Personal tools
Navigation
Log in


Forgot your password?
New user?
 
Document Actions

How to Push OD Bindings via a Package, Electronic Surveillance Law Followup

Folks,

A short newsletter this week with a couple of tidbits.

How to Push Open Directory Bindings

Several clients of mine have wanted to push out Open Directory bindings via a package, using ARD or Casper or allowing users to do it on their own. It's not hard to set up, but there's a twist. Also, this won't work properly for a trusted bind.

  1. Set up an exemplar machine with the correct Open Directory binding settings. Remember, do not enter the directory administrator username and password as you cannot push out a trusted bind.
  2. Create an installer package that will take the file /Library/Preferences/DirectoryService/LDAPv3PlugInConfiguration.plist from the exemplar and install it on the target. *Only* that file, and none of the others in that directory. The authentication search path is stored in the file SearchNodeConfig.plist, so why isn't it a part of the package?
  3. Here's the twist. Create a postinstall script with the following contents:
    #!/bin/sh

    # set authentication search path

    /usr/bin/dscl localhost -create /Search CSPSearchPath /NetInfo/DefaultLocalNode
    /usr/bin/dscl localhost -append /Search CSPSearchPath /LDAPv3/<server node>
    /usr/bin/dscl localhost -create /Search SearchPolicy CSPSearchPath

Obviously, substitute the actual server IP address or DNS name (whichever you used for the binding) in for <server node> in the script. The reason for doing this is that the DirectoryService process will overwrite the file /Library/Preferences/DirectoryService/SearchNodeConfig.plist with what it has in memory, so if you push out that file it will be overwritten and the custom path that you set on the exemplar won't work. By scripting the search path using dscl, we can avoid the problem.

When I get a chance I'll create a package creation skeleton for setting this i[. For creating the package, I recommend that you use Iceberg, a freeware app that is much better than Apple's PackageMaker. <http://s.sudre.free.fr/Software/Iceberg.html>

Electronic Surveillance Law Followup

Joe Moreno wrote a very well-reasoned and elegant letter to Brian Bilbray, his congressman, about changes to the current electronic surveillance laws. With his kind permission, I'm including a link here. <http://www.joemoreno.com/CongressionalLetter.pdf>


--Paul

Powered by Plone, the Open Source Content Management System