Open Directory Migration Question

Setup:
My company has two servers, both running 10.5.6. We are migrating from the server Fubar (xserve) as it has had a lot of problems and we want to do a fresh install on it (I was not the admin who initially set it up).
In order to get a 'fresh' OD going, we are recreating all the accounts on the new server Edoras (powerpc mac pro), making sure to preserve UID of the users.
Problem:
User A cannot change his password on Edoras after Directory Utility has been changed to point at it. He can change his password locally, but it does not propagate to Edoras, nor does a password change on Edoras affect his local machine.
The questions I haven't been able to get answers for are:
* Should the OD search string be different on Fubar and Edoras? Currently our search string is 'dc=fubar,dc=domain,dc=com'.
* Are there other attributes that have to be setup in OD besides UID? I noticed when using the Target tab in Workgroup Manager that there is a GeneratedUID attribute, does this need to match?
Thanks for any information/help.

I did something like this recently. Unfortunately I couldn't get an answer on the Internet and had to re-configure Directory Access on the client machines manually.
I moved our system from a POwerMac G4 with several upgrades (eSATA card, eSATA Coolgear Enclosure, 7200.11 (yeah I know, bad drives to use) Seagate drives, 1.8 GHz PPC 7447 upgrade, 1.5GB of ram) to a new Mac Pro with a Highpoint RAID controller. The old G4 was very unreliable and couldn't hand
I had to go to each machine with ARD, open Directory Access, delete the LDAP entry and re-enter it. This was really annoying and confusing for me as the old server and the new server had:
The same version of OSX (ok, one was a PPC version and I special ordered the Intel version from Apple Tech Support), but they both were running 10.4.11 with the newest security patches.
The same OD Search Strings
The same IP Address for the Server
The same DNS name for the server
and the same user IDs and group settings
and I still had to re-do Directory Access using the client machines. Before re-doing the Directory Access re-binding I would try to login. The "other" icon would appear on the loging window, but when I would loging with the correct username and password the login windows would "shake it's head" and wouldn't let me login.
The biggest pain was that portable directories didn't sync correct anymore, so I had to manually backup, then delete the account, then re-bind, then re-create and restore the portable directory on each laptop manually.
Unfortunately I do not know the unix command to change directory binding to client computers using ARD. If such a command exists it would make things much easier for you. Does anyone know if a command exists?

Similar Messages

  • Open Directory Migration

    Setup:
    My company has two servers, both running 10.5.6. We are migrating from the server Fubar (xserve) as it has had a lot of problems and we want to do a fresh install on it (I was not the admin who initially set it up).
    In order to get a 'fresh' OD going, we are recreating all the accounts on the new server Edoras (powerpc mac pro), making sure to preserve UID of the users.
    Problem:
    User A cannot change his password on Edoras after Directory Utility has been changed to point at it. He can change his password locally, but it does not propagate to Edoras, nor does a password change on Edoras affect his local machine.
    The questions I haven't been able to get answers for are:
    - Should the OD search string be different on Fubar and Edoras? Currently our search string is 'dc=fubar,dc=domain,dc=com'.
    - Are there other attributes that have to be setup in OD besides UID? I noticed when using the Target tab in Workgroup Manager that there is a GeneratedUID attribute, does this need to match?
    Thanks for any information/help.

    Hello, TechGolem, and welcome to the Appleboards,
    Given that this isn't specifically an Xserve issue you're probably better off asking this question in the group dedicated to Open Directory on 10.5 Server.
    It is here: http://discussions.apple.com/forum.jspa?forumID=1239
    Good luck,
    =Tod

