're finding that the new Podcast app seems to be more user friendly via Podcast Publisher.   In addition, being able to have non-IT people manage the podcasts via the GUI (wikis) as opposed to the CLI pcast commands to edit the feeds is a plus in our environment.
  With your error message above, your DNS setting are all good for your server?

• HT200124 what is the podcast producer server?

  I am trying to set up my Podcast Capture....it is asking me for "podcast producer server"?

  Are you running into a situation where the difference in time between producing an event, and consuming it, is actually causing your problems?  If not, this is not a question worth worrying about.  Use whatever is most appropriate for your application.
  There's no need to make wild guesses - build a VI, benchmark and test!  The attached is a reasonable starting point, although I think the event structure may be slow due to setup time but may respond quickly once running.  If you experiment with this, you'll probably find that there's no definite answer to which is fastest.  Changing the size of the RT-FIFO, or of the queue, makes a big difference in speed.  At least in my testing, a single-element RT-FIFO is fastest, but an infinitely large queue is faster than a small queue, and a longer RT-FIFO is much slower than the single-element version.
  It's important to realize that RT is not another word for Fast or Efficient, it's another word for Consistent.  For the purposes of real-time (deterministic) execution, it doesn't matter how fast the RT-FIFO functions are so long as they execute in exactly the same amount of time, every time (with the exception of a "forever" timeout value, of course).  You can use either a standard queue or an RT-FIFO to communicate between loops.  One use for an RT-FIFO is when a time-critical loop is enqueuing the data.  It guarantees that the amount of time needed to put data into the FIFO will not vary.  Enqueueing data in a standard queue will sometimes be faster than other times, depending on whether there is already space available in the queue or space needs to be allocated for the new element.  If this variation is unacceptable, then use an RT-FIFO; otherwise, the standard queue works just as well.
  If the architecture shown in your image is working for you, I don't see any reason to change it.
  EDIT: oops, almost forgot to attach the code I used for testing!
  Attachments:
  Event vs Queue.vi ‏21 KB

• What I wish I'd Known Before My Lion Server Install

  The truth is that I am on my FIFTH Lion Server install on the same box this week. While I was working on #4, I went ahead and submitted a ticket with Apple and arranged a timeslot for this morning to work with them to help me past my struggles with Lion Server. This post is the result of that experience. Big props to Apple support techs Chuck and Don - you know who you are!
  What I Wish I'd Known Before My Lion Server Install
  1. Do NOT migrate user accounts, apps, and files, until AFTER you have the Server set up and working correctly.
  - This one tip, which is brilliantly simple, would have saved me four very long days of head bashing.
  2. Server Admin Tools are mandatory.
  - The first time around I used the Server App to configure the system (after an upgrade install, and subsequently after a clean install + migration).
  - Server Admin allows you to set up the foundation of your server - which it NEEDS!
  - DNS - configure a local, pseudo domain for your server if you're doing this at home. Something like "mynet.private" - if you don't, your SSL certificates can get all jacked up, your clients will not trust your certs. This breaks a lot of stuff.
  3. Do NOT accept the mDNS .local domain suffix for your Server
  - At each step, if something auto-fills your server name as name.local reject it, and use the fully qualified domain name that you set up above (server.mynet.private).
  - If you do not do this, anything that requires certificates could/will have big problems.
  4. Enable services one at a time. Reboot after EACH major phase past the core Lion install.
  - Base install ... Server install. REBOOT
  - DNS configuration. REBOOT
    - validate your host name - I needed to force a 'changeip' command because there was a problem with the HOSTNAME retaining the mdns .local domain name.
  - OD Master config. REBOOT
  - Set up Podcast Producer (which will also setup your Xgrid). REBOOT
  5. Take images of your hard drive as you go.
  - Once I got the core server installed, the basic services above, I rebooted and held the option key, then restarted on the Recovery HD image.
  - Use Disk Utility to take a snapshot image of your hard disk so you can get back to this wonderful place of everything working! It's cheap insurance, and adds a bit of extra time, but is well worth it. If you leave the default settings alone (the 'compressed' one in particular) it will use as little space as possible. My server at this stage of configuration created a 4GB disk image.
  6. Use the Migration Assistant After the above
  - Now you can migrate your apps
  - Migrate your users
  - etc.
  If you use the Migration option while you're installing the server, or if you upgrade on top of your Snow Leopard (or whatever), I can almost guarantee you that you are in for a world of hurt.
  I struggled through all kinds of issues with files having embedded information, scattered throughout all the various subsystems, that gummed up my installation and would case all manner of the flakey Lion Server behavior that you read about ("Error Reading Configuration").
  If you want to use Podcast Producer, or any of the Profile Manager features, the above methodology was the only way that I could get them to work. Often times I'd have everything working, then reboot and it would break. After I did the above, the system is as solid as a rock.
  Today, I love Lion Server. Yesterday I was cursing it.
  Best of luck!!

