Although Apple published a helpful list of TCP and UDP port numbers used by it’s products, it’s a little unclear as to which ones Workgroup Manager needs.

You can figure it out yourself by enabling firewall logging on your Mac OSX Server and watching as you fail to connect. Or, you can take my word for it — here are the ports that you need to allow access to:

1. TCP 625 for “Remote Directory Access”, as mentioned on the above page.
2. TCP 8175.

For the last port, the only option in the Server Admin firewall interface is to enable ports 8000-8999 for “Web Service, iTunes Radio streams”. If you are running other services on those ports that you want to protect, or if you’re just paranoid, you’ll want to add a custom rule for port 8175.
(more…)

The wiki/blog server in Mac OS X Server is a boon for collaboration between groups with simple needs. It provides easy posting of text, images and other files on wikis and blogs. However, it has a few drawbacks. To improve security on the blogs and wikis, Apple set up filters to allow only a limited set of simple HTML tags in the user-generated content – the rest are automatically removed. For private servers, where the users are authenticated and trusted, this is needlessly limiting. Here’s how to disable that feature.

(more…)

I recently installed and configured GNU Mailman on Solaris 10 and found the documentation a little lacking, so here are a few tips that you may find useful.

(more…)

This is the third out of four articles on integrating Mac OSX 10.5 (Leopard) Server with an external, UNIX-based LDAP server in a way that the collaboration services — wikis, blogs and calendars — in Mac OSX are available for users and groups in the external LDAP directory as if they were native users.

The first article describes how to add the appropriate Apple LDAP schema to your external directory. The second article describes how to set up appropriate partitions (e.g., cn=config, ou=MacOSX…) in your external directory to hold data from the Apple server. This article tackles the augmentation of user records in the external directory so that OSX Server recognizes them as native users.

(more…)