Thread-topic: Generating OpenDirectory Account with external tools.
User-agent: Microsoft-Entourage/11.3.6.070618
So it's looking like there are some tools to generate this information. Now
I just have to figure out if I'm able to use these tools on a Mac and get
their output in my software.
It really does sound like I'm totally hooked on UMRA to do this, but this is
mostly because I've already established a lot of infrastructural stuff with
it, and I'd like to keep using it for that. The Devel team of the software
is even willing to work with me to get mac functionality integrated better
with it. Now my challenge is to try to understand a bit better the inner
working of Mac OD in order to accomplish this.
Perl scripts are always a good solution, unfortunately, I'm not too well
versed with perl scripting, so I may be at a slight disadvantage in that
arena.
I will take a more in-depth look at the password server to see how passwords
are built. If it's one of the generic encryptions of passwords, I'm sure
there is tools out there that will allow me to create those.
Ideally, at this point, I would prefer to be able to use built in mac
commands to generate the OD fields.
Thanks again for your insight Ski!
-----------------------------------------
Georges Khairallah
Network Specialist
Technology
Chino Valley Unified School District
Georges_khairallah at chino.k12.ca.us
http://www.chino.k12.ca.us
> From: Ski Kacoroski <email@hidden>
> Organization: Northshore School District
> Date: Wed, 10 Oct 2007 09:11:42 -0700
> To: Georges Khairallah <email@hidden>
> Cc: <email@hidden>
> Subject: Re: Generating OpenDirectory Account with external tools.
>
> Hi George,
>
> I work for the Northshore school district (20K kids, 2800 staff) and
> have many of the same issues. We moved away from distributed servers a
> few years ago because of the maintenance headaches (local staff kept
> turning them off an inopportune times :).
>
> On Tue, 09 Oct 2007 16:30:35 -0700 Georges Khairallah
> <email@hidden> wrote:
>>
>> Here¹s what I have already accomplished:
>> With the tool, I was able to create an Open Directory account, with
>> all the common LDAP fields.
>> However, I ran into a problem when I found that there are some auto
>> generated fields that get created that I have no idea how to get.
>> namely: authAuthority, apple-generateduid, and apple-mcxflags.
>> Given that I¹m using an external tool to generate the accounts, is
>> there any way at all to somehow generate these unique fields specific
>> to the OS X directory schema? Would these fields get generated
>> automatically upon user login?
>
> I ended up using dscl and expect from perl scripts to create the
> accounts which then creates all the fields properly. I think there is
> a way to do this directly with ldap commands and then pwpolicy from the
> command line, but I have not had time to test it.
>>
>> Also, another question, the userPassword field, when created from OS X
>> server has some form of encryption that is different than the one
>> created from outside, which is {SHA}....... (I believe base64) What
>> is the encryption for that field, and would creating a base64
>> encrypted password work instead?
>
> AFAIK no, the passwords are stored in the password server completely
> separate from LDAP (it does depend on how you set up OD). I use perl,
> dscl, and pwpolicy to change and set password parameters in OD.
>
> I actually have a series of scripts that creates users in openldap, AD,
> and OD based directly on changes made in the student records system
> (ESIS) or on data we get from the HR system so I know you can do it.
>
> cheers,
>
> ski
>
>
>
> --
> "When we try to pick out anything by itself, we find it
> connected to the entire universe" John Muir
>
> Chris "Ski" Kacoroski, email@hidden, 206-501-9803
> or ski98033 on most IM services and gizmo
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