  There are 2 distinct apps in Lion Server.... Podcast (in Server app) and Podcast Producer (Server admin which is deemed legacy from SNS).  Podcast uses Podcast Publisher instead of Podcast Capture to produce, edit and submit to Podcast app.  Podcast doesn't requre Xgrid where PCP did. The two don't mix.
  It's as clear as mud in all the documentation about this.
  We're finding that Podcast Publisher has much more flexibility that Podcast Capture (edit, episodes & more), can use existing workflow from PCP, doesn't require xgrid, and podcasts can easily be managed by non-IT people via the Podcast wiki as opposed to the CLI pcast commands to edit & modify PCP feeds.
  Hope this helps.

• How To Install A (Almost) Working Lion Server With Profile Management/SSL/OD/Mail/iCal/Address Book/VNC/Web/etc.

  I recently installed a fresh version of Lion Server after attempting to fix a broken upgrade. With some help from others, I've managed to get all the new features working and have kept notes, having found that many or most of the necessary installation steps for both the OS and its services are almost entirely undocumented. When you get them working, they work great, but the entire process is very fragile, with simple setup steps causing breaks or even malicious behaviors. In case this is useful to others, here are my notes.
  Start with an erased, virgin, single guid partitioned drive. Not an upgrade. Not simply a repartitioned drive. Erased. Clean. Anything else can and probably will break the Lion Server install, as I discovered myself more than once. Before erasing my drive, I already had Lion and made a Lion install DVD from instructions widely available on the web. I suppose you could also boot into the Lion recovery partition and use disk utility to erase the OS X partition then install a new partition, but I cut a DVD. The bottom line is to erase any old OS partitions. And of course to have multiple, independent backups: I use both Time Machine with a modified StdExclusions.plist and Carbon Copy Cloner.
  Also, if you will be running your own personal cloud, you will want to know your domain name ahead of time, as this will be propagated everywhere throughout server, and changing anything related to SSL on Lion Server is a nightmare that I haven't figured out. If you don't yet have a domain name, go drop ten dollars at namecheap.com or wherever and reserve one before you start. Soemday someone will document how to change this stuff without breaking Lion Server, but we're not there yet. I'll assume the top-level domain name "domain.com" here.
  Given good backups, a Lion Install DVD (or Recovery Partition), and a domain name, here are the steps, apparently all of which must be more-or-less strictly followed in this order.
  DVD>Disk Utility>Erase Disk  [or Recovery Partition>Disk Utility>Erase Partition]
  DVD>Install Lion
  Reboot, hopefully Lion install kicks in
  Update, update, update Lion (NOT Lion Server yet) until no more updates
  System Preferences>Network>Static IP on the LAN (say 10.0.1.2) and Computer name ("server" is a good standbye)
  Terminal>$ sudo scutil --set HostName server.domain.com
  App Store>Install Lion Server and run through the Setup
  Download install Server Admin Tools, then update, update, update until no more updates
  Server Admin>DNS>Zones [IF THIS WASN'T AUTOMAGICALLY CREATED (mine wasn't): Add zone domain.com with Nameserver "server.domain.com." (that's a FQDN terminated with a period) and a Mail Exchanger (MX record) "server.domain.com." with priority 10. Add Record>Add Machine (A record) server.domain.com pointing to the server's static IP. You can add fancier DNS aliases and a simpler MX record below after you get through the crucial steps.]
  System Prefs>Network>Advanced>Set your DNS server to 127.0.0.1
  A few DNS set-up steps and these most important steps:
  A. Check that the Unix command "hostname" returns the correct hostname and you can see this hostname in Server.app>Hardware>Network
  B. Check that DNS works: the unix commands "host server.domain.com" and "host 10.0.1.2" (assuming that that's your static IP) should point to each other. Do not proceed until DNS works.
  C. Get Apple Push Notification Services CA via Server.app>Hardware>Settings><Click toggle, Edit... get a new cert ...>
  D. Server.app>Profile Manager>Configure... [Magic script should create OD Master, signed SSL cert]
  E. Server.app>Hardware>Settings>SSL Certificate> [Check to make sure it's set to the one just created]
  F. Using Server.app, turn on the web, then Server.app>Profile Manager> [Click on hyperlink to get to web page, e.g. server.domain.com/profilemanager] Upper RHS pull-down, install Trust Profile
  G. Keychain Access>System>Certificates [Find the automatically generated cert "Domain", the one that is a "Root certificate authority", Highlight and Export as .cer, email to all iOS devices, and click on the authority on the device. It should be entered as a trusted CA on all iOS devices. While you're at it, highlight and Export... as a .cer the certificate "IntermediateCA_SERVER.DOMAIN.COM_1", which is listed an an "Intermediate CA" -- you will use this to establish secure SSL connections with remote browsers hitting your server.]
  H. iOS on LAN: browse to server.domain.com/mydevices> [click on LHS Install trust cert, then RHS Enroll device.
  I. Test from web browser server.domain.com/mydevices: Lock Device to test
  J. ??? Profit
