Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Where does OS X store LDAP and login settings?
Operating Systems OS X (Apple) Where does OS X store LDAP and login settings? Post 302723245 by [MA]Flying_Meat on Monday 29th of October 2012 06:28:06 PM
Old 10-29-2012
Virtually everything "directory services" is handled by Apple's Directory Services or more currently, Open Directory.

Given AD is developed via Microsoft, and it therefore is a "different enough" version of LDAP, it has been given it's own plugin - dsconfigad.

The "odutil show all" command will be helpful with regard to checking various states of directory service on at least the two most current Mac OS X versions. I vaguely recall OD showing up in Snow Leopard first, but I could be mistaken...
 

9 More Discussions You Might Find Interesting

1. Web Development

APACHE: Tie in Web Page login with server login

Hello, I have created a web page on a server using apache and added .htaccess and .htpasswd in the folder for authentification. I was wondering if there was anyway to tie-in the login for this page with the login used to logon to the server. i.e. the same login info. is used for both,... (2 Replies)
Discussion started by: WhotheWhat
2 Replies

2. UNIX for Advanced & Expert Users

Different login shells in LDAP

Hi folks, we have a very heterogenous server environment. There are also lots of AIX and Linux servers which usually have different login shells and all servers have to be integrated into LDAP. The LDAP Meta Directory is hosted by a Novell eDirectory. On our Linux boxes it is usually bash, on... (5 Replies)
Discussion started by: zaxxon
5 Replies

3. Shell Programming and Scripting

ksh script that echo " please insert your name " and store the output to a login.log file.

Hello All Nice to meet you all here in this forum, it's my 1rst time here i'm asking about a little issue that i face i added a ksh script that echo " please insert your name " and store the output to a login.log file. the script is working fine with normal telnet but Xstart is not working... (8 Replies)
Discussion started by: islam.said
8 Replies

4. Shell Programming and Scripting

What settings are required for login to CVS using Terminal in Mac OS X?

Hi All, I want to login to CVS using terminal. I am executing the following command in the terminal :- export CVSROOT=: pserver:ags_rd@istcvs.corp.apple.com:/istcvs/CVSHOME cvs login But i get the following error : Afreens-iMac:buildTest Afreen$ export CVSROOT=:... (3 Replies)
Discussion started by: Afreen
3 Replies

5. OS X (Apple)

What settings are required for login to CVS using Terminal in Mac OS X?

Hi All, I want to login to CVS using terminal. I am executing the following command in the terminal :- export CVSROOT=: pserver:ags_rd@istcvs.corp.apple.com:/istcvs/CVSHOME cvs login But i get the following error : Afreens-iMac:buildTest Afreen$ export CVSROOT=:... (1 Reply)
Discussion started by: Afreen
1 Replies

6. AIX

Stty settings before login

Hello. I'm experiencing a frustrating issue. I'm using an old, unsupported terminal client (QVT) with AIX 6.1 using ssh2. I've come up with some stty settings that allow full usage of the system but to do so I've had to set "igncr". While this works fine once the user is logged in there are... (12 Replies)
Discussion started by: RedCabbage
12 Replies

7. UNIX for Advanced & Expert Users

something like LDAP Administrator 2011.1 "LDAP-SQL" but for the CLI

Hi I am searching a tool like "LDAP Administrator 2011.1"/ "LDAP-SQL" but for the CLI. Wish to use LDAP-SQL in scripts (non Windows GUI environment) http://ldapadministrator.com/resources/english/2011.1/images/sqlquery_large.png Softerra LDAP Administrator 2011.1 - What's New OS is... (2 Replies)
Discussion started by: slashdotweenie
2 Replies

8. Red Hat

How to cache login in ldap clients !!! Please helpppp !!!!