  • Open Directory Configuration Question

    I've got a Mac-Mini based server running Mountain Lion (10.8.3) and Server.app (2.2.1).  The server was migrated from Lion some weeks ago, the Server works OK, but seeing odd CPU usage and fairly frequent non-specific error reports which suggests that there are still a few odd gremlins lurking around that I'm trying to track down.  So I'm trying to find things that appear odd.  I've found one such in the reported configuration for Open Directory.
    The server is configured to be an Open Directory master, and is the only Open Directory server we have.  The panel for Open Directory in Server.app lists the single entry as follows:
    * www.2gc.org (master)
    * 10.0.1.2, 10.211.55.2, 10.37.129.2
    The first IP address is the IP address of the server on our LAN.  I have no idea what the second and third IP addresses are - they do not appear to have anything to do with any network we have configured.  They are from the "private" address space - so I'm guessing they are non-functional since we don't have a network using either with these IP ranges within them - but they must have come from somewhere.
    It is also not clear where / how these entries are set within ML.
    It may be that this is all perfectly normal, or maybe symptomatic of something that can be cleaned up. 
    Would value any thoughts.
    Thanks in advance.

    Hi Simon
    Thanks for the thoughts.  There are no other servers on the network - this is an isolated computer parked on a fixed IP with no downstream LAN - the 10.0.1.2 address is the one assigned it by the router that connects it to the outside world - but no other devices are connected to the sub-net the machine sits on: all services are provided through the fixed IP to machines accessing it directly from internet via FQDN.
    All of which makes the presence of the other two IPs curious, and apparently unnecessary.
    Good housekeeping suggests they could be removed - but unclear how these entries are set.  But in the interim good to know that the presence of these IPs is probalby harmless.

  • Open Directory Migration from Mac OSX Server 10.4.11 to 10.8?

    I manage an old (2004) G5 Xserve still successfully running OS X 10.4.11 with about 450 users in the Open Directory. I just purchased a Mac mini Server which will run OSX Server 10.8. I want to migrate all the user accounts from the old G5 Xserve to the new Mac Mini server. Can someone spell out the step-by-step process or point me to a document that can help me. I have searched through many of the apple discussion forum threads and Apple Server migration docs, but have not found a clear path to follow to get the old OSX 10.4.11 user accounts onto the new OSX 10.8 Mac Mini server. 
    The G5 server does not serve mail, print, or any other services other than the user accounts (home directories) for the users.
    Help!!!  Thanks.
    John

    If you don't mind clearing ser passwords, then I would export users from 10.4 and import into 10.8
    There are some issues with service ACLs in doing this, but its still the fastest process.
    If users are allowed to set their own PW, the you give provide preset pw's (either unique or common) and a URL to allow users to reset their PW.
    If you need to retain passwords, what I would do is clone the 10.4 server, then upgrade it all the way to 10.8 then archive OD from that and import into a clean-install of 10.8 server.
    Whataver you do, don't rely on a 10.4 to 10.8 migration, you'll want a clean 10.8 install.
    The offline 10.4 -> 10.8 would allow you to retain PWs, but it creates alot of extra work for you.

  • Open Directory authentication question

    I have 2 Apple servers.  One is running 10.6 (server), the other is running 10.5 (server).  I have my Open Directory on the 10.6 server, and I have the 10.5 server use it via LDAP for user authentication.  What I'd like to do is to assign a home directory on the 10.5 server for users in the 10.6 Open Directory.  Any ideas?

    mickey13 wrote:
    I have 2 Apple servers.  One is running 10.6 (server), the other is running 10.5 (server).  I have my Open Directory on the 10.6 server, and I have the 10.5 server use it via LDAP for user authentication.  What I'd like to do is to assign a home directory on the 10.5 server for users in the 10.6 Open Directory.  Any ideas?
    This should work the same way as normal.
    Define the user accounts in Open Directory as normal via Workgroup Manager
    On the 10.5 Server, set up a share point, usually AFP is used as the protocol, this is done in Server Admin
    On the 10.5 Server, set up that share point to be an Automounted share for user home directories, this will register that share in Open Directory assuming you have already successfully connected the 10.5 Server to Open Directory system, this is also done in Server Admin
    Go back to Workgroup Manager select a user account you want to store on the 10.5 server, click on the Home tab, you should now see the 10.5 share point listed as an available choice for storing home directories.
    Click on the 10.5 share point and save the user account.
    I normally now click on create Home directory, although this happens automatically when a user logs in for the first time.
    It is perfectly ok to mix 10.5 and 10.6 servers in this manner. The client machines can also be a different version e.g. 10.4
    What you are doing above even though you are mixing 10.5 and 10.6 servers, is the same as you would do to spread the workload of user home directories across multiple servers. While handling user home directories does not cause a massive amount of CPU activity (or memory use) it does cause a significant amount of disk activity and therefore at a certain level spreading user accounts across multiple servers is recommended.