  12. Server Admin>DNS>Zones> Add convenient DNS alias records if necessary, e.g., mail.domain.com, smtp.domain.com, www.domain.com. If you want to refer to your box using the convenient shorthand "domain.com", you must enter the A record (NOT alias) "domain.com." FQDN pointing to the server's fixed IP. You can also enter the convenient short MX record "domain.com." with priority 11. This will all work on the LAN -- all these settings must be mirrored on the outside internet using the service from which you registered domain.com.
  You are now ready to begin turning on your services. Here are a few important details and gotchas setting up cloud services.
  Firewall
  Server Admin>Firewall>Services> Open up all ports needed by whichever services you want to run and set up your router (assuming that your server sits behind a router) to port forward these ports to your router's LAN IP. This is most a straightforward exercise in grepping for the correct ports on this page, but there are several jaw-droppingly undocumented omissions of crucial ports for Push Services and Device Enrollment. If you want to enroll your iOS devices, make sure port 1640 is open. If you want Push Notifications to work (you do), then ports 2195, 2196, 5218, and 5223 must be open. The Unix commands "lsof -i :5218" and "nmap -p 5218 server.domain.com" (nmap available from Macports after installing Xcode from the App Store) help show which ports are open.
  SSH
  Do this with strong security. Server.app to turn on remote logins (open port 22), but edit /etc/sshd_config to turn off root and password logins.
  PermitRootLogin no
  PasswordAuthentication no
  ChallengeResponseAuthentication no
  I'm note sure if toggling the Allow remote logins will load this config file or, run "sudo launchctl unload -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist ; sudo launchctl load -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist" to restart the server's ssh daemon.
  Then use ssh-keygen on remote client to generate public/private keys that can be used to remotely login to the server.
  client$ ssh-keygen -t rsa -b 2048 -C client_name
  [Securely copy ~/.ssh/id_rsa.pub from client to server.]
  server$ cat id_rsa.pub > ~/.ssh/known_hosts
  I also like DenyHosts, which emails detected ssh attacks to [email protected]. It's amazing how many ssh attacks there are on any open port 22. Not really an added security feature if you've turned off password logins, but good to monitor. Here's a Lion Server diff for the config file /usr/share/denyhosts:
  $ diff denyhosts.cfg-dist denyhosts.cfg
  12c12
  < SECURE_LOG = /var/log/secure
  > #SECURE_LOG = /var/log/secure
  22a23
  > SECURE_LOG = /var/log/secure.log
  34c35
  < HOSTS_DENY = /etc/hosts.deny
  > #HOSTS_DENY = /etc/hosts.deny
  40a42,44
  > #
  > # Mac OS X Lion Server
  > HOSTS_DENY = /private/etc/hosts.deny
  195c199
  < LOCK_FILE = /var/lock/subsys/denyhosts
  > #LOCK_FILE = /var/lock/subsys/denyhosts
  202a207,208
  > LOCK_FILE = /var/denyhosts/denyhosts.pid
  > #
  219c225
  < ADMIN_EMAIL =
  > ADMIN_EMAIL = [email protected]
  286c292
  < #SYSLOG_REPORT=YES
  > SYSLOG_REPORT=YES
  Network Accounts
  User Server.app to create your network accounts; do not use Workgroup Manager. If you use Workgroup Manager, as I did, then your accounts will not have email addresses specified and iCal Server WILL NOT COMPLETELY WORK. Well, at least collaboration through network accounts will be handled clunkily through email, not automatically as they should. If you create a network account using Workgroup Manager, then edit that account using Server.app to specify the email to which iCal invitations may be sent. Server.app doesn't say anything about this, but that's one thing that email address entry is used for. This still isn't quite solid on Lion Server, as my Open Directory logs on a freshly installed Lion Server are filled with errors that read:
  2011-12-12 15:05:52.425 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':
       User 'uname' (/LDAPv3/127.0.0.1) - ID 1031 - UUID 98B4DF30-09CF-42F1-6C31-9D55FE4A0812 - SID S-0-8-83-8930552043-0845248631-7065481045-9092
  Oh well.
  Email
  Email aliases are handled with the file /private/etc/postfix/aliases. Do something like this
  root:           myname
  admin:          myname
  sysadmin:       myname
  certadmin:      myname
  webmaster:      myname
  my_alternate:   myname
  Then run "sudo newaliases". If your ISP is Comcast or some other large provider, you probably must proxy your outgoing mail through their SMTP servers to avoid being blocked as a spammer (a lot of SMTP servers will block email from Comcast/whatever IP addresses that isn't sent by Comcast). Use Server.app>Mail to enter your account information. Even then, the Lion Server default setup may fail using this proxy. I had to do this with the file /private/etc/postfix/main.cf:
  cd /etc/postfix
  sudo cp ./main.cf ./main.cf.no_smtp_sasl_security_options
  sudo echo 'smtp_sasl_security_options = noanonymous' >> ./main.cf
  sudo serveradmin stop mail
  sudo serveradmin start mail
  Finally, make sure that you're running a blacklisting srevice yourself! Server Admin>Mail>Filter> Use spamhaus.org as a blacklister. Finally, set up mail to use strong Kerberos/MD5 settings under on Server Admin>Mail>Advanced. Turn off password and clear logins. The settings should be set to "Use" your SSL cert, NOT "Require". "Require" consistently breaks things for me.
  If you already installed the server's Trust Certificate as described above (and opened up the correct ports), email to your account should be pushed out to all clients.
  iCal Server