Hey guys iīve one big problem with nscd.conf this donīt work i tried many examples of configuration the nscd.conf simply donīt work when i stop the ldap server i try access by ssh on the client i canīt make logon. And the database on /var/db/nscd donīt work. follows below the conf of... (0 Replies)
Discussion started by: paulo_eduardo
0 Replies

9. Solaris

LDAP Client not connecting to LDAP server

I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful. The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies

LEARN ABOUT OSX

dsconfigad

dsconfigad(8)						    BSD System Manager's Manual 					     dsconfigad(8)

NAME

     dsconfigad -- retrieves/changes configuration for Active Directory.

SYNOPSIS

     dsconfigad -help
     dsconfigad -show [-xml]
     dsconfigad -add fqdn -username username [-password password] [-computer computerid] [-ou dn] [-preferred server] [-force]
		[-localuser username] [-localpassword password] [-packetencrypt allow | disable | require | ssl]
     dsconfigad -leave [-localuser username] [-localpassword password]
     dsconfigad -remove -username username [-password password] [-localuser username] [-localpassword password]
     dsconfigad [-localuser username] [-localpassword password] [-alldomains enable | disable] [-enableSSO] [-localhome enable | disable]
		[-gid attribute | -nogid] [-ggid attribute | -noggid] [-groups "group1,group2,..." | -nogroups] [-mobile enable | disable]
		[-mobileconfirm enable | disable] [-namespace forest | domain] [-packetencrypt allow | disable | require | ssl]
		[-packetsign allow | disable | require] [-passinterval value] [-preferred server | -nopreferred] [-protocol afp | smb | nfs]
		[-restrictDDNS interface,interface,...] [-sharepoint enable | disable] [-shell value] [-uid attribute | -nouid]
		[-useuncpath enable | disable]

DESCRIPTION

     This tool allows command-line configuration of the Active Directory.  dsconfigad has the same functionality for configuring the Active Direc-
     tory as the Directory Utility application.  It requires "admin" privileges to the local workstation and to the Directory to make changes.

     A list of flags and their descriptions:

     -add fqdn
	      The fully-qualified DNS name of the Domain to be used when adding the computer to the Directory (e.g., domain.ads.example.com).

     -alldomains enable | disable
	      This flag determines whether the plugin allows authentication from any domain in the forest.  When this is enabled, individual
	      domains will not be visible, only "All Domains". If it is disabled, you will have the ability to select the specific domains that
	      can authenticate to this computer. Enabled by default.

     -computer computerid
	      The "computerid" to add the specified Domain

     -enableSSO
	      (Server Only) When using MacOS X Server with Active Directory, this enables SSO for all supported services.

     -force   Force the process (i.e., join the existing account or remove the binding)

     -ggid attribute
	      This specifies the attribute to be used for the GID of the group.  By default, a group GID is generated from the Active Directory
	      GUID of the group.

     -gid attribute
	      This specifies the attribute to be used for the GID of the user.	By default, a GID is derived from the primaryGroupID of the user
	      (typically Domain Users).

     -groups group1,group2,...
	      Use the listed groups to determine who has local administrative privileges on this computer.  Groups can be specified by domain to
	      ensure security is not compromised, e.g., "domain admins@domain.ads.demo.com"

     -help    Lists the options for calling dsconfigad

     -leave   Leaves the current domain (preserving the computer record in the directory).

     -localhome enable | disable
	      This flag determines whether the plugin forces all home directories to be local to the computer (i.e., /Users/username) (enabled by
	      default).

     -localpassword password
	      Password to use in conjunction with the specified local username.  If this is not specified, you will be prompted for entry.  Note
	      that using this option has a security risk due to a small window where the password could be captured from running process list.
	      Consider using the prompting mechanism to ensure passwords are not exposed unexpectedly.

     -localuser username
	      Username of a local account that has administrative privileges to this computer

     -mobile enable | disable
	      This flag determines whether the plugin will enable mobile account support for offline logon (disabled by default).  This flag is a
	      hint.  If the appopriate Workgroup Management settings exist for a user, this will not override, as directory settings for the user
	      take precendence.

