Migrating Open Directory from ML to Maverick
Has anyone tried migrating OD from Mountation Lion to Maverick without resetting the existing passwords . Please provide the steps.
MurphIT wrote:
I've seen how to do an archive and reinstall, but that would require the new server to be given the old server's IP (as I understand it that is)
Nope. You are correct that when an OD database is created, the IP of the master is encoded inside the database. But you can think of it as just an attempt at making a unique tag. It's not necessary for any computer with that IP address to actually be involved in the OD tree. These days they'd probably have used an unique GUID instead of assuming that the IP address was going to be useful.
I think your idea of an archive and restore on the new computer should work fine. Make sure that the OD tree (master, slave, etc.) is set up correctly. Make sure your client computers are given the IP address of the new server. Make sure you do not create a new OD database on the old master computer, because then you'll have two different databases with the same key, which would be confusing.
And, of course, back up entire hard disks of servers before trying anything. Good luck.
Similar Messages
-
How to migrate Open Directory from 10.6 to another server with 10.8?
Hello all,
I have a Mac Pro running Mac OS X Server 10.6.8 with Open Directory active. Now I bought a new Mac Pro running MAC OS 10.8 and I also bought the OS X Server app.
What I want to know is how can I migrate the users and their home folders from old server with Snow Leopard to the new one? The Open Directory Archive does this job?
Regards,
Carlos.Ok. I did a test and I saw that it exports only the information account. So I suppose that I have to copy the home folder using scp or something similar. Is that correct?
I also have to keep the same hostname from the old server in the new server or this can be done in a different way?
Thanks. -
Creating User Acct's in Open Directory from External Source
Hello,
I am trying to find a way to automate the creation of user accounts in OpenDirectory. I have a MS SQL database that has the usernames and passwords in it now, and I'm looking to export those out of there and have an automatic way to create matching accounts in the OpenDirectory service on OSX Server.
GaryIt's unfortunate that there's no better way to do this. We're using ssh with a pre-shared key to our Open Directory server to run a script which runs dsimport to create the accounts on the Open Directory.
This works fine for importing/creating accounts, but it doesn't help us change passwords that we are pushing down to Open Directory from our metadirectory solution.
Here's the python we use to generate the dsimport entries:
dsimport_base = '0x0A 0x5C 0x3A 0x2C dsRecTypeStandard:Users 11 dsAttrTypeStandard:RecordName dsAttrTypeStandard:GeneratedUID dsAttrTypeStandard:AuthMethod dsAttrTypeStandard:Password dsAttrTypeStandard:UniqueID dsAttrTypeStan\
dard:PrimaryGroupID dsAttrTypeStandard:RealName dsAttrTypeStandard:UserShell dsAttrTypeStandard:HomeDirectory dsAttrTypeStandard:EMailAddress dsAttrTypeNative:postOfficeBox'
dsimport_entry = '%s:%s:dsAuthMethodStandard\\:dsAuthClearText:%s:%s:%s:%s:%s:%s:%s:Ganymede managed [%s]'
params = (obj.Username,
obj.Global_UID,
obj.Password.plaintext,
obj.UID,
self.getPrimaryGID(obj),
obj.Full_Name,
obj.Login_Shell,
'/Users/' + obj.Username,
obj.Username + '@arlut.utexas.edu',
obj._oid)
new_entry = dsimport_base + '\n' + dsimport_entry % tuple([str(value).replace(':', '\\:') for value in params]) + '\n' # not handling signature aliases yet
and here's the Perl that is run on the far end of the ssh pipeline which
reads the list of 'new_entry' lines generated by our Python:
#!/usr/bin/perl
# This script receives files on STDIN and runs dsimport on them.
# Jonathan Abbey
# 22 October 2009
use File::Temp qw/ tempfile tempdir /;
$adminuser = 'diradmin';
$adminpass = 'seekret';
($fh, $filename) = tempfile();
@users = ();
while () {
if (/^([^0][^:]+):/) {
push(@users, $1);
print $_;
print $fh $_;
close($fh);
system('/usr/bin/dsimport', '-g', $filename, '/LDAPv3/127.0.0.1', 'O', '-u', $adminuser, '-p', $adminpass, '-v');
unlink($filename);
foreach $user (@users) {
system('/usr/bin/pwpolicy', '-a', $adminuser, '-p', $adminpass, '-u', $user, '-setpolicy', 'canModifyPasswordforSelf=0');
We've been trying to use kadmin to change passwords, but it seems flaky, with occasional 'policy reject' complaints breaking the sync. -
Join Open Directory from Windows xp
Hello,
I made Open Directory on Mac OS X Server and Mac users successfully joined my domain, no I need to configure my windows xp users to join the domain too, can anybody provide me how to do this.I have done what you said exactly, I added SMB service with Server Admin and on settings I chose it as Primary Domain Controller (PDC) - Computer Name (Server) - Domain (Server.com) then I moved to Windows XP to join it, I did not change the DNS Server because it's allocated on another windows server. I did the following: Domain (server.com) and it asks for the administrator username & password and I am asking which administrator account to be used the Local Administrator of the server or the Directory Administrator?
-
Cannot add shared Contacts in Open Directory from a client
Hello all
I need to transfer vCards from a local Address book to the Server and I need them to be shown in each client's Address book.
*Problem 1:* I cannot add or edit shared contact using the Directory app. from a client to a 10.5.3 Server. Only the Directory Admin credentials are valid. The client 10.5.5 is bound OK. The app is configured to use password, not Kerberos, and the Server is "responding normally" in the Directory Utility application.
I can even login as a mobile user with Network Home. Same there.
*Problem 2:* Ive put in Address Book the correct LDAP settings, but I cannot see a catalog of vCards. If I search using the search field, I get results, but I need them to be shown all as catalog.
Thanks in advance
KostasThis turned out to be a reverse DNS configuration problem. Apple support suggested using a local ip address instead of my public host name. That worked so I looked into the reverse dns configuration. I fooled myself by thinking that if I could reach my host with my.host.com with other services like http, that my DNS was set up correctly. My reverse DNS originally resolved to my.host.com when it should have been something more like 123-456-789-103.cos.pcisys.net. Now I can reach my host from anywhere with the Directory application.
-
Exception in servermgr_accounts when creating open directory master...
Just to give you some background, I'm new to Mac Os X Server. And I'm trying to get a mail/ical/web-server with "open directory" setup. The server is placed in a remote location, behind a NAT-firewall.
I thought I hade everything setup, took a while to figure out the DNS-configs. But I managed to get everything working, and apply the server through a NetworkAccountServer on a client.
When I wanted to setup some e-mail aliases for my e-mail accounts, I remembered I hade seen that in "Server Preferences".
But when opening "Server Preferences" i got the following message:
"Multiple errors occurred on the server while processing commands. Use the Console application to view the error messages.", I could access everything accept Users and Groups, when clicking these it tried to create a new open directory.
The Console App shows this Message:
2/4/11 1:15:31 AM servermgrd[3725] servermgr_accounts: noteDirectoryNodeAdded (reopening nodes)
2/4/11 1:15:31 AM servermgrd[3725] * Terminating app due to uncaught exception 'NSUnknownKeyException', reason: '[<NSCFDictionary 0x102021680> valueForUndefinedKey:]: this class is not key value coding-compliant for the key VR.'