  Server.app>Calendar>Turn ON and Allow Email Invitations, Edit... . Whatever you do, do NOT enter your own email account information in this GUI. You must enter the account information for local user com.apple.calendarserver, and the password for this account, which is stored in the System keychain: Keychain Access>System> Item com.apple.servermgr_calendar. Double-click and Show Password, copy and paste into Server.app dialog. This is all described in depth here. If you enter your own account information here (DO NOT!), the iCal Server will delete all Emails in your Inbox just as soon as it reads them, exactly like it works for user com.apple.calendarserver. Believe me, you don't want to discover this "feature", which I expect will be more tightly controlled in some future update.
  Web
  The functionality of Server.app's Web management is pretty limited and awful, but a few changes to the file /etc/apache2/httpd.conf will give you a pretty capable and flexible web server, just one that you must manage by hand. Here's a diff for httpd.conf:
  $ diff httpd.conf.default httpd.conf
  95c95
  < #LoadModule ssl_module libexec/apache2/mod_ssl.so
  > LoadModule ssl_module libexec/apache2/mod_ssl.so
  111c111
  < #LoadModule php5_module libexec/apache2/libphp5.so
  > LoadModule php5_module libexec/apache2/libphp5.so
  139,140c139,140
  < #LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
  < #LoadModule encoding_module libexec/apache2/mod_encoding.so
  > LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
  > LoadModule encoding_module libexec/apache2/mod_encoding.so
  146c146
  < #LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
  > LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
  177c177
  < ServerAdmin [email protected]
  > ServerAdmin [email protected]
  186c186
  < #ServerName www.example.com:80
  > ServerName domain.com:443
  677a678,680
  > # Server-specific configuration
  > # sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart
  > Include /etc/apache2/mydomain/*.conf
  I did "sudo mkdir /etc/apache2/mydomain" and add specific config files for various web pages to host. For example, here's a config file that will host the entire contents of an EyeTV DVR, all password controlled with htdigest ("htdigest ~uname/.htdigest EyeTV uname"). Browsing to https://server.domain.com/eyetv points to /Users/uname/Sites/EyeTV, in which there's an index.php script that can read and display the EyeTV archive at https://server.domain.com/eyetv_archive. If you want Apache username accounts with twiddles as in https://server.domain.com/~uname, specify "UserDir Sites" in the configuration file.
  Alias /eyetv /Users/uname/Sites/EyeTV
  <Directory "/Users/uname/Sites/EyeTV">
      AuthType Digest
      AuthName "EyeTV"
      AuthUserFile /Users/uname/.htdigest
      AuthGroupFile /dev/null
      Require user uname
      Options Indexes MultiViews
      AllowOverride All
      Order allow,deny
      Allow from all
  </Directory>
  Alias /eyetv_archive "/Volumes/Macintosh HD2/Documents/EyeTV Archive"
  <Directory "/Volumes/Macintosh HD2/Documents/EyeTV Archive">
      AuthType Digest
      AuthName "EyeTV"
      AuthUserFile /Users/uname/.htdigest
      AuthGroupFile /dev/null
      Require user uname
      Options Indexes MultiViews
      AllowOverride All
      Order allow,deny
      Allow from all
  </Directory>
  I think you can turn Web off/on in Server.app to relaunch apached, or simply "sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart".
  Securely copy to all desired remote clients the file IntermediateCA_SERVER.DOMAIN.COM_1.cer, which you exported from System Keychain above. Add this certificate to your remote keychain and trust it, allowing secure connections between remote clients and your server. Also on remote clients: Firefox>Advanced>Encryption>View Certificates>Authorities>Import...> Import this certificate into your browser. Now there should be a secure connection to https://server.domain.com without any SSL warnings.
  One caveat is that there should be a nice way to establish secure SSL to https://domain.com and https://www.domain.com, but the automagically created SSL certificate only knows about server.domain.com. I attempted to follow this advice when I originally created the cert and add these additional domains (under "Subject Alternate Name Extension"), but the cert creation UI failed when I did this, so I just gave up. I hope that by the time these certs expire, someone posts some documentation on how to manage and change Lion Server SSL scripts AFTER the server has been promoted to an Open Directory Master. In the meantime, it would be much appreciated if anyone can post either how to add these additional domain names to the existing cert, or generate and/or sign a cert with a self-created Keychain Access root certificate authority. In my experience, any attempt to mess with the SSL certs automatically generated just breaks Lion Server.
  Finally, if you don't want a little Apple logo as your web page icon, create your own 16×16 PNG and copy it to the file /Library/Server/Web/Data/Sites/Default/favicon.ico. And request that all web-crawling robots go away with the file /Library/Server/Web/Data/Sites/Default/robots.txt:
  User-agent: *
  Disallow: /
  Misc
  VNC easily works with iOS devices -- use a good passphrase. Edit /System/Library/LaunchDaemons/org.postgresql.postgres.plist and set "listen_addresses=127.0.0.1" to allow PostgreSQL connections over localhost. I've also downloaded snort/base/swatch to build an intrusion detection system, and used Macports's squid+privoxy to build a privacy-enhanced ad-blocking proxy server.

  Privacy Enhancing Filtering Proxy and SSH Tunnel
  Lion Server comes with its own web proxy, but chaining Squid and Privoxy together provides a capable and effective web proxy that can block ads and malicious scripts, and conceal information used to track you around the web. I've posted a simple way to build and use a privacy enhancing web proxy here. While you're at it, configure your OS and browsers to block Adobe Flash cookies and block Flash access to your camera, microphone, and peer networks. Read this WSJ article series to understand how this impacts your privacy. If you configure it to allow use for anyone on your LAN, be sure to open up ports 3128, 8118, and 8123 on your firewall.
  If you've set up ssh and/or VPN as above, you can securely tunnel in to your proxy from anywhere. The syntax for ssh tunnels is a little obscure, so I wrote a little ssh tunnel script with a simpler flexible syntax. This script also allows secure tunnels to other services like VNC (port 5900). If you save this to a file ./ssht (and chmod a+x ./ssht), example syntax to establish an ssh tunnel through localhost:8080 (or, e.g., localhost:5901 for secure VNC Screen Sharing connects) looks like:
  $ ./ssht 8080:[email protected]:3128
  $ ./ssht 8080:alice@:
  $ ./ssht 8080:
  $ ./ssht 8018::8123
  $ ./ssht 5901::5900  [Use the address localhost:5901 for secure VNC connects using OS X's Screen Sharing or Chicken of the VNC (sudo port install cotvnc)]
  $ vi ./ssht
  #!/bin/sh
  # SSH tunnel to squid/whatever proxy: ssht [-p ssh_port] [localhost_port:][user_name@][ip_address][:remotehost][:remote_port]
  USERNAME_DEFAULT=username
  HOSTNAME_DEFAULT=domain.com
  SSHPORT_DEFAULT=22
  # SSH port forwarding specs, e.g. 8080:localhost:3128
  LOCALHOSTPORT_DEFAULT=8080      # Default is http proxy 8080
  REMOTEHOST_DEFAULT=localhost    # Default is localhost
  REMOTEPORT_DEFAULT=3128         # Default is Squid port
  # Parse ssh port and tunnel details if specified
  SSHPORT=$SSHPORT_DEFAULT
  TUNNEL_DETAILS=$LOCALHOSTPORT_DEFAULT:$USERNAME_DEFAULT@$HOSTNAME_DEFAULT:$REMOT EHOST_DEFAULT:$REMOTEPORT_DEFAULT
  while [ "$1" != "" ]
  do
    case $1
    in
      -p) shift;                  # -p option
          SSHPORT=$1;
          shift;;
       *) TUNNEL_DETAILS=$1;      # 1st argument option
          shift;;
    esac
  done
  # Get local and remote ports, username, and hostname from the command line argument: localhost_port:user_name@ip_address:remote_host:remote_port
  shopt -s extglob                        # needed for +(pattern) syntax; man sh
  LOCALHOSTPORT=$LOCALHOSTPORT_DEFAULT
  USERNAME=$USERNAME_DEFAULT
  HOSTNAME=$HOSTNAME_DEFAULT
  REMOTEHOST=$REMOTEHOST_DEFAULT
  REMOTEPORT=$REMOTEPORT_DEFAULT
  # LOCALHOSTPORT
  CDR=${TUNNEL_DETAILS#+([0-9]):}         # delete shortest leading +([0-9]):
  CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR%:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      LOCALHOSTPORT=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # REMOTEPORT
  CDR=${TUNNEL_DETAILS%:+([0-9])}         # delete shortest trailing :+([0-9])
  CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR#:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      REMOTEPORT=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # REMOTEHOST
  CDR=${TUNNEL_DETAILS%:*}                # delete shortest trailing :*
  CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR#:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      REMOTEHOST=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # USERNAME
  CDR=${TUNNEL_DETAILS#*@}                # delete shortest leading +([0-9]):
  CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR%@}                            # delete @
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      USERNAME=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # HOSTNAME
  HOSTNAME=$TUNNEL_DETAILS
  if [ "$HOSTNAME" == "" ]                # no hostname given
  then
      HOSTNAME=$HOSTNAME_DEFAULT
  fi
  ssh -p $SSHPORT -L $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT -l $USERNAME $HOSTNAME -f -C -q -N \
      && echo "SSH tunnel established via $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT\n\tto $USERNAME@$HOSTNAME:$SSHPORT." \
      || echo "SSH tunnel FAIL."

