Where is Directory Utility or it's heir in Yosemite. Want to put icon in dock to get at root.

Similar Messages

• Where is Directory Utility

  I have a problem with permissions after migrating from an older macbook pro to a new one running snow leopard. I wanted to check on some user groups using the directory utility, but it is no longer in the Utility folder. Looking for help online suggests that in Snow Leopard it is in the Accounts preferences, but I can not see it - the preference window looks just the same as it did before and there is nothing to indicate where the Directory utility functions - setting root, for example - might be. Am I missing something?

  Barney-15E wrote:
  You can get to it via the Accounts prefpane. Click on the Network Account Server: Join… button.
  On my Snow Leopard installation, in the Accounts preference pane, I have to click on the Login Options box before the Network Account Server appears.

• EDSPermissionError(-14120) problems with LDAP, SSL and Directory Utility

  Hello everyone,
  Apologies for the repost but I think I may have made a mistake by posting this originally in the Installation, Setup and Migration forum instead of the Open Directory forum. At least I think that may be why I didn't receive any responses.
  Anyway, I've been trying to get my head around Open Directory and SSL as they are implemented in Mac OS X Server 10.5 Leopard, and have been having a few issues. I would like to set up a secure internal infrastructure based around a local Certificate Authority that signs certificates for other internal services like LDAP, email, websites, etc.
  I only have one Mac OS X Server and it is kind of a small office so I have gone against best practice and simply made it a CA (through Keychain Utility). I then generated a self-signed SSL certificate through Server Admin, and used the "Generate CSR" option to create a Certificate Signing Request. This went fine, but I did have some problems signing it with the CA, because the server documentation suggested that once I signed it it would pop open a Mail message containing the ASCII version of the signed certificate - it did not, and it took me a loooong time to realize that I could simply export the copy of the signed certificate it put in my local Keychain on the server as a PEM file and paste this back into the "Add Signed or Renewed Certificate from Certificate Authority" dialog box in Server Admin. Hopefully this can be fixed in a forthcoming patch, but I thought I would mention it here in case anyone else is stuck on this issue.
  Once I did this I was able to use this certificate in the web server on the same machine and sure enough I was able to connect to it with with clients who had installed the CA certificate in their system Keychains without getting any error messages - very cool.
  However, I haven't had quite as much luck getting it going with LDAP/Open Directory. I installed the certificate there as well, but have run into a number of problems. At first I could not get clients (also running 10.5.2) to talk to the server at all over SSL, receiving an error in Directory Utility that the server did not support SSL. I eventually discovered that the problem seemed to lie in the fact that the OpenLDAP implementation on Leopard is not tied in with the system Keychain, necessitating some command-line voodoo to install a copy of the CA cert in a local directory and point /etc/openldap/ldap.conf at it, as documented here: http://www.afp548.com/article.php?story=20071203011158936
  This allowed me to do an ldapsearch command over SSL, and seemingly turn SSL on on clients that were previously bound to the directory, and additionally allowed me to run Directory Utility on new clients and put in the server name with the SSL box checked and begin to go through the process of binding. Once this seemed to work, I turned off all plaintext LDAP communication and locked down the service by checking the "Enable authenticated directory binding," "Require authenticated binding," "Disable clear text passwords," and "Encrypt all packets" options in Server Admin. However, I am now running into a new problem, specifically that I cannot successfully bind a local account to a directory account over SSL.
  Here's what happens:
  1) I run Directory Utility, (or it auto-runs) and add a server, typing in the DNS name and clicking the SSL box.
  2) I get asked to authenticate, and type in user credentials, including computer name (incidentally, should this be a FQDN or just a hostname?)
  3) Provided I put admin credentials in here and not user-level credentials, I get taken to the "Do you want to set up Mail, VPN, etc.?" box that normally appears when you autodiscover or connect to an Open Directory server.
  4) I click through, and am asked for a username and password on the server, as well as the password for my local account.
  5) When I put this information in, I get a popup with the dreaded "eDSPermissionError(-14120)" and it fails.
  Checking the logs in Server Admin reveals nothing special, and while I have seen a couple other threads on this error and various other binding problems:
  http://discussions.apple.com/thread.jspa?messageID=5967023
  http://discussions.apple.com/message.jspa?messageID=5982070
  these have not solved the problem. In the Open Directory user name field I am putting the short username. I have tried putting [email protected] and the user's longname but this fails by saying the account does not exist. For some reason it does seem to work if I bind it to the initial admin account I created, but no other user accounts.
  If I turn all the encryption stuff off I am able to join just fine, so I am suspecting that the error may lie in some other "under the hood" piece of software that doesn't get the CA trust settings from the Keychain or the ldap.conf file, but I'm stymied as to which piece of software this might be. Does anyone have any clues on what I might be able to do here?
  Thanks,
  Andrew

  Hard to tell what is happening without looking at the application
  source, knowing what OS & hardware you're using etc. You might want to
  try running with different JVM versions to see if it's actually the VM
  that is the problem. If you have a support contract with BEA you could
  ask support to help you diagnose this.
  Regards,
  /Helena
  Ayub Khan wrote:
  I have an application running on Weblogic 8.1 ( with JRockit as the JVM). This
  application in turns talks to an iPlanet Directory server via LDAP/SSL. The problem
  seems to happen on loading the machine..the performance progressively gets worse
  and after a couple of seconds, all the threads stop responding. I checked the
  heap, cpu and the idle threads in the execute queue and there is nothing there
  to trigger alarms...there are quite a few idle threads still and the heap and
  the cpu utilization seem OK. On doing a thread dump, Is see that all the other
  threads seem to be in a state where they are waiting for data from LDAP and it
  is basically read only data that they are waiting on.
  Does anyone know what it is going on and help point me in the right direction.
  -Ayub

• Mount options from Directory Utility

  Ok, Directory Utility is gone / hidden into System Preferences...
  I used to have a couple NFS mounts defined in Directory Utility. Those are no longer mounted after the upgrade and I don't see where I can set them up again. Anyone found a new way yet?

  Thanks for the info. That's good to know

• Authentication problem in Directory Utility (Standard Mode)

  I misposted this in the 10.4-and-earlier section...I have Leopard.
  Okay, I suppose I am in over my head as I am not a NA but just had so many macs I thought it would be fun to see if I can make OS X Server work.
  I have at the moment 3 users set up: 1 admin and 2 Standard users. When one of the remote Macs tries to use Directory Utility to authenticate, it insists that "The name and password you entered for the user account on the server do not match." Well, I have reset the passwords on the server several times and I am darn sure I have them right. I can connect to the server and use folders and whatnot; i just can't use any of the services.
  I suspect this is a permissions issue, because I also get errors if I try to "Allow (one of the standard users) to administer this server" in the Server Preferences/Users pane. I get "Error '-14120' occurred while processing a command of type 'setMembership' in plug-in 'servermgr_accounts'. That's very descriptive and helpful except that I do NOT know what I am doing.
  Uh, little help? Did I just do something very stupid that is making everyone chuckle?

  I've been at this for eight days myself. Lots of problems. So don't feel bad if things don't sort of "click" into place - they haven't been for me.
  First off - I noticed that you have server_name.local. I'll say something right here about that. I had no end of grief when I configured my server with a .local extension. All my machines are named after Kellogg's cereals - so I decided to name this one honeycomb. So during installation I named it honeycomb.local.
  Now before I explain this - understand this is my understanding .. I could be dead wrong - but this is how I understand it. Apple uses Bonjour technology to locate network resources. In a network environment there will no doubt already be conventional methods for locating computers - such as DNS, Directory Services, etc. Bonjour is designed to happily coexist with all of those. It essentially uses multicast technology to find other devices on the network and configure it. When a device is using Bonjour - it utilizes the .local suffix. You can see where I am going with this.
  So I had some issues and decided to pull the plug. Reinstalled the OS and used honeycomb.private. I STILL see honeycomb.local being referenced throughout - so I feel good now that I made the right choice. Things have been going a lot better since.
  I am going to use mymachine.private as the computer, and jdoe as the username in the next bit. Replace them with your own info.
  +From my own experiences, here are some things to check+
  *_1) Server must respond to the Client's Requests _*
  On the Server:
  -Use 'ipfw flush' and clear out firewall rules while you are testing.
  -Does 'ping mymachine' work?
  -Does 'ping mymachine.private' work?
  _*2) Client must be able to find the data in Open Directory:*_
  -Is Open Directory running in Server Admin.
  -In Server Admin, under Open Directory, under Overview - do you have everything running? Is there an LDAP search base and a Kerberos Realm? Are they correct?
  -Connect with an LDAP client if you must, and manually verify that the user information is in there. I love Apache Directory Studio (http://directory.apache.org/studio/)
  -Perhaps there are certificate or identity issues - turn off the SSL options during testing.
  -In Workgroup Manager->User jdoe->Home ensure the information is correct.
  *_3) Client must be able to mount the home directory:_*
  -Can you manually mount /Users/ on the client, and read / write everything in the jdoe folder ?
  In Server Admin, under File Sharing
  -/Users/ share point - Automount should be enabled (AFP, Home Folders)
  -/Users/ permissions - others should be at least read-only
  This is my preference .. but...
  -/Users/jdoe permissions should be:
  ACL: jdoe - Allow, +Full Control+
  POSIX:
  jdoe - Allow, +Read & Write+
  admin - Allow, +Read & Write+
  Others - Allow, None
  Select jdoe folder, click on the Cog and Propagate Permissions. Check all permission boxes and click OK.
  _On the Client_
  I usually start off, by verifying:
  -Does the client have a DHCP address from my server?
  -Can my client ping the shortname and fullname of my server?
  -Can I manually connect to the server and mount a share?
  -Did I do an *ipfw /flush* on the client too?
  If all that is correct, then I will go into Directory Utility and click the + to add a directory server. I will select type "Open Directory", type in the server name (mymachine.private), and leave SSL unchecked. Click OK. When done it should say:
  mymachine.private(Open Directory Server) - This server is responding normally
  Once you get this far, try logging out and logging in as a user - ie. jdoe
  If it won't let you log in then answer this - did it do its shAkE at you or did it give you an error message?
  Kerberos shouldn't be rearing its ugly head at this stage of the game - its more for single sign on .. but if you see any authentication windows with the words "REALM" or "PRINCIPLE" - those words should set off little Kerberos alarm bells in your head. Like I said - at this stage in the game I don't think those have anything to do with it.
  _*Few other notes:*_
  #1) In Workgroup Manager - you could add the client computer. Enter its full name and short name (you can get them from the sharing option in the client's system preferences). Once the computer is added, you can go into the preferences for the computer, click on Login Preferences and set it to always manage. Put a message in the message box such as "Directory has been consulted" and check the "Show Network Users" box. This way - when you log out .. you will have an indication as to whether the open directory is working at all on the client, or if the problem is more focused with the user account.
  #2) I have been getting
  +Error of type Not a known DirStatus (-1) on line 2075 of SourceCache/ WorkgroupManager/WorkgroupManager-319/Plugins/UserAccounts/UserAdvancedPluginVi ew.mm+
  when creating a user in Workgroup Manager. I just close out of the user and then it allows me back in.
  Drop a post if you manage to solve the problem.

• SSL & iChat Accounts Set-up Through Directory Utility

  I am having a problem with iChat when connecting clients to the services on my server via Directory Utility.
  Once set-up through Directory Utility, I launch iChat and cannot get into the account automatically set-up by the server. It just says "Disconnected Unexpectedly".
  I can create a brand new account in iChat and it connects fine. The difference is that the account "managed by the system administrator" is set to "Use SSL" using Port 5223. If I create a new account, it uses Port 5222 with no SSL.
  Does anyone know where this "Use SSL" option is set on the server (and how I can turn it off)?
  I can have my users connect manually, but I'd rather have the server automatically manage buddy lists and stuff like that.
  Thanks for any ideas.

  I think I solved this.
  For anyone else with this problem, you can change these settings in Workgroup Manager>Preferences>Details. Edit com.apple.iCHat.Managed. Change Often>XMPPAccount>AutoDiscoverHostAndPort> to integer:0 and UseSSL to integer:0.
  This was not my problem, though. My real issue is caused by a case inconsistency in my hostname. Due to settings in NetBIOS and DNS on my network, I had to give the host an all caps name. iChat is looking for a lowercase name. This can also be fixed in Workgroup Manager>Preferences.

• Directory Utility Won't Launch, Pinwheel of Death...

  So, just today, two Leopard Macs (10.5.7) on my network lost connection to our Active Directory. A switch was rebooted, and the Macs lost DNS for only a couple minutes. When I went to reboot them to get the authentication back, as I've done many times in the past, neither of them could see the directory server. None of the AD accounts could log in. So I went to log in as a local admin, and went to launch Directory Utility to unbind and rebind, and I just get the pinwheel of death. This is happening on a G5 tower and an Intel iMac. Both were 10.5.7, and I was hoping an OS update might fix it, so I upgraded them to 10.5.8 and that didn't help.
  Just out of curiosity, I tried to run DU on another Mac Laptop that has never been part of any directory, and it is doing the same thing. The G5 is a pretty fresh OS install with no third party software installed other than VLC. So I'm not really sure what's going on.
  I tried using dsconfigad from the command line to Unbind the machines from the directory, and it just hangs after it asks for the network password... I'm confused, and unable to log into my macs...

  Post to the Server Products forums where those mavens hang out.

• Directory Utility wont connect to Open Directory Server on Xserv 10.5.1

  I am trying to set up the ical service on the xserve, I have the server set up as the OD master when I went into the directory utility app it would not located the server until I changed the search policy to custom which included LDAPv3. Once I did that the server popped up in the directory utility list but it says "server is not responding"
  Any one else having this issue or know what might be the solution?

  Have you tried adding the server to the client using 'servername.local' instead of its DNS name? I have had flaky problems adding clients to the directory server using the DNS name and found using 'servername.local' to be much more reliable.

• How to use Directory Utility to make a local test domain?

  I need to set up wildcard subdomains for a test domain of acegamingsyndicate.test and I can only find guides that use the netinfo utility, which has been removed from Leopard and replaced with the Directory Utility.
  How would I add acegamingsyndicate.test so that I can use wildcard subdomains? acegamingsyndicate.test itself works, after I added it in the hosts file, but subdomains are not working so I don't think that it should be in the hosts file. In fact I'm nearly positive it's not supposed to go in the hosts file.

  You don't use Directory Utility.
  Directory Utility is used to bind the server to a directory server - typically used for user accounts and the like. It's not used for hostnames.
  Also, as you've noted, you can't use /etc/hosts to create wildcard records.
  What you need is a DNS server.
  Mac OS X includes one (BIND), but it is managed via traditional text file editing in the command line, not via a GUI app. Mac OS X Server adds a GUI, but it doesn't sound like you're running that.
  So the question is, how comfortable are you using the command line and is manually configuring the DNS server something you think you're up for?

• Can't login after deleting a standard user on directory utility.

  My laptop was rebooted in an apple service center, they made a user account for me to use. I backed up my old user with migration using time machine. I changed the administrator to my old user account and tried to delete the other user but it kept on returning. After searching on how to delete user, I found a tutorial that promted me to delete that account using the directory utility found in Systems/Library/CoreServices.
  When I tried to log in again, my computer can't find the administrator user. The log in screen is empty and when I type the admin name and password, it would just load and nothing. On the password box, the little circle would just go round and round. Please help!

  Hi RHermann,
  I have some question.
  Does the user use a network account for login and how many users are affected by this problem?
  Did that happened with a local user account on the same PC, too?
  Which OS is running on your PC? Windows 7 64 Bit?
  Which server system do you use for the User server?
  Do you get any problem reports if you login after uninstall DIAdem?
  Can you tell me which HW you use? Dell HP …
  I hope that information will make it possible to detect your problem. :-)

• Nfs mount created with Netinfo not shown by Directory Utility in Leopard

  On TIger I used to mount dynamically a few directories using NFS.
  To do so, I used NetInfo.
  I have upgraded to Leopard and the mounted directories
  are still working, although Netinfo is not present anymore.
  I was expecting to see these mount points and
  modify them using Directory Utility, which has substituted Netinfo.
  But they are not even shown in the Mount panel of Directory Utility.
  Is there a way to see and modify NFS mount point previously
  created by NetInfo with the new Directory Utility?

  Thank you very much! I was able to recreate the static automount that I had previously had. I just had to create the "mounts" directory in /var/db/dslocal/nodes/Default/ and then I saved the following text as a .plist file within "mounts".
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
  <key>dir</key>
  <array>
  <string>/Network/Backups</string>
  </array>
  <key>generateduid</key>
  <array>
  <string>0000000-0000-0000-0000-000000000000</string>
  </array>
  <key>name</key>
  <array>
  <string>server:/Backups</string>
  </array>
  <key>opts</key>
  <array>
  <string>url==afp://;AUTH=NO%20USER%[email protected]/Backups</string>
  </array>
  <key>vfstype</key>
  <array>
  <string>url</string>
  </array>
  </dict>
  </plist>
  I don't think the specific name of the .plist file matters, or the value for "generateduid". I'm listing all this info assuming that someone out there might care.
  I assume this would work for SMB shares also... if SMB worked, which it hasn't on my system since I installed leopard.

• The padlock under 'Directory Utility' isn't functioning

  Hello everyone.
  I am the only one who will use my MacBook (running 10.6.2), and my account is 'admin'.
  If I need to enable the root user, I know I should go to:
  (1) System Preferences
  (2) Accounts
  (3) Login Options
  (4) Network Account Server: Join...
  (5) Open Directory Utility...
  (6) Edit --> Enable Root User
  But between the processes (5) & (6), I previously have to click the lower left padlock in order to make changes.
  But now, the padlock is always open. So I locked it, and it is locked at THIS moment.
  After restarting my Mac, the padlock is open again, how come??
  Thanks in advance!

  *I think I have to re-type my message again in order to make my situation clear: *
  Hello everyone.
  I am the only one who will use my MacBook (running 10.6.2), and my account is 'admin'.
  (I have an only account called 'Michael' and it is set as 'admin')
  If I need to enable the root user, I know I should go to:
  (1) System Preferences
  (2) Accounts
  (3) Login Options
  (4) Network Account Server: Join...
  (5) Open Directory Utility...
  (6) Edit --> Enable Root User
  But between the processes (5) & (6), it SEEMS that I have to click the lower left padlock in order to make changes initially.
  But now, no matter how many times I lock the padlock, when I log out and log in again, the lock is open again.
  But when I lock it, yes it is locked, but just at THIS moment.
  After restarting or log out my Mac, the padlock is open again, how come??
  (I have a 'fresh back-up' after the clean installation of Snow Leopard 10.6.2 and iLife '09 on my external FireWire HD, and I boot into it to check whether I have to click the lower left padlock in order to make changes. I find that between the processes (5) & (6), there is no need for me to type my password in order to unlock the padlock.)
  Thanks in advance!

• Directory Utility missing in Mac Os X lion

  Hi there,
  I have a MacBook Pro 13-inch core i5 processor machine. It was pre-configured by my school(my 1st year using this bloody restricted thing)
  I am VERY ****** off as the "good stuff"(sharing.prefpane, Directory Utility) was in the user account that i could not see.
  I WANT IT BACK! If possible, help me with cracking the firmware password as i want to use boot camp.
  SCREENSHOTS
  FREEDOM FOR MACBOOKS!

  Oh yes it is a late 2011 model.

• Directory Utility keeps telling me the name and password do not match

  Installed Leopard Server on my Mini a few days ago, and I enabled Open Directory server.
  Added the server in my home network with directory utility on my laptop, and it works perfect both when I'm on the local network, and when I'm elsewhere.
  Tried doing the same at my Leopard iMac at work today. Finds the server just fine, but when trying to configure my machine locally I get an error message during Authentication that simply says "The name and password you entered for the user account on the server do not match".
  Now. I KNOW the username and password is correct. And I have the same username and password on this machine (both the long name, and the short one).
  So what am I doing wrong here?

  Christian,
  I've experienced similar issue recently. The most likely solution will be to delete the user and recreate it using same uid and username. I'm going to look for other solutions prior to that.

• Does anyone know Directory Utility is called on a Dutch system?

  I'm trying to install a MAMP on my system and I've found a tutorial on Internet that says that I have to open the Directory Utility in System > Library > Core Services (in Dutch: Systeem > Bibliotheek > CoreServices) but I can't find the Directory Utility. I assume that this is translated to Dutch since I'm using a Dutch system.
  Does anyone know what is called?

  Thanks, for looking. But I've found it: "Adreslijsthulpprogramma".
  (It's a bit off a stupid translation if you ask me)