* Call stack at first throw:
0 CoreFoundation 0x00007fff878fc7b4 __exceptionPreprocess + 180
1 libobjc.A.dylib 0x00007fff890ce0f3 objcexceptionthrow + 45
2 CoreFoundation 0x00007fff87954969 -[NSException raise] + 9
3 Foundation 0x00007fff87e61c92 -[NSObject(NSKeyValueCoding) valueForUndefinedKey:] + 245
4 Foundation 0x00007fff87d915a8 -[NSObject(NSKeyValueCoding) valueForKey:] + 420
5 Foundation 0x00007fff87d8d0f6 -[NSDictionary(NSKeyValueCoding) valueForKey:] + 173
6 servermgr_accounts 0x00000001005799c1 scDynamicStoreNotificationCallback + 25876
7 servermgr_accounts 0x0000000100579948 scDynamicStoreNotificationCallback + 25755
8 servermgr_accounts 0x0000000100577648 scDynamicStoreNotificationCallback + 16795
9 servermgr_accounts 0x0000000100573521 scDynamicStoreNotificationCallback + 116
10 SystemConfiguration 0x00007fff82273dad rlsPerform + 115
11 CoreFoundation 0x00007fff87899401 __CFRunLoopDoSources0 + 1361
12 CoreFoundation 0x00007fff878975f9 __CFRunLoopRun + 873
13 CoreFoundation 0x00007fff87896dbf CFRunLoopRunSpecific + 575
14 Foundation 0x00007fff87dc08e4 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 270
15 Foundation 0x00007fff87dc07c3 -[NSRunLoop(NSRunLoop) run] + 77
16 servermgrd 0x0000000100003f13 0x0 + 4294983443
17 servermgrd 0x0000000100001388 0x0 + 4294972296
18 ??? 0x0000000000000002 0x0 + 2
2/4/11 1:15:31 AM com.apple.launchd[1] (com.apple.servermgrd[3725]) Job appears to have crashed: Abort trap
2/4/11 1:15:31 AM com.apple.ReportCrash.Root[3831] 2011-02-04 01:15:31.997 ReportCrash[3831:2a03] Saved crash report for servermgrd[3725] version ??? (???) to /Library/Logs/DiagnosticReports/servermgrd2011-02-04-011531localhost.crash
2/4/11 1:15:32 AM edu.mit.Kerberos.kadmind[3848] kadmind: starting...
2/4/11 1:15:33 AM Server Admin[1931] Error '-1' when applying directory role change
2/4/11 1:15:34 AM com.apple.launchd[1] (edu.mit.Kerberos.kadmind[3848]) Exited with exit code: 2
2/4/11 1:15:34 AM com.apple.launchd[1] (edu.mit.Kerberos.kadmind) Throttling respawn: Will start in 9 seconds
2/4/11 1:15:34 AM com.apple.launchd[1] (edu.mit.Kerberos.krb5kdc) Throttling respawn: Will start in 9 seconds
2/4/11 1:15:43 AM edu.mit.Kerberos.kadmind[3951] kadmind: starting...
2/4/11 1:15:51 AM com.apple.launchd[1] (com.apple.suhelperd[4009]) Exited with exit code: 2
I tried reseting the "Open Directory Service" in "Server Admin", by setting it to "standalone directory".
It did stop the "Open directory", but the console was again showing the message above.
With the server in stand-alone mode, I could access "Server Preferences" again, but as soon as I create an "Open Directory again", it fails with the above error, and I cant access the Open Directory from Server Preferences.
To summarize, the message shows when:
1. Creating an Open Directory Master.
2. Removing a Open Directory Master.
3. Entering Server Preferences with Open Directory Master running.
A wierd thing is that the "Open directory" seems to be fine. I can manage it in "Workgroup manager", login to webmail, calenders, VPN etc. I just can't manage it from "Server Preferences".
I did make som misstakes in the beginning (primarly not setting a proper host-name before creating the first "Open Directory", and also having a local-user with the same short-name as a user in the "Open Directory") But that should all solved now.
Any Idea's on what could be wrong?
Where else can I set e-mail aliases for my "Open Directory" users? Is it possible for them to administer aliases themselves?
Thanks in advance!
PS. Anyone have any tips on mail-forwarding to multiple external accounts? Do I really need to edit this manually in /etc/postfix/aliases? Is there anyway I can let my users administer forwarding?If anyone else has similar issues, I didn't find a solution. Re-installed the server from scratch...
-
OS X Server 10.6 bound to Active directory, serve that as Open Directory
I have a OS X server 10.6 bound to an Active directory. I can log in to the afp file server with a AD account.
Now, I like the clients to be connected to Open Directory from the OS X Server and authenticate to the AD.
Is this possible?
I like to be able to use network homefolders etc that resides on the OS X server.Yes.
You are working in the right order. Now that you are bound to AD, simply promote the Mac server to OD Master. This will enable the LDAP server. You will likely note that the Kerberos KDC will not be running. This is proper, because the AD server is the KDC.
Once this is done, you know can create OD groups and add AD users or groups so that you can manage those groups.
Now, the trick is, you will need to go back to all the workstations and bind them to OS X as well as AD. This will allow the Mac clients to use AD for user authentication and authorization but then use OD for group management policy.
Hope this helps -
No Open Directory under password type pulldown
When creating a new user. I need to select a password type of "Open Directory" but it is not there. There is only "Shadow Password".
I have gone to Server admin and changed the Open Directory from "Standalone Server" to "Open Directory Master" but no luck.
What am I doing wrong ?This is the start of me trying to unlock the screensaver as a PHD user, off the network, internet on.
Oct 8 23:11:57 DL-MBP authorizationhost[737]: k5_authenticate(): got -1765328228 (Cannot contact any KDC for requested realm) on plugins/krb5/krb5_operations.c:54
Oct 8 23:11:58 DL-MBP authorizationhost[737]: -[SFBuiltinAuthenticate performDSPasswordAuth](): got -1765328228 (Cannot contact any KDC for requested realm) on authhostbuiltins.m:845
Oct 8 23:11:58 DL-MBP com.apple.SecurityServer[22]: Engine::authorize: Rule::evaluate returned -60008 returning errAuthorizationInternal
This is me now unlocking the screensaver using a local admin login.
Oct 8 23:12:03 DL-MBP com.apple.SecurityServer[22]: uid 1045 succeeded authenticating as user admin (uid 502) for right system.login.screensaver.
Oct 8 23:12:03 DL-MBP com.apple.SecurityServer[22]: Succeeded authorizing right system.login.screensaver by client /System/Library/CoreServices/loginwindow.app for authorization created by /System/Library/CoreServices/loginwindow.app.
This is me now unlocking the screensaver with off the network with internet off, a successful local cache result.
Oct 8 23:13:57 DL-MBP authorizationhost[737]: k5_authenticate(): got -1765328228 (Cannot contact any KDC for requested realm) on plugins/krb5/krb5_operations.c:54
Oct 8 23:13:57 DL-MBP authorizationhost[737]: -[SFBuiltinAuthenticate performDSPasswordAuth](): got -1765328228 (Cannot contact any KDC for requested realm) on authhostbuiltins.m:845
Oct 8 23:13:57 DL-MBP com.apple.SecurityServer[22]: uid 1045 succeeded authenticating as user terrywest (uid 1045) for right system.login.screensaver.
Oct 8 23:13:57 DL-MBP com.apple.SecurityServer[22]: Succeeded authorizing right system.login.screensaver by client /System/Library/CoreServices/loginwindow.app for authorization created by /System/Library/CoreServices/loginwindow.app. -
Mac Open Directory and Sun Java DS
We have Mac Open Directory Servers running on OSX 10.4.x domain. I am thinking about moving this domain by implementing Sun Identity Management solution. However, I am not able to find the Mac Open Directory in the IDM Supported standards. My Sun Directory Server synchronizes with the Windows AD using IDSYNC but I am not sure how a similar environment can be implemented for Open Directory. Is there a product from Sun for synchronizing accounts with Open Directory from the Sun Java DS?
Mac Open Directory supports the LDAPv3 protocol so you could use Sun IdM's LDAP adapter to manage entries in Mac OD. I would probably set up Sun IdM to perform the synchronization. You configuration would depend on what source was authoritative.
The tough thing is that Active Sync would probably not work for Mac OD so automatically doing a synchronization based on updates in the Mac OD would not be feasible unless you created and Active Sync adapter. If done it before. It's not too difficult. -
Strange login problem with Open Directory
Hi,
I created a web tool that calls dscl to create users in Open Directory from a bound web server.
Most of the accounts work fine. A couple do not. The particular account in question could login to machines in one computer group, but not on others, using the login window. But it could login on the command-line via su.
Now here's the kicker. I deleted the user completely and re-created the user account with the same login name, and assigned it to the same groups as other new accounts that work fine. The problem persists.
The only thing I've found that indicates a problem is the following from the ldap log:
Sep 17 10:36:14 poseidon slapd[61]: Entry (uid=<username changed>,cn=users,dc=<redacted>,dc=<redacted>,dc=<redacted>): object class 'posixAccount' requires attribute 'homeDirectory'
(note the redactions and username were put in by me...paranoia etc)
I used 'Inspector' in Workgroup Manager and verified that the account does in fact have the required homeDirectory attribute, and the account is not unlike other accounts that work fine, save the username and unique ID.
I hope this provides enough info for someone to give some guidance...this is certainly a strange problem.
Thanks ahead of time!
