SSL & iChat Accounts Set-up Through Directory Utility

Similar Messages

• EDSPermissionError(-14120) problems with LDAP, SSL and Directory Utility

  Hello everyone,
  Apologies for the repost but I think I may have made a mistake by posting this originally in the Installation, Setup and Migration forum instead of the Open Directory forum. At least I think that may be why I didn't receive any responses.
  Anyway, I've been trying to get my head around Open Directory and SSL as they are implemented in Mac OS X Server 10.5 Leopard, and have been having a few issues. I would like to set up a secure internal infrastructure based around a local Certificate Authority that signs certificates for other internal services like LDAP, email, websites, etc.
  I only have one Mac OS X Server and it is kind of a small office so I have gone against best practice and simply made it a CA (through Keychain Utility). I then generated a self-signed SSL certificate through Server Admin, and used the "Generate CSR" option to create a Certificate Signing Request. This went fine, but I did have some problems signing it with the CA, because the server documentation suggested that once I signed it it would pop open a Mail message containing the ASCII version of the signed certificate - it did not, and it took me a loooong time to realize that I could simply export the copy of the signed certificate it put in my local Keychain on the server as a PEM file and paste this back into the "Add Signed or Renewed Certificate from Certificate Authority" dialog box in Server Admin. Hopefully this can be fixed in a forthcoming patch, but I thought I would mention it here in case anyone else is stuck on this issue.
  Once I did this I was able to use this certificate in the web server on the same machine and sure enough I was able to connect to it with with clients who had installed the CA certificate in their system Keychains without getting any error messages - very cool.
  However, I haven't had quite as much luck getting it going with LDAP/Open Directory. I installed the certificate there as well, but have run into a number of problems. At first I could not get clients (also running 10.5.2) to talk to the server at all over SSL, receiving an error in Directory Utility that the server did not support SSL. I eventually discovered that the problem seemed to lie in the fact that the OpenLDAP implementation on Leopard is not tied in with the system Keychain, necessitating some command-line voodoo to install a copy of the CA cert in a local directory and point /etc/openldap/ldap.conf at it, as documented here: http://www.afp548.com/article.php?story=20071203011158936
  This allowed me to do an ldapsearch command over SSL, and seemingly turn SSL on on clients that were previously bound to the directory, and additionally allowed me to run Directory Utility on new clients and put in the server name with the SSL box checked and begin to go through the process of binding. Once this seemed to work, I turned off all plaintext LDAP communication and locked down the service by checking the "Enable authenticated directory binding," "Require authenticated binding," "Disable clear text passwords," and "Encrypt all packets" options in Server Admin. However, I am now running into a new problem, specifically that I cannot successfully bind a local account to a directory account over SSL.
  Here's what happens:
  1) I run Directory Utility, (or it auto-runs) and add a server, typing in the DNS name and clicking the SSL box.
  2) I get asked to authenticate, and type in user credentials, including computer name (incidentally, should this be a FQDN or just a hostname?)
  3) Provided I put admin credentials in here and not user-level credentials, I get taken to the "Do you want to set up Mail, VPN, etc.?" box that normally appears when you autodiscover or connect to an Open Directory server.
  4) I click through, and am asked for a username and password on the server, as well as the password for my local account.
  5) When I put this information in, I get a popup with the dreaded "eDSPermissionError(-14120)" and it fails.
  Checking the logs in Server Admin reveals nothing special, and while I have seen a couple other threads on this error and various other binding problems:
  http://discussions.apple.com/thread.jspa?messageID=5967023
  http://discussions.apple.com/message.jspa?messageID=5982070
  these have not solved the problem. In the Open Directory user name field I am putting the short username. I have tried putting [email protected] and the user's longname but this fails by saying the account does not exist. For some reason it does seem to work if I bind it to the initial admin account I created, but no other user accounts.
  If I turn all the encryption stuff off I am able to join just fine, so I am suspecting that the error may lie in some other "under the hood" piece of software that doesn't get the CA trust settings from the Keychain or the ldap.conf file, but I'm stymied as to which piece of software this might be. Does anyone have any clues on what I might be able to do here?
  Thanks,
  Andrew

  Hard to tell what is happening without looking at the application
  source, knowing what OS & hardware you're using etc. You might want to
  try running with different JVM versions to see if it's actually the VM
  that is the problem. If you have a support contract with BEA you could
  ask support to help you diagnose this.
  Regards,
  /Helena
  Ayub Khan wrote:
  I have an application running on Weblogic 8.1 ( with JRockit as the JVM). This
  application in turns talks to an iPlanet Directory server via LDAP/SSL. The problem
  seems to happen on loading the machine..the performance progressively gets worse
  and after a couple of seconds, all the threads stop responding. I checked the
  heap, cpu and the idle threads in the execute queue and there is nothing there
  to trigger alarms...there are quite a few idle threads still and the heap and
  the cpu utilization seem OK. On doing a thread dump, Is see that all the other
  threads seem to be in a state where they are waiting for data from LDAP and it
  is basically read only data that they are waiting on.
  Does anyone know what it is going on and help point me in the right direction.
  -Ayub

• How do I set up an ichat account?

  how do I set up an i Chat accoiunt?

  Hi,
  You need a Screen Name or ID fro the service you want to join
  iChat 6 (OS X 10.7.x) can do Jabber logins, AIM Logins and Yahoo ones.
  AIM valid Scren Names include names registered at AIM  and Apple IDs ending with @mac.com or with @me.com (these used to be MobileMe accounts but new ones are now iCloud ones)
  Jabber valid names include any Facebook name (Chat has to be enabled at your Facebook settings), Google Mail IDs (Ending in @gmail.com or @googlemail.com) or any jabber name registered at a Jabber server.
  IF you have started iChat already and clicked through the Start up Screen then you will then need to start/Launch iChat
  Open the iChat Menu (The App Name in the menu bar is a drop down menu) > Preferences then Accounts
  In the Accounts is a list.
  It will already have Bonjour in it (Everyone gets this and it cannot be deleted)
  Click the + button at the bottom
  In th new panel click the top item and then chose the type of account you want to Add.
  Fill in Details
  Click Done.
  A Buddy List will then launch and login.
  Add Buddies
  10:25 PM      Tuesday; March 27, 2012
  Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
    iMac 2.5Ghz 5i 2011 (Lion 10.7.3)
   G4/1GhzDual MDD (Leopard 10.5.8)
   MacBookPro 2Gb (Snow Leopard 10.6.8)
   Mac OS X (10.6.8),
  "Limit the Logs to the Bits above Binary Images."  No, Seriously

• How to set in Windows 8.1 the Account Picture from Active Directory

  Hello All,
  In my company I have uploaded the photos for
  each employees in
  Active Directory using a powershell script that set the attribute
  thumbnailphoto.
  This is useful for images in Lync and Outlook,
  now I want to use these pictures
  to sync with the account picture
  in Windows 8.1 but I haven't found anything in internet that helps me
  for this.
  I hope someone can help me,
  Thanks!

  Hi,
  You can try the steps in following article:
  Using Pictures from Active Directory
  http://msitpros.com/?p=1036
  This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore,
  Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you
  completely understand the risk before retrieving any software from the Internet.
  For your reference, here is the similar thread with different method:
  http://social.technet.microsoft.com/Forums/en-US/d6e7b2c3-c343-4900-a01d-24bfb30357b6/is-there-a-solution-to-set-user-account-picture-from-active-directory-thumbnailphoto-attribute-in?forum=w8itproinstall
  Hope these would be helpful.
  Kate Li
  TechNet Community Support

• When I got my Mac I set up an iChat account and now i want to make a new one.  Does anyone know how to do this?

  When I got my Mac I set up an iChat account and now I want to make another one.  Does anyone know how to change it?  F

  Hi,
  After creating a  Screen Name or User ID with the relevant service you can enter this in iChat
  With iChat Open go to the iChat Menu > Preferences >Accounts
  Use the + button at the bottom of the List
  Chose from the top item whether the Account (Screen Name) you are adding is going to be AIM, (inlcuding Apple variants), Jabber (including Google variant) or in iChat 6 a Yahoo account.
  Add details as required.
  Click Done.
  10:22 PM      Thursday; December 15, 2011
  Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
    iMac 2.5Ghz 5i 2011 (Lion 10.7.2)
   G4/1GhzDual MDD (Leopard 10.5.8)
   MacBookPro 2Gb (Snow Leopard 10.6.8)
   Mac OS X (10.6.8),
  "Limit the Logs to the Bits above Binary Images."  No, Seriously

• When I got my Mac I set up an iChat account and now I want to make another one.  Does anyone know how to change it?  F

  When I got my Mac I set up an iChat account and now I want to make another one.  Does anyone know how to change it?  F

  HI,
  You can create and add another Screen Name to iChat.
  From iChat 4 you can have as many AIM Logins and Jabber Logins as you want.
  "AIM" in this case includes the Apple IDs (@mac.com and @me.com ending names) that also work as Valid AIM Screen Names as well as AIM registered Names.
  "Jabber Names" includes using Google Mail IDs and Facebook IDs as well as any registration with any other Jabber server.
  If you are not happy with the one you have you can delete and stop using it.
  Both Adding and Deleting are done in iChat > Preferences> Accounts.
  Highlight an Account/Name and then the minus button to delete.
  Using the Plus button show you the Add Screen.
  8:00 PM      Sunday; December 11, 2011
  Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
    iMac 2.5Ghz 5i 2011 (Lion 10.7.2)
   G4/1GhzDual MDD (Leopard 10.5.8)
   MacBookPro 2Gb (Snow Leopard 10.6.8)
   Mac OS X (10.6.8),
  "Limit the Logs to the Bits above Binary Images."  No, Seriously

• Cant set up ichat account

  Im trying to set up an iChat account...
  I go to... Get an ichat account
  Fill in all of the info
  Then go back to prefs to add in new account, but keep getting the following message
  The MobileMe password you entered is not correct.
  What am I missing here? Am I supposed to be paying for some other service to get iChat account?

  Hi,
  iChat is a Free app if that is what you are saying.
  You can use An AIM name which is free to get.
  You can use a lapsed Paid for @mac.com name or a Old trial account for Free as well
  You can sign up for a trial of @me.com (MobileMe) and the name will work in iChat for 60 days or until you cancel the trial.
  Jabber names are free and GoogleTalk is a Jabber server and if you have a Googlemail account you already have an ID.
  iChat will Video to any AIM on PC user if they are at AIM 5.9 on XP (AIM movewd the goal posts on that)
  iChat will Video to any iChat user with an AIM Valid Name (Includes Apple variations)
  iChat will video chat to any iChat User with a Jabber ID if you have a Jabber ID
  Read Audio Only chats where you see Video above.
  Of course the hidden fact of iChat is that it sends loads of data in a Video chat and your ISP may charge you extra if you exceed your monthly allowance
  9:54 PM Sunday; April 12, 2009
  Message was edited by: Ralph Johns (UK)
  Message was edited by: Ralph Johns (UK)

• Set up ichat account

  i tried to create ichat account, but i forgot my email address (me.com), how can i retrieve my me.com address or shall i just create a new one?
  secondly, where can i find imessage in mac book pro? i went through application, its not there.

  go to https://auth.me.com/authenticate    and on the bottom of the screen is your option. 
  Currently iMessage is unavailable for the Mac. You can only iMessage on iOS devices such as the iPad and the iPhone. 

• How to set up 2 ichat accounts in a home office??

  Hi guys anybody know how to have 2 ICHAT accounts? do you have to have 2 DOTMAC accounts? i hope not.
  thanks in advance,
  JOHN
  mac book   Mac OS X (10.4.6)  

  Hi
  Get a free .mac http://www.apple.com/dotmac/ click on free trial and name will work after the 60days.
  AIM name free HERE
  Tony

• Authentication problem in Directory Utility (Standard Mode)

  I misposted this in the 10.4-and-earlier section...I have Leopard.
  Okay, I suppose I am in over my head as I am not a NA but just had so many macs I thought it would be fun to see if I can make OS X Server work.
  I have at the moment 3 users set up: 1 admin and 2 Standard users. When one of the remote Macs tries to use Directory Utility to authenticate, it insists that "The name and password you entered for the user account on the server do not match." Well, I have reset the passwords on the server several times and I am darn sure I have them right. I can connect to the server and use folders and whatnot; i just can't use any of the services.
  I suspect this is a permissions issue, because I also get errors if I try to "Allow (one of the standard users) to administer this server" in the Server Preferences/Users pane. I get "Error '-14120' occurred while processing a command of type 'setMembership' in plug-in 'servermgr_accounts'. That's very descriptive and helpful except that I do NOT know what I am doing.
  Uh, little help? Did I just do something very stupid that is making everyone chuckle?

  I've been at this for eight days myself. Lots of problems. So don't feel bad if things don't sort of "click" into place - they haven't been for me.
  First off - I noticed that you have server_name.local. I'll say something right here about that. I had no end of grief when I configured my server with a .local extension. All my machines are named after Kellogg's cereals - so I decided to name this one honeycomb. So during installation I named it honeycomb.local.
  Now before I explain this - understand this is my understanding .. I could be dead wrong - but this is how I understand it. Apple uses Bonjour technology to locate network resources. In a network environment there will no doubt already be conventional methods for locating computers - such as DNS, Directory Services, etc. Bonjour is designed to happily coexist with all of those. It essentially uses multicast technology to find other devices on the network and configure it. When a device is using Bonjour - it utilizes the .local suffix. You can see where I am going with this.
  So I had some issues and decided to pull the plug. Reinstalled the OS and used honeycomb.private. I STILL see honeycomb.local being referenced throughout - so I feel good now that I made the right choice. Things have been going a lot better since.
  I am going to use mymachine.private as the computer, and jdoe as the username in the next bit. Replace them with your own info.
  +From my own experiences, here are some things to check+
  *_1) Server must respond to the Client's Requests _*
  On the Server:
  -Use 'ipfw flush' and clear out firewall rules while you are testing.
  -Does 'ping mymachine' work?
  -Does 'ping mymachine.private' work?
  _*2) Client must be able to find the data in Open Directory:*_
  -Is Open Directory running in Server Admin.
  -In Server Admin, under Open Directory, under Overview - do you have everything running? Is there an LDAP search base and a Kerberos Realm? Are they correct?
  -Connect with an LDAP client if you must, and manually verify that the user information is in there. I love Apache Directory Studio (http://directory.apache.org/studio/)
  -Perhaps there are certificate or identity issues - turn off the SSL options during testing.
  -In Workgroup Manager->User jdoe->Home ensure the information is correct.
  *_3) Client must be able to mount the home directory:_*
  -Can you manually mount /Users/ on the client, and read / write everything in the jdoe folder ?
  In Server Admin, under File Sharing
  -/Users/ share point - Automount should be enabled (AFP, Home Folders)
  -/Users/ permissions - others should be at least read-only
  This is my preference .. but...
  -/Users/jdoe permissions should be:
  ACL: jdoe - Allow, +Full Control+
  POSIX:
  jdoe - Allow, +Read & Write+
  admin - Allow, +Read & Write+
  Others - Allow, None
  Select jdoe folder, click on the Cog and Propagate Permissions. Check all permission boxes and click OK.
  _On the Client_
  I usually start off, by verifying:
  -Does the client have a DHCP address from my server?
  -Can my client ping the shortname and fullname of my server?
  -Can I manually connect to the server and mount a share?
  -Did I do an *ipfw /flush* on the client too?
  If all that is correct, then I will go into Directory Utility and click the + to add a directory server. I will select type "Open Directory", type in the server name (mymachine.private), and leave SSL unchecked. Click OK. When done it should say:
  mymachine.private(Open Directory Server) - This server is responding normally
  Once you get this far, try logging out and logging in as a user - ie. jdoe
  If it won't let you log in then answer this - did it do its shAkE at you or did it give you an error message?
  Kerberos shouldn't be rearing its ugly head at this stage of the game - its more for single sign on .. but if you see any authentication windows with the words "REALM" or "PRINCIPLE" - those words should set off little Kerberos alarm bells in your head. Like I said - at this stage in the game I don't think those have anything to do with it.
  _*Few other notes:*_
  #1) In Workgroup Manager - you could add the client computer. Enter its full name and short name (you can get them from the sharing option in the client's system preferences). Once the computer is added, you can go into the preferences for the computer, click on Login Preferences and set it to always manage. Put a message in the message box such as "Directory has been consulted" and check the "Show Network Users" box. This way - when you log out .. you will have an indication as to whether the open directory is working at all on the client, or if the problem is more focused with the user account.
  #2) I have been getting
  +Error of type Not a known DirStatus (-1) on line 2075 of SourceCache/ WorkgroupManager/WorkgroupManager-319/Plugins/UserAccounts/UserAdvancedPluginVi ew.mm+
  when creating a user in Workgroup Manager. I just close out of the user and then it allows me back in.
  Drop a post if you manage to solve the problem.

• Open directory and Directory Utility

  I'm in a public school system that has everything running within a private IP setting. We have a Leopard server that has been set up so that access by means of a public IP and DNS entry is possible. Ports have been opened to allow iChat, iCal, web, and ARD to function. What we have not been able to do is to use Directory Utility to connect to OD. ARD is working well from outside the district. I can use Directory Utility inside the firewall, but not on the public side of it. Can do a lookup on the DNS entry, but not ping the machine by IP nor by name. I've looked to see if I've missed a port, but I'm not sure what might be missing. I've not located anything that would provide a port that Directory Utility might need to be able to make it through the firewall. Any help or possible direction would be appreciated.

  You should post to the server products forums.

• Is it possible to find out all of the computers from which MY iChat account has logged into?

  I think one or more people have been using MY iChat (mac.com) account to send out emails (pretending they are me). I've changed my password so it won't happen again, but Is there a way for me to see which computers have logged into/used MY iChat account?

  Hi,
  I am not aware of any way you can get iChat to reveal this info directly.
  You could use iChat with another Screen Name and Little Snitch.
  Little Snitch is a Utility that will tell you what IPs and Ports an App is trying to use.
  This way you add your old ID as a Buddy.
  If they are On line then send them a Video Invite.  You do not have to go the whole way but just enough for Little Snitch to tell you the IPs involved (A Public and possible a LAN IP).
  Once you get that far past the Little Snitch Pop ups you can end the chat
  Little Snitch will keep a running record in its Application Interface for you to fully note down the details (the ISP will also be listed)
  I would also contact Moblieme about this.
  If you can get hold of any of the email I would also look at the Full Header info
  In Mail you can set this in Viewing (Preferences).
  This will also list the ISP (Servers) it has passed through.
  You can also generally see if the name has been spoofed.
  10:57 PM      Wednesday; July 27, 2011
  Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
   G4/1GhzDual MDD (Leopard 10.5.8)
   MacBookPro 2Gb( 10.6.8)
   Mac OS X (10.6.8),
  "Limit the Logs to the Bits above Binary Images."  No, Seriously

• Directory Utility: "Name and Password you entered... do not match."  ????

  Happy New Year all!
  OS X 10.5 Server I think is slowly trying to kill me. I've had to re-install the system 3 times in as many months because of corruption with user accounts.
  What I am struggling with currently is Directory Utility. All clients have accounts set up on the server. If they are local (plugged into the LAN), Directory Utility works like a champ and configures the desired services as advertised. However, when they are remote from the site, Directory Utility is able to locate and communicate with the server and offers to set up all services (just as when connected to the LAN), but when asked to authenticate an error message states:
  "The name and password you entered for the user account on the server do not match."
  It makes no difference which username (standard user or admin) I try. At the same time those laptops that were configured locally but used remotely continue to work perfectly communicating with the server.
  Reading through the forums, I saw some (related?) suggestions recommending making changes to the options under the "Services" tab within Directory Utility (like unchecking LDAPv3). But I haven't found a combination of changing those options that gives me success. Someone else having a similar problem speculated it might have something to do with being behind an airport or router messing up the authentication. ???
  Does anyone have any thoughts or suggestions about this?
  Thanks!

  Ok Hannah. I have just had a bit of a read of some articles on the net and it seems that getting Hotmail to work with Mail.app is not easy.
  You may find some of the discussion in this thread helpful. https://discussions.apple.com/thread/3193359
  It starts off talking about mail on iPhone but towards the end there are some ideas about getting it going on Lion.
  It seems that an alternative is to try a plug-in for Mail.app that handles the communications with Hotmail. You may want to look at http://www.hawkwings.net/2011/07/26/hotmail-yahoo-and-lions-mail/  for some links. Note that I don't have Hotmail so I can not vouch for any of this.
  Mark

• I want to delete my ichat account and make a new one

  i just got my mac and made a ichat account. i think i messed uo because i had used two different emails. i tried to add my friend but everytime it said waiting for authorization and it keep saying i was offline. i was wondering if there was any was i could fix this problem. PLEASE HELP SOMEONE!

  Hi,
  You haven't added any Spec for your machine or iChat version but you seem to imply it is new so I will presume Lion and iChat 6
  iChat can use  4 types of names and some of those have sub-categories if you like.
  In the iChat Menu > Preferences > Accounts you should have at least the Bonjour Option in the list even if you have no other accounts.
  This is used between Macs on your LAN.
  If they are using iChat and have Bonjour Enabled then you will see their Name as they call themselves in their Address Book. iChat will broadcast your Name as at the My Card in your Address Book (Head and Shoulders icon card).
  iChat can join the AIM service and these can be one of three (sub) type of  Names, although the Buddy list can have Buddies of each type.
  You can register at AIM themselves, with @Mac.com and use a MobileMe name (Ending @Me.com)
  Generically the Account/Buddy List is referred to as an AIM list as @Mac.om and MobileMe names are Valid AIM Screen Names
  iChat can use Jabber Names/IDs. These include Google and there is an Option with iChat 4 onwards to use this a a separate sub category when adding an Account to iChat (In creating a BUddy List)
  A Jabber ID can add Goolge Buddies or a Google Buddy List can have Jabber Buddies.
  iChat 6 adds the ability to use a Yahoo ID as well.
  Although the Yahoo for Mac App (it is still in Beta) can add MSN contacts this cannot be done in iChat.
  Adding Buddies.
  In an "AIM" List you can add Buddies by clicking the Plus icon at the Bottom of the Buddy List and selecting Add Buddy
  You type the Buddy's name in full (As in [email protected], or [email protected] or the AIM name that the persons tells you (it may not be an Email) )
  Allowing or Blocking a Buddy is then done in the iChat Menu Preferences > Accounts > Security tab.
  With a Jabber/Google List  you have to Authorize the Buddy as you Add them. A Person has to be in th Buddy List rather than allowing or Blocking them later.
  To be more precise a Request to Authorize is sent to the Buddy and they either Accept or Deny.
  In iChat 3 through 5 this needed to be done when the Buddy was On Line as iChat does not repeat the Request.   From what you post it seems this has not changed in iChat 6
  (Other Jabber apps continually send the request until such time as the person actually sees the request and does something about it.)
  So it may not be that the Name is "Wrong" or that you have set up your account incorrectly.
  I have no info on setting up a Yahoo account at present or how Buddies are added for Allow/Block Authorise or not.
  What you cannot do is use an AIM Account to add Google or Jabber buddies to (Or vice versa) even though on the whole the naming formats (email Style IDs) applies to both.
  AIM Registrations ask for a second email for Password recovery
  @mac.com Registrations require a second email to Verify the Apple ID you are creating (It happens to be an Valid AIM screen Name as well  (@mac.com look like email but are not so you cannot verify them back through @mac.com as it were).
  The Waiting for Authorisation message only comes from a Google Talk ID or a Jabber Buddy List.
  It will show if you add an AIM valid Name or if the Buddy is Off Line and not seeing the Request to answer it.
  Example iChat 4 pic
  (not sure why I had these to options crossed out but I may have been talking about iChat 3 when I used it)
  Obviously iChat 6 has Yahoo as well.
  8:30 PM      Sunday; August 28, 2011
  Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
   G4/1GhzDual MDD (Leopard 10.5.8)
   MacBookPro 2Gb( 10.6.8)
   Mac OS X (10.6.8),
  "Limit the Logs to the Bits above Binary Images."  No, Seriously

• How to use Directory Utility to make a local test domain?

  I need to set up wildcard subdomains for a test domain of acegamingsyndicate.test and I can only find guides that use the netinfo utility, which has been removed from Leopard and replaced with the Directory Utility.
  How would I add acegamingsyndicate.test so that I can use wildcard subdomains? acegamingsyndicate.test itself works, after I added it in the hosts file, but subdomains are not working so I don't think that it should be in the hosts file. In fact I'm nearly positive it's not supposed to go in the hosts file.

  You don't use Directory Utility.
  Directory Utility is used to bind the server to a directory server - typically used for user accounts and the like. It's not used for hostnames.
  Also, as you've noted, you can't use /etc/hosts to create wildcard records.
  What you need is a DNS server.
  Mac OS X includes one (BIND), but it is managed via traditional text file editing in the command line, not via a GUI app. Mac OS X Server adds a GUI, but it doesn't sound like you're running that.
  So the question is, how comfortable are you using the command line and is manually configuring the DNS server something you think you're up for?