     -mobileconfirm enable | disable
	      This flag determines whether the plugin will warn the user when a mobile account is going to be created.	This flag is a hint as
	      discussed in -mobile

     -namespace forest | domain
	      Sets the primary account username naming convention.  By default it is set to "domain" naming which assumes no conflicting user
	      accounts across all domains.  If your Active Directory forest has conflicts setting this to "forest" will prefix all usernames with
	      "DOMAIN" to ensure unique naming between domains (e.g., "ADDOMAINuser1").  Warning:  this will change the primary name of the user
	      for all logins.  Changing this setting on an existing system will cause any existing homes to be unused on the local machine.

     -noggid  Turn off any previously mapped attribute and generate the group GID from the Active Directory GUID.

     -nogid   Turn off any previously mapped attribute and use the GID from the directory.

     -nogroups
	      Disable use of the current groups for determining administrative privileges on this computer.

     -nopreferred
	      Turn off any previously specified server and default to dynamic server discovery.

     -nouid   Turn off any previously mapped attribute and generate the UID from the Active Directory GUID.

     -ou dn   The LDAP DN of the container to use for adding the computer.  If this is not specified, it will default to the container
	      "CN=Computers" within the domain that was specified (e.g., "CN=Computers,DC=domain,DC=ads,DC=demo,DC=com"

     -packetencrypt allow | disable | require | ssl
	      By default packet encryption is allowed but not required, but can be required or disabled (for example if debugging a problem).
	      This ensures that the data to/from the server is encrypted and signed guaranteeing the content was not tampered with and cannot be
	      seen by other computers on the network.

     -packetsign allow | disable | require
	      By default packet signing is allowed but not required, but can be required or disabled (for example if debugging a problem).  This
	      ensures that the data to/from the server is not tampered with by another computer before received it is received.  It Fl passinter-
	      val Ar value Set how often the computer trust account password should be changed (default 14).

     -password password
	      Password to use in conjunction with the specified username.  If this is not specified, you will be prompted for entry.  Note that
	      using this option has a security risk due to a small window where the password could be captured from running process list.  Con-
	      sider using the prompting mechanism to ensure passwords are not exposed unexpectedly.

     -preferred server
	      Use the specified server for all Directory lookups and authentications.  If the server is no longer available, it will fail-over to
	      other servers.

     -protocol afp | smb | nfs
	      This flag determines how a home directory is mounted on the desktop.  By default SMB is used, but AFP can be used for use with Mac
	      OS X Server or 3rd Party AFP solutions on Windows Servers (previously known as mountstyle)

     -restrictDDNS
	      Restricts Dynamic DNS updates to specific interfaces (e.g., en0, en1, en2, etc.).  To disable restrictions pass "" as the list.

     -remove  Remove this computer from the current Domain

     -sharepoint enable | disable
	      Enable or disable mounting of the network home as a sharepoint.

     -shell value
	      Use the specified shell (e.g., "/bin/bash") if a shell attribute does not exist in the directory for the user logging into this com-
	      puter.  Use a shell value of "none" to disable use of a default shell, preserving values that are only specified in the directory.

     -show    Shows the current configuration of the Active Directory

     -uid attribute
	      This specifies the attribute to be used for the UID of the user.	By default, a UID is generated from the Active Directory GUID.

     -username username
	      Username of a Network account that has administrative privileges to add/remove this computer to/from the specified Domain

     -useuncpath enable | disable
	      This flag determines whether the plugin uses the UNC specified in the Active Directory when mounting the network home.  If this is
	      disabled, the plugin will look for Apple schema extensions to mount the home directory.

     -xml     Output in XML rather than plain text.  Valid only with -show.

EXAMPLES

     Adding a computer to a Directory:

     dsconfigad -add domain.ads.example.com -computer ThisComputer -username "administrator" -ou
     "CN=Computers,OU=Engineering,DC=ads,DC=example,DC=com"

     Giving a set of groups administrative access to the local computer:

     dsconfigad -groups "DOMAINdomain admins,FORESTenterprise admins,DOMAINdesktop techs"

SEE ALSO

     opendirectoryd(8), odutil(1)

Darwin								  August 28 2010							    Darwin
All times are GMT -4. The time now is 07:29 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy