Hi George,
I work for the Northshore school district (20K kids, 2800 staff) and
have many of the same issues. We moved away from distributed servers a
few years ago because of the maintenance headaches (local staff kept
turning them off an inopportune times :).
On Tue, 09 Oct 2007 16:30:35 -0700 Georges Khairallah
<email@hidden> wrote:
>
> Here¹s what I have already accomplished:
> With the tool, I was able to create an Open Directory account, with
> all the common LDAP fields.
> However, I ran into a problem when I found that there are some auto
> generated fields that get created that I have no idea how to get.
> namely: authAuthority, apple-generateduid, and apple-mcxflags.
> Given that I¹m using an external tool to generate the accounts, is
> there any way at all to somehow generate these unique fields specific
> to the OS X directory schema? Would these fields get generated
> automatically upon user login?
I ended up using dscl and expect from perl scripts to create the
accounts which then creates all the fields properly. I think there is
a way to do this directly with ldap commands and then pwpolicy from the
command line, but I have not had time to test it.
>
> Also, another question, the userPassword field, when created from OS X
> server has some form of encryption that is different than the one
> created from outside, which is {SHA}....... (I believe base64) What
> is the encryption for that field, and would creating a base64
> encrypted password work instead?
AFAIK no, the passwords are stored in the password server completely
separate from LDAP (it does depend on how you set up OD). I use perl,
dscl, and pwpolicy to change and set password parameters in OD.
I actually have a series of scripts that creates users in openldap, AD,
and OD based directly on changes made in the student records system
(ESIS) or on data we get from the HR system so I know you can do it.
cheers,
ski
--
"When we try to pick out anything by itself, we find it
connected to the entire universe" John Muir
Chris "Ski" Kacoroski, email@hidden, 206-501-9803
or ski98033 on most IM services and gizmo
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