  • Open Directory Keychain Question

    I have set up open directory on my domain but I am having trouble with Keychain access over the network when users logging into network accounts. Whenever I log in using open directory, I can open all of my applications, however each time I log in to my user account all of my keychain passwords are reset. I can look into the user preferences file and see the keychain file, but for some reason whenever a user logs out the changes to it are lost.
    Is Keychain access supported when network mounting user folders? If so, what is the proper way to implement keychain access?

    mickey13 wrote:
    I have 2 Apple servers.  One is running 10.6 (server), the other is running 10.5 (server).  I have my Open Directory on the 10.6 server, and I have the 10.5 server use it via LDAP for user authentication.  What I'd like to do is to assign a home directory on the 10.5 server for users in the 10.6 Open Directory.  Any ideas?
    This should work the same way as normal.
    Define the user accounts in Open Directory as normal via Workgroup Manager
    On the 10.5 Server, set up a share point, usually AFP is used as the protocol, this is done in Server Admin
    On the 10.5 Server, set up that share point to be an Automounted share for user home directories, this will register that share in Open Directory assuming you have already successfully connected the 10.5 Server to Open Directory system, this is also done in Server Admin
    Go back to Workgroup Manager select a user account you want to store on the 10.5 server, click on the Home tab, you should now see the 10.5 share point listed as an available choice for storing home directories.
    Click on the 10.5 share point and save the user account.
    I normally now click on create Home directory, although this happens automatically when a user logs in for the first time.
    It is perfectly ok to mix 10.5 and 10.6 servers in this manner. The client machines can also be a different version e.g. 10.4
    What you are doing above even though you are mixing 10.5 and 10.6 servers, is the same as you would do to spread the workload of user home directories across multiple servers. While handling user home directories does not cause a massive amount of CPU activity (or memory use) it does cause a significant amount of disk activity and therefore at a certain level spreading user accounts across multiple servers is recommended.

  • Open Directory Migration from Mac OSX Server 10.4 to 10.8?

    Hi All,
    This might be a silly question and apologise in advanced if this is?
    We are running on old Xserve (10.4.8) with approx. 100 Mac clients and would like to know if it's possible to migrate from OD 10.4 to OD 10.8. We tried just to see what would happen if we archived the old OD and re-imported in to 10.8, but as we guessed this didn’t work. I’ve looked through this forum and seems most are doing this from 10.5, so wondering if we need to upgrade to 10.5 and then up to 10.8?
    Any pointers would be great.
    Many thanks.
    Mike

    If you don't mind clearing ser passwords, then I would export users from 10.4 and import into 10.8
    There are some issues with service ACLs in doing this, but its still the fastest process.
    If users are allowed to set their own PW, the you give provide preset pw's (either unique or common) and a URL to allow users to reset their PW.
    If you need to retain passwords, what I would do is clone the 10.4 server, then upgrade it all the way to 10.8 then archive OD from that and import into a clean-install of 10.8 server.
    Whataver you do, don't rely on a 10.4 to 10.8 migration, you'll want a clean 10.8 install.
    The offline 10.4 -> 10.8 would allow you to retain PWs, but it creates alot of extra work for you.

  • Migrate existing users from local domains to Open Directory.

    Here is the environment I'm working with:
    Small local environment (8-10) users. Everyone is on their own laptop, everyone is authenticating to their local directories. Network files are stored on a server, with everyone using a single shared user ID to authenticate and access the files.
    I have just installed a Xserve, and it is now serving DNS, DHCP, NTP, WWW. I want to setup Open Directory in Master mode, create user IDs for everyone, and then assign permissions to the shared files area.
    The one part that I'm not sure how to approach is the local laptops. If user "John Doe" has a local ID "jdoe" that he has been using on his local laptop, how does he migrate over to being "jdoe" in the OD domain, while reatining his "local" home directory and files? The problem I think I'll have is that when I create "jdoe" on the domain, he will have a UID of (say) 10001, but his local UID is 501 (as is the UID of all the other employees since they are all the first user on each of their respective laptops.) so when he logs back into his laptop after it has been attached to the OD domain, I assume that the laptop will see "jdoe" from the OD domain as a new user and create a new home for him (with the UID:10001), so now John cannot see any of his old files and such.
    Also, as a side question: I've worked with Windows ID before, and I know once you join a windows computer to a domain and then login to it, it creates a new user and caches the authentication info, so that when the laptop is not connected to the corporate network, the user can still login and work. Does Open Directory do the same on the laptops?
    Thanks for any help.

    Retaining password is a manual process of asking the user what his or her password is and then creating it in OD.
    As for migration of account, it is rather simple, provided the short name of the user remains consistent across directory systems. For example, if you have a user named Joe User and his short name is juser with a home folder in /Users/juser. And you create the same account in OD. You can do these few short actions.
    1: Bind system to the domain
    2: From the Admin account, and using Terminal from root, navigate to /var/db/dslocal/nodes/Default/users and find the plist file for the user (in our example, juser.plist).
    3: Delete the file using rm
    4: Restart the machine or restart Open Directory
    5: Log in as the admin user and change ownership of the users home folder. Recall that when the user is in the local domain, the UID was likely 502, 503, etc (you do have a standard local admin at 501 right?) Now that the user is in OD, the UID will be 4 digits, something like 1027. So understanding that user attributes and user data are independent, you now have a folder in /Users titled juser and owned by uid 50x. You need to make it owned by juser from the OD domain. User this:
    sudo chown -R juser /Users/juser
    6: Log out of the admin account
    7: Log in as the user after choosing Other at login window.
    Assuming you have your OD account set up properly, you will likely be asked to confirm the caching of the users credentials. This will path you right back into the user's home folder and all will be right with the world.
    This is simple and quick. If the shortnames are different, throw an mv into the mix to rename the home folder to match the domain shortname. If you have no local admin, then you will need to reset DSLocal and start again.

  • How to migrate Open Directory from 10.6 to another server with 10.8?

    Hello all,
    I have a Mac Pro running Mac OS X Server 10.6.8 with Open Directory active. Now I bought a new Mac Pro running MAC OS 10.8 and I also bought the OS X Server app.
    What I want to know is how can I migrate the users and their home folders from old server with Snow Leopard to the new one? The Open Directory Archive does this job?
    Regards,
    Carlos.

    Ok. I did a test and I saw that it exports only the information account. So I suppose that I have to copy the home folder using scp or something similar. Is that correct? 
    I also have to keep the same hostname from the old server in the new server or this can be done in a different way?
    Thanks.

  • Migrating NIS users to Open Directory

    Was wondering if anyone has any experience with migrating NIS users over to Open Directory? I have setup an Open Directory server (10.6) and am looking to move about 150 users from my NIS server to it.
    I can move the users/GIDs easy enough but want to move passwords also so the move it transparent to the users.
    Any ideas?
    Thanks!

    The answer appears to be that as long as your local pre-existing account password matches your domain account, then once the machine is bound, shared servers managed by Active Directory are automatically authenticated. No migration necessary. Only issues I came across had to do with old keychain entries that needed to be removed.
    Hope someone out there can learn from my confusion.

  • After Updating to Server 4.1 Open directory and LPAD gone

    Hello,
    two days ago I discovered that Open directory was not working on our Server (Mac Mini 2012). I suspect it stopped working after updating to 10.10.3 and OS-X Server 4.1. When I try to start Open directory in the Server App the Server App prompts: Unable to load Replica List. When I try to recreate my Open directory Server I Get: OD Server already exists.
    I get the following log entries:
    LDAP Log
    Apr 11 22:03:02 server.seju.eu slapd[925]: @(#) $OpenLDAP: slapd 2.4.28 (Feb 24 2015 21:45:59) $
      [email protected]:/BinaryCache/OpenLDAP/OpenLDAP-499.32.4~1/Objects/servers/slapd
    Apr 11 22:03:02 server.seju.eu slapd[925]: daemon: SLAP_SOCK_INIT: dtblsize=8192
    Apr 11 22:03:02 server.seju.eu slapd[925]: TLS: OPENDIRECTORY_SSL_IDENTITY identity preference overrode configured olcTLSIdentity "APPLE:server.seju.eu"
    Apr 11 22:03:02 server.seju.eu slapd[925]: slap_add_listener: opened additional listener 'ldaps:///'
    Apr 11 22:03:02 server.seju.eu slapd[925]: bdb(dc=server,dc=seju,dc=eu): unable to allocate memory for mutex; resize mutex region
    Apr 11 22:03:02 server.seju.eu slapd[925]: bdb_db_open: database "dc=server,dc=seju,dc=eu" cannot be opened, err 12. Restore from backup!
    Apr 11 22:03:02 server.seju.eu slapd[925]: bdb(dc=server,dc=seju,dc=eu): txn_checkpoint interface requires an environment configured for the transaction subsystem
    Apr 11 22:03:02 server.seju.eu slapd[925]: bdb_db_close: database "dc=server,dc=seju,dc=eu": txn_checkpoint failed: Invalid argument (22).
    Apr 11 22:03:02 server.seju.eu slapd[925]: backend_startup_one (type=bdb, suffix="dc=server,dc=seju,dc=eu"): bi_db_open failed! (12)
    Apr 11 22:03:02 server.seju.eu slapd[925]: bdb_db_close: database "dc=server,dc=seju,dc=eu": alock_close failed
    Apr 11 22:03:02 server.seju.eu slapd[925]: slapd stopped.
    Open Directory Log
    2015-04-11 21:57:10.624284 CEST - AID: 0x0000000000000000 - opendirectoryd (build 382.20.2) launched...
    2015-04-11 21:57:10.752590 CEST - AID: 0x0000000000000000 - Logging level limit changed to 'error'
    2015-04-11 21:57:10.916732 CEST - AID: 0x0000000000000000 - Initialize trigger support
    2015-04-11 21:57:10.951833 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/SystemCache.bundle'
    2015-04-11 21:57:10.958469 CEST - AID: 0x0000000000000000 - Module: SystemCache - failed to load persistent state - Input/output error
    2015-04-11 21:57:10.962533 CEST - AID: 0x0000000000000000 - Registered node with name '/Active Directory' as hidden
    2015-04-11 21:57:10.962833 CEST - AID: 0x0000000000000000 - Registered node with name '/Configure' as hidden
    2015-04-11 21:57:10.963182 CEST - AID: 0x0000000000000000 - Discovered configuration for node name '/Contacts' at path '/Library/Preferences/OpenDirectory/Configurations//Contacts.plist'
    2015-04-11 21:57:10.963194 CEST - AID: 0x0000000000000000 - Registered node with name '/Contacts'
    2015-04-11 21:57:10.963438 CEST - AID: 0x0000000000000000 - Registered node with name '/LDAPv3' as hidden
    2015-04-11 21:57:10.966901 CEST - AID: 0x0000000000000000 - Registered node with name '/Local' as hidden
    2015-04-11 21:57:10.968600 CEST - AID: 0x0000000000000000 - Registered node with name '/NIS' as hidden
    2015-04-11 21:57:11.031990 CEST - AID: 0x0000000000000000 - Discovered configuration for node name '/Search' at path '/Library/Preferences/OpenDirectory/Configurations//Search.plist'
    2015-04-11 21:57:11.032007 CEST - AID: 0x0000000000000000 - Registered node with name '/Search'
    2015-04-11 21:57:12.343838 CEST - AID: 0x0000000000000000 - Discovered configuration for node name '/LDAPv3/127.0.0.1' at path '/Library/Preferences/OpenDirectory/Configurations/LDAPv3/127.0.0.1.plist'
    2015-04-11 21:57:12.343888 CEST - AID: 0x0000000000000000 - Registered subnode with name '/LDAPv3/127.0.0.1'
    2015-04-11 21:57:13.549377 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/legacy.bundle'
    2015-04-11 21:57:13.551131 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/search.bundle'
    2015-04-11 21:57:13.554053 CEST - AID: 0x0000000000000000 - '/Search' has registered, loading additional services
    2015-04-11 21:57:13.554064 CEST - AID: 0x0000000000000000 - Initialize augmentation support
    2015-04-11 21:57:13.557920 CEST - AID: 0x0000000000000000 - Successfully registered for Kernel identity service requests
    2015-04-11 21:57:13.557940 CEST - AID: 0x0000000000000000 - Adjusting kernel ID cache (100 -> 250) and membership cache (100 -> 500)
    2015-04-11 21:57:13.575235 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/PlistFile.bundle'
    2015-04-11 21:57:13.578418 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/FDESupport.bundle'
    2015-04-11 21:57:13.583810 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleID.bundle'
    2015-04-11 21:57:13.615788 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ConfigurationProfiles.bundle'
    2015-04-11 21:57:13.619666 CEST - AID: 0x0000000000000000 - Registered subnode with name '/Local/Default'
    2015-04-11 21:57:13.632498 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ldap.bundle'
    2015-04-11 21:57:13.845588 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleODClientLDAP.bundle'
    2015-04-11 21:57:13.849664 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleODClientPWS.bundle'

    I had a similar problem. A couple days after upgrading, I encountered OD's "Unable to load replica" problem and had my server's certificate deleted from my system keychain!
    Server.app + OD + LDAP are all extremely fragile and I just don't trust them during transitions, so I always keep an independent bootable backup with Carbon Copy Cloner and this preflight script. I'll post my notes for recovering OD below, but in my case, nothing worked this time, and I couldn't start OD robustly across reboots. Fortunately for me, my 12 hour old bootable backup was working, so I just used CCC to copy my bootable backup back. Not sure what I would have done had that not worked short of rebuilding everything from scratch.
    Pre-steps:
    0. Bootable backups, Time Machine backups, and dirserv backups of everything.
    1. Disk Utility: Fix disk permissions, Fix disk
    2. PRAM reset, Command-Option-P-R at boot
    3. DiskWarrior to rebuild the disk directory
    Possible steps to fix OD:
    # Fix Open Directory "Unable to load replica"
    # Try this first:
    # https://support.apple.com/en-us/HT200018
    # Quit Server.app
    sudo mkdir /var/db/openldap/migration/
    sudo touch /var/db/openldap/migration/.rekerberize
    sudo killall PasswordService
    # Open Server.app
    # Try this second:
    # http://apple.stackexchange.com/questions/79141/how-to-fix-failing-open-directory -database-cn-authdata-cannot-be-opened-err
    sudo serveradmin stop dirserv
    sudo launchctl unload -w /System/Library/LaunchDaemons/org.openldap.slapd.plist
    sudo db_recover -h /var/db/openldap/authdata/
    sudo /usr/libexec/slapd -Tt
    sudo launchctl load -w /System/Library/LaunchDaemons/org.openldap.slapd.plist
    sudo serveradmin start dirserv
    # Try this third:
    # https://discussions.apple.com/thread/6018956
    sudo serveradmin stop dirserv
    sudo slapconfig -restoredb /private/var/backups/ServerBackup_OpenDirectoryMaster.sparseimage
    sudo serveradmin start dirserv
    # Try this fourth (assuming ccc_preflight od backup):
    # https://discussions.apple.com/thread/6018956
    sudo serveradmin stop dirserv
    sudo slapconfig -restoredb /private/var/backups/odbackup/od_2015-04-11.sparseimage
    sudo serveradmin start dirserv
    # Try this last:
    sudo rsync -va /your-backup-drive-possibly-TM/private/var/db/openldap/authdata/ /private/var/db/openldap/authdata/
    If your server cert gets deleted from the System keychain, you'll need to boot into the bootable backup and export the certificate+key that looks like hostname.domainname.tld, signed by IntermediateCA_HOSTNAME.DOMAINNAME.TLD_1, copy this to the server drive, import back into the System keychain. The cert should then appear within Server.app again. See here for how to do this if all you have is the System keychain file.
    If anyone has reliable advice how to fix a corrupt OD that would be a huge help.

  • Moving Mail Users from a Local Directory to Open Directory

    Hi,
    We have been running a standalone mail server for a few years. We have recently upgraded to 10.5 for all of our servers. We have also been running an Open Directory server for the last year or so. Now I am trying to move my email users from the Local Directory on the Mail server to the LDAP server. Obviously we do not want to change account names, so I find I need to delete the local user and then enable the user through the LDAP. This works fine, but I need to bring the original IMAP files/folders forward.
    My question is what is the best practice? I thought backing up the Mail folder in each user's Library and reimporting it would work, but it won't take the IMAP mbox (I can see all the .emlx files in the backup of the user's Mail folder).
    So again, I had a user called user1 in my mail server Local directory say server1. I also have an Open Directory server2 with the same username on it. I have bound server1 to server2. I can see the server2 (OD) accounts on the server1 (mail). I then need to delete user1 from Local server1 directory in order to enable mail to user1 from the OD. This does work, but again, I need bring the mail files/folders to the new OD account on server1.
    thanks,
    mike

    Tony,
    Let me check of the migration manual, thank you!
    I really thought this was going to easier than this. The current accounts are IMAP, and therefore when I "hook up" the new OD account, which doesn't really need anything done on the client side because it is the same username and password and server as the current Local account. When it syncs, the old emails on the IMAP account in the user's Mail program clear since the new OD account is empty on the server.
    I just really thought duplicating the Mail folder in the client's home Library would allow me to import the emails back in. I have tried highlighting the mailboxes (Inbox, and personal folders), archiving them, and then reimporting seemed to work, but I need to beat it up before I start working on live accounts. One account I did try lets me read the emails from the user, but when I try dragging them to the IMAP folders from the import folder, I get a NULL character problem on IMAP append error. NOT to chase that, but it was something else that tripped me up.
    You do bring up a good point, I think the accounts were originally setup as POP and IMAP. I'll chase some ideas about that.
    Let me play around, you've been great considering my awful explanation of this different situation.
    thanks again,
    mike

  • Open Directory Storing AD information

    I am looking for documentation that explains that Open Directory does NOT house Active Directory account information (passwords specifically). It is my understanding that when a server is set up as an Open Directory master, it only references Active directory to authenticate a username/password to grant permission for access to an application.

    Hi
    On 10.3.x Server Server Admin would always list Open Directory as running (basically the green light would be on by the side of the service). This is normal, what is more important is what is stated as the Server Role in the Overview window. On 10.4.x Server Server Admin does not act in the same way. Open Directory Services will be listed as running (in other words the green light is on by the side of the service) if the Server Role changes from Standalone to any one of the other 3 roles it can be configured for. On 10.3 Server you had the choice of 3 roles, on 10.4 Server there are 4 roles.
    The question regarding the Active Directory is harder to figure out especially as you can see PC clients. Launch Server Admin, click the disclosure triangle to display the list of services and post back which services have the green light by the side of them. In the meantime find out the IP address or DNS hostname of the AD Server and see if you can ping it. Use Network Utility in /Applications/Utilities.
    You could also consult/download the Mac OS X Server Upgrading and Migrating, 2nd Edition Manual from here:
    http://www.apple.com/support/manuals/macosxserver/
    Tony

  • Open Directory, Active Directory, Both????

    Good morning from Paris,
    My company will migrate its Macintosh to Mac OSX 10.5 and I'm wondering what's best for Authentification and SSO.
    I did investigate a bit and finally choosed to add an Open Directory among our existing Active Directory. In order to have pretty managed Macs, I also intend to use MCX, ARD and of course Netboot among Mac OSX Server OD to manage Workstations and deployments. We don't for now intend to use solutions like Centrify's direct control or Likewise solutions...
    So here's my question. If we do use two discussing directories, is it required or simply usefull to extend the Active Directory schema? I have read several discussions about the extension and the Active Directory Domain we use is quite ready for it.

    Hi There,
    Have just read your post and wondered how you have decided to manage your Mac's.
    I am looking at extending our active directory schema and manage our Mac's via mcx via the AD.
    Im really looking for if anyone else has done this and how you got the schema extensions, i have read all about it, in getting an OD up and running looking at what extensions there is and editing the file e.t.c. but surely apple can provide this information?
    Thanks for any advice?

  • **want to create a user account from "Crypted Password" to "Open Directory"

    I have create a user account with "user password type: Crypted Password"
    is there any way I can script it to "user password type: open directory"
    I've use perl-ldap to create user account but I don't know how to change user password type to open directory,
    because my script will add a new node in the directory, I just need a way to make the "user password type" to "Open Directory" AT CREATION TIME, not modifing it after a have a user account, the script below will generate a node in the directory with "Crypted Password" as User Password Type,
    is there any attribute I need to add to make it "Open Directory" or perl command, applescript, bash, objective c(hopefully not)....
    thank for reading...
    $res = $c->add(dn => 'uid=testing,cn=users,dc=microsoft,dc=info',
    attr => [
    'cn' => 'testing',
    'gidNumber' => '20',
    'homeDirectory' => '99',
    'objectclass' => 'inetOrgPerson', 'posixAccount', 'shadowAccount', 'apple-user', 'extensibleObject','organizationalPerson','top','person',
    'sn' => 'testing',
    'uid' => 'testing',
    'uidNumber' => '5000',
    1. 'apple-generateduid' => '27318931-B341-4364-91B4-84E4AAAD1234', #026F",
    'givenName' => 'testing',
    1. 'loginShell' => '/bin/bash',
    'userPassword' => 'testing' ,
    1. 'homePhone' => '555-2020',
    2. 'mail' => '[email protected]'
    die "unable to add, errorcode #".$res->code().$res->error if $res->code( );
    thanks

    Since this question isn't Xserve specific a better place to get an answer is probably in the Directory Services forum: http://discussions.apple.com/forum.jspa?forumID=1353
    That being said if you are trying to migrate Crypt accounts to OD accounts then the short answer is no. You need an unencrypted password to put the password into OD via a script do short of cracking the encrypted password, inserting it in plain text into the OD user account creation process then I don't think you can.
    You should be able to dictate the password (and any other settings you can do from the GUI) but the password is the missing piece. Under really old OS X systems I actually suspect you can get passwords to export (hinted at by an Apple engineer I discussed this with) but there is probably a faster and more straightforward solution.
    What I have done is export from NetInfo, clean the accounts via script and then reimport the accounts into the new system. I usually assign a password and dictate "Must change password at next login" and then email people the temporary passwords. It's been a while but I believe you can mass select and then dictate password settings so if that works for you create accounts with all the same password and then you can select by group and make changes - eg Must change password at login.
    Good luck,
    =Tod

Maybe you are looking for

  • Bounding boxes appear in Acrobat after exporting from InDesign

    Whenever I create outline fonts in my CS3 version of InDesign (I haven't upgraded to CS4 on this one program yet), I'm left with some very strange thin white lines surrounding some or all of the resulting letters that look suspiciously like bounding

  • How do I convert from pdf to word? I see an option to do so, however, when I click on it, Ia box opens...

    when I try to convert from pdf to word, a box opens and suggests I am to click on (select) the file I want to convert. It sounds all well but it does not work. I really really just want my files back in word, all of them, no matter, because after hav

  • Iphone 5 doesnt accept ID password, facetime and imessage not working,

    Im not sure if its to do with the new update 6.1.4 but my imessage suddenly stopped working. I checked my settings and saw that my email addresses associated with it were deleted. I would do hard resets but it wouldnt solve the problem. Then imessage

  • Messages not processed from IP_OUT_QUEUE

    Hi all, I have enqueued the message to IP_OUT_QUEUE and consumer as B2BUSER. Still the message are not getting processed from the Queue. From the b2b.log, I see the following statements "***B2BListen turned off, will not listen on IP_OUT_QUEUE for me

  • Auto Clear/Reset form

    I have a search form that is filled out. For example, one of the entries for a field is 255. The submit goes to the action page where results are displayed. If they hit the back button, the original form entries are still there. If I add 1 to 255 to