-MattHi,
I created a web tool that calls dscl to create users in Open Directory from a bound web server.
Most of the accounts work fine. A couple do not. The particular account in question could login to machines in one computer group, but not on others, using the login window. But it could login on the command-line via su.
Now here's the kicker. I deleted the user completely and re-created the user account with the same login name, and assigned it to the same groups as other new accounts that work fine. The problem persists.
The only thing I've found that indicates a problem is the following from the ldap log:
Sep 17 10:36:14 poseidon slapd[61]: Entry (uid=<username changed>,cn=users,dc=<redacted>,dc=<redacted>,dc=<redacted>): object class 'posixAccount' requires attribute 'homeDirectory'
(note the redactions and username were put in by me...paranoia etc)
I used 'Inspector' in Workgroup Manager and verified that the account does in fact have the required homeDirectory attribute, and the account is not unlike other accounts that work fine, save the username and unique ID.
I hope this provides enough info for someone to give some guidance...this is certainly a strange problem.
Thanks ahead of time!
-Matt -
Migrate existing users from local domains to Open Directory.
Here is the environment I'm working with:
Small local environment (8-10) users. Everyone is on their own laptop, everyone is authenticating to their local directories. Network files are stored on a server, with everyone using a single shared user ID to authenticate and access the files.
I have just installed a Xserve, and it is now serving DNS, DHCP, NTP, WWW. I want to setup Open Directory in Master mode, create user IDs for everyone, and then assign permissions to the shared files area.
The one part that I'm not sure how to approach is the local laptops. If user "John Doe" has a local ID "jdoe" that he has been using on his local laptop, how does he migrate over to being "jdoe" in the OD domain, while reatining his "local" home directory and files? The problem I think I'll have is that when I create "jdoe" on the domain, he will have a UID of (say) 10001, but his local UID is 501 (as is the UID of all the other employees since they are all the first user on each of their respective laptops.) so when he logs back into his laptop after it has been attached to the OD domain, I assume that the laptop will see "jdoe" from the OD domain as a new user and create a new home for him (with the UID:10001), so now John cannot see any of his old files and such.
Also, as a side question: I've worked with Windows ID before, and I know once you join a windows computer to a domain and then login to it, it creates a new user and caches the authentication info, so that when the laptop is not connected to the corporate network, the user can still login and work. Does Open Directory do the same on the laptops?
Thanks for any help.Retaining password is a manual process of asking the user what his or her password is and then creating it in OD.
As for migration of account, it is rather simple, provided the short name of the user remains consistent across directory systems. For example, if you have a user named Joe User and his short name is juser with a home folder in /Users/juser. And you create the same account in OD. You can do these few short actions.
1: Bind system to the domain
2: From the Admin account, and using Terminal from root, navigate to /var/db/dslocal/nodes/Default/users and find the plist file for the user (in our example, juser.plist).
3: Delete the file using rm
4: Restart the machine or restart Open Directory
5: Log in as the admin user and change ownership of the users home folder. Recall that when the user is in the local domain, the UID was likely 502, 503, etc (you do have a standard local admin at 501 right?) Now that the user is in OD, the UID will be 4 digits, something like 1027. So understanding that user attributes and user data are independent, you now have a folder in /Users titled juser and owned by uid 50x. You need to make it owned by juser from the OD domain. User this:
sudo chown -R juser /Users/juser
6: Log out of the admin account
7: Log in as the user after choosing Other at login window.
Assuming you have your OD account set up properly, you will likely be asked to confirm the caching of the users credentials. This will path you right back into the user's home folder and all will be right with the world.
This is simple and quick. If the shortnames are different, throw an mv into the mix to rename the home folder to match the domain shortname. If you have no local admin, then you will need to reset DSLocal and start again. -
Open Directory Migration from Mac OSX Server 10.4.11 to 10.8?
I manage an old (2004) G5 Xserve still successfully running OS X 10.4.11 with about 450 users in the Open Directory. I just purchased a Mac mini Server which will run OSX Server 10.8. I want to migrate all the user accounts from the old G5 Xserve to the new Mac Mini server. Can someone spell out the step-by-step process or point me to a document that can help me. I have searched through many of the apple discussion forum threads and Apple Server migration docs, but have not found a clear path to follow to get the old OSX 10.4.11 user accounts onto the new OSX 10.8 Mac Mini server.
The G5 server does not serve mail, print, or any other services other than the user accounts (home directories) for the users.
Help!!! Thanks.
JohnIf you don't mind clearing ser passwords, then I would export users from 10.4 and import into 10.8
There are some issues with service ACLs in doing this, but its still the fastest process.
If users are allowed to set their own PW, the you give provide preset pw's (either unique or common) and a URL to allow users to reset their PW.
If you need to retain passwords, what I would do is clone the 10.4 server, then upgrade it all the way to 10.8 then archive OD from that and import into a clean-install of 10.8 server.
Whataver you do, don't rely on a 10.4 to 10.8 migration, you'll want a clean 10.8 install.
The offline 10.4 -> 10.8 would allow you to retain PWs, but it creates alot of extra work for you. -
10.6.8 to Mavericks Server Upgrade loses Open Directory Users
Hi,
I have an OpenDirectory Master running OSX Server 10.6.8. An upgrade to Mavericks 10.9 has just failed.
The server has about 50 OD users and passwords need to be retained across the upgrade. Apart from OD, the only other active service is AFP file sharing.
DNS is good forward and back as per this article: OS X Server: Steps to take before upgrading or migrating the Open Directory database
I followed these Apple guidelines for server migration: OS X Server: Upgrade and migration from Lion Server or Snow Leopard Server.
I cloned the boot drive, booted from the clone, upgraded to Mavericks, then installed the Mavericks Server app.
On opening the Mavericks Server app "Configuring services' showed for 5 minutes, but then an error message appeared. I did not record it exactly, but it was something like, "There was an error configuring the server. Certificate not valid!".
I was able to continue through the error but on opening Server app there were no OD (local/network) users showing. Authentication was not happening.
I had underestimated the time to get the installation done and I had used up the window of downtime I had booked - I did not have much time to troubleshoot. So, I cut back to the original hard drive and the server is back to 10.6.8 again.
Can anyone point me in the right direction to find out what may have gone wrong? How can I get my users into 10.9 Server?
Many thanks,
b.Linc Davis advice is spot-on, as usual.
There seem to be dozens of sub-databases in the LDAP database. A problem in any of them seems to derail the entire conversion process. I tried a straight conversion and was also disappointed that there were unresolved issues, and it meant that the conversion failed.
So I did the export route using WorkGroup Manager, and exported four sets:
Users
Groups
Computers
Computer groups
go to the appropriate pane (e.g., Users) and Select All, then choose Export, and give it a name (probably with an embedded date in case you need to do it again later)
Then use 10.9 WorkGroup Manager (available as a separate download) to Import.
When re-imported, everything worked just fine (except the passwords, which cannot be carried forward using this method). I did have to manually enable at least one service, such as File Sharing service in Server [admin], or users showed up as "not allowed" [to log in].
This entire process of getting Server 3 to work is fraught with peril, and everything converges on ONE diagnostic, "Network users can't log in". Which means you blew it, but provides no additional information about WHERE you blew it.
There do not appear to be any magic bullets. It is just a tough slog. Users who reported success after failing the first time reported they returned to fundamental principles and did all the steps over, in order, to attain success. -
Open Directory Migration Question
Setup:
My company has two servers, both running 10.5.6. We are migrating from the server Fubar (xserve) as it has had a lot of problems and we want to do a fresh install on it (I was not the admin who initially set it up).
In order to get a 'fresh' OD going, we are recreating all the accounts on the new server Edoras (powerpc mac pro), making sure to preserve UID of the users.
Problem:
User A cannot change his password on Edoras after Directory Utility has been changed to point at it. He can change his password locally, but it does not propagate to Edoras, nor does a password change on Edoras affect his local machine.
The questions I haven't been able to get answers for are:
* Should the OD search string be different on Fubar and Edoras? Currently our search string is 'dc=fubar,dc=domain,dc=com'.
* Are there other attributes that have to be setup in OD besides UID? I noticed when using the Target tab in Workgroup Manager that there is a GeneratedUID attribute, does this need to match?
Thanks for any information/help.I did something like this recently. Unfortunately I couldn't get an answer on the Internet and had to re-configure Directory Access on the client machines manually.
I moved our system from a POwerMac G4 with several upgrades (eSATA card, eSATA Coolgear Enclosure, 7200.11 (yeah I know, bad drives to use) Seagate drives, 1.8 GHz PPC 7447 upgrade, 1.5GB of ram) to a new Mac Pro with a Highpoint RAID controller. The old G4 was very unreliable and couldn't hand
I had to go to each machine with ARD, open Directory Access, delete the LDAP entry and re-enter it. This was really annoying and confusing for me as the old server and the new server had:
The same version of OSX (ok, one was a PPC version and I special ordered the Intel version from Apple Tech Support), but they both were running 10.4.11 with the newest security patches.
The same OD Search Strings
The same IP Address for the Server
The same DNS name for the server
and the same user IDs and group settings
and I still had to re-do Directory Access using the client machines. Before re-doing the Directory Access re-binding I would try to login. The "other" icon would appear on the loging window, but when I would loging with the correct username and password the login windows would "shake it's head" and wouldn't let me login.
The biggest pain was that portable directories didn't sync correct anymore, so I had to manually backup, then delete the account, then re-bind, then re-create and restore the portable directory on each laptop manually.
Unfortunately I do not know the unix command to change directory binding to client computers using ARD. If such a command exists it would make things much easier for you. Does anyone know if a command exists? -
Moving Mail Users from a Local Directory to Open Directory
Hi,
We have been running a standalone mail server for a few years. We have recently upgraded to 10.5 for all of our servers. We have also been running an Open Directory server for the last year or so. Now I am trying to move my email users from the Local Directory on the Mail server to the LDAP server. Obviously we do not want to change account names, so I find I need to delete the local user and then enable the user through the LDAP. This works fine, but I need to bring the original IMAP files/folders forward.
My question is what is the best practice? I thought backing up the Mail folder in each user's Library and reimporting it would work, but it won't take the IMAP mbox (I can see all the .emlx files in the backup of the user's Mail folder).
So again, I had a user called user1 in my mail server Local directory say server1. I also have an Open Directory server2 with the same username on it. I have bound server1 to server2. I can see the server2 (OD) accounts on the server1 (mail). I then need to delete user1 from Local server1 directory in order to enable mail to user1 from the OD. This does work, but again, I need bring the mail files/folders to the new OD account on server1.
thanks,
mikeTony,
Let me check of the migration manual, thank you!
I really thought this was going to easier than this. The current accounts are IMAP, and therefore when I "hook up" the new OD account, which doesn't really need anything done on the client side because it is the same username and password and server as the current Local account. When it syncs, the old emails on the IMAP account in the user's Mail program clear since the new OD account is empty on the server.
I just really thought duplicating the Mail folder in the client's home Library would allow me to import the emails back in. I have tried highlighting the mailboxes (Inbox, and personal folders), archiving them, and then reimporting seemed to work, but I need to beat it up before I start working on live accounts. One account I did try lets me read the emails from the user, but when I try dragging them to the IMAP folders from the import folder, I get a NULL character problem on IMAP append error. NOT to chase that, but it was something else that tripped me up.
You do bring up a good point, I think the accounts were originally setup as POP and IMAP. I'll chase some ideas about that.
Let me play around, you've been great considering my awful explanation of this different situation.
thanks again,
mike
Maybe you are looking for
-
I inadvertently deleted the source tunes from my iMac. How do/can I restore them from my iCloud account?
-
My home wireless is no longer recognized, even going through the set-up process. It does not connect to the car through Bluetooth seamlessly--I have to add my phone as a new device each time I get in the car. In attempting to solve these problems I
-
Providing F4 help for the same field on selection screen
Hello Experts, My requirement is : There are 2 radio buttons and a parameter "p_file" on my selection scree. 1. rb_appl 2. rb_pres If the radio button rb_appl = 'X', I need to place the logic of F4 help of application server for the field p_file. Els
-
ITunes disables my Windows sounds and takes away the volume control
I have searched and found no answer to this- others have posted this same question. I installed itunes and it removed my volume control from the task bar. It disabled my Windows sounds and took away the volume control from the System Tray next to clo
-
Grant read only permission on my stored procedure.
I have a requirement like give reaonly access on my stored procedure to another user , not even execute permission on that steored procedure. Could you please let us know the command ?