This doesn’t really warrant a full post in the Macs at home series but it is quite fantastic. I discovered it on my semi-regular trawl through Mac blogs.
Basically you open Directory Access.app, configure your LDAP server and – under Search & Mappings, click Write to Server. You’re asked for a Name, Password and Search Base. The name is the DN of a user with write access to the search base on your server. The operation writes a base64-encoded XML plist, shockingly similar to the DSLDAPv3PlugInConfig.plist we’ve seen before, to the directory.
Then when you come to configure the next Mac, instead of faffing about setting up the attribute mappings manually you just select From Server.
Word.
After several engineer callouts, multiple component replacements and hours of diagnostics, topcat.csr.com will now not even power on and has been pronounced dead.
Here it is at twenty past seven in the morning and I’m awake and getting ready to leave the flat.
This is most unlike me.
If you know me personally you’ll be quite surprised to hear that I volunteered to be on site at CSR an hour earlier: from 0800 to 1600 instead of 0900 to 1700.
It actually doesn’t work out so terribly. I worked precisely those hours at Siemens and since Rebecca is asleep whatever time I leave, the only change from her perspective is I get home an hour earlier.
Off I go!
Ah, realtime blogging. It’s like Myspace in here.
See the introduction to this post.
Last time I hinted at getting automount and DHCP-supplied LDAP settings working. I gave up on DHCP since a) I tried to get it working last year at CacheLogic and failed; b) I couldn’t find much documentation on it; c) the documentation I did find suggested that it only provides an LDAP server and base, which wouldn’t be sufficient on my network because of the attribute mappings needed to placate DirectoryService.
I did get automount working, however. And as a special bonus I got it working on a Linux machine too. Since there isn’t a massive amount of useful documentation out there for AutoFS and LDAP, I’ll talk about the Linux configuration here as well as the Mac configuration.
(more…)
See the introduction to this post.
Now I had belsunce and maling configured so that Rebecca and I could log on at either machine and get the same UID and GID for our accounts. Additionally, maling was set up so that users could have NFS home directories. Rebecca’s account was set up to take advantage of this.
The next step is to do away with local accounts on maling altogether (remember that for the moment I’m keeping local details on the laptop; it could be an LDAP secondary I suppose). Users there will authenticate against LDAP instead.
(more…)
Rebecca now has a driving licence. And with this she was able to convince the bank that she really does live with me. As soon as they send her a copy statement she’ll be able to get her Capital One 40% APR credit card For Dummies which will help her build up a credit history.
Things are looking up and the secret was getting her Hong Kong driving licence. Because HK is on the DVLA’s special list she was able to exchange her licence for a UK one with no questions asked. Without that she would have had to take a test to get a UK licence.
Hint to anyone migrating to this cesspit of a country: take your driving test first!
See the introduction to this post.
Since I sometimes take my MacBookPro out with me it makes sense that I have a local user account to log on. Rebecca’s Mac Mini, on the other hand, never leaves the house. It’s a prime candidate for mounting user home directories over NFS.
To do this we need our friend the automounter. Automounts can be configured in old-skool flat files. They can be imported from LDAP or NIS with the DirectoryService. Or they can be taken direct from NetInfo. That’s what we’ll use here.
(more…)
See the introduction to this post.
My first goal was somewhat prosaic. I wanted user accounts on belsunce and maling to have the same UID and GID as in LDAP. Nothing more than that. The first user account created when you install OS X has UID 501 and GID 501. Subsequent accounts take the next available UID and GID.
Because my account was the first one created on my Mac and Rebecca’s was the first created on hers, I was user 501 on belsunce and 502 on maling while she was 503 on belsunce and 501 on maling. Our LDAP UIDs are 101 and 314 respectively. Rather than delete and create new accounts I wanted to edit the details of the existing ones.
This operation would be equivalent to the traditional UNIX passwd file editing. On Macs we have what Apple calls NetInfo.
NetInfo is basically a database of various things including user account information. There’s a graphical tool to look at how it’s laid out: /Applications/Utilities/NetInfo Manager.app. Open the tool, click users and there are all the users on the system complete with the various attributes associated with them.
We can get and set this information from the command line too.
(more…)
For this series of posts I’m going to deviate a little from the standard journal style of a blog while also steering clear of a traditional HOWTO-style document.
I’m going to talk about the steps I’ve taken to integrate two Macs into my home network, which is based on Samba, LDAP and Kerberos. But rather than simply list a bunch of steps that describe how to get from nothing to what I have now, or write a hefty reference guide on the technologies involved, I’m going to write a series of posts in which I detail the evolution of the setup. I learned some interesting stuff along the way and it would be a shame not to write a little about it just because the optimal configuration doesn’t depend on it.
(more…)