• Fresh Install of Mountain Lion how do I export users from Lion Server

  I've been having some issues with Lion Server, mainly Kerberos related and Profile Manager. So I want to start fresh with Mountain Lion.
  I've installed ML and Server, and profile manager is working now for the first time (yay!)
  Now I want to Import all my existing Open Directory users from Lion, I don't want to Import the entire OD though because I think some of my kerberos issues will just get carried over to ML.
  I would like to just export the Users to a file then use ML server to import users from file, but I can't see an option to export in Lion Server, I have tried doing it from WGM on Lion but the 'users' file is not recognised by ML server

  Great thanks for the reply, I'll try it tonight when everyone has logged off.
  Yeah I was very pleased initially with kerberos on Lion, it worked great to start with, now I'm just getting expired tickets for a default realm when some users log in, yet other users continue to work fine.
  I was planning to slowly install Mountain Lion Server and test is thouroghly but I've had a bit of a disaster that if forcing me to go live with ML server quicker than I wanted to!
  Basically because on Lion Server I have all the Service Data on a separate drive, and I upgraded to ML server on a backup copy of Lion Server just to see what it was like, though now I've rebooted the original Lion drive but half of the services are now screwwed up because the ML Server must have changed them, so things like Wiki Server and Profile Manager are now broken from the Lion Server boot, they just show "Error Reading Settings"
  I realise now I should have moved the Service data back to the local drive before doing a test upgrade so I wouldn't have messed it up! but now it seems like my best way forward is a fresh install of ML Server