Using signed SSL certificates in Mac OS X Server 10.5 is a bit of a black art. In this article I describe how it’s done. Some services, such as the web service, work fine with signed certificates by default. However, the iChat (jabber), iCal (caldav), Mail (postfix/cyrus), and possibly other services do not work properly without some additional work on the command line (“Terminal”).

The problem in OS X Server 10.5 is that the System Admin app fails to provide decrypted private keys, and points some services to a certificate that doesn’t work for that service. The result is that those services will fail to allow connections over SSL.

I will describe how to fix the Mail, iChat and iCal services. The solution is basically the same for them all: decrypt the private key and replace the encrypted version in the combined certificate-key file, then update the service’s settings to use the proper certificate.

(more…)

I’m just starting work on the deployment of a lab full of iMacs and Mac Minis, and I’m going to document the process in a blog post. Not this blog post — this is just the appetizer :).

The plan is to use a modular system image, a method of deployment that is new in OS X Server 10.5, and offers numerous improvements over the old way of system deployment, cloned system images. Some advantages of modular images are:
(more…)

Adding Leopard’s LDAP Container Objects to the UNIX LDAP Server

In the first article in this series, I described how to get the schema data out of Leopard and into a Sun ONE Directory Server. In this article, I’ll describe how to get the container objects out of Leopard’s LDAP server, and add them to the UNIX directory. These container objects will hopefully hold data relevant for assigning access to Apple’s Blog & Wiki server, among other things.

I say “hopefully” because I’m writing as I go, and I don’t know how it will turn out. However, given that others have had success at employing this method to get NFS automounting home directories working from Solaris LDAP, there is good reason to believe that it will work for other OSX services as well.

(more…)

This article will add to Rajeev Karamchedu’s excellent post, “Integrating Mac OS X into Unix LDAP Environment with NFS Home Directories”, only with Leopard Server instead of Tiger. My goals are a bit different from Rajeev’s: I am not interested in automounting home directories with NFS, but rather in augmenting UNIX accounts from Sun’s LDAP directory so that they can be used with Apple’s collaboration services. This information is also relevant for those who are looking for auto-mounting home directories, however.

Rajeev used Tiger server, which has a different apple.schema file from Leopard. It looks like he upgraded his Tiger server to Leopard instead of starting with a clean install of Leopard, so he may not have encountered the same obstacles as those of us who are starting from a non-upgraded Leopard server. The procedure is basically the same, but we need a new schema file (Leopard’s LDAP schema has an additional 400+ lines!), and we’ll need to add some missing attributes to it. Conveniently, I am also integrating with Sun ONE Directory Server 5.2. However, this methodology should apply equally to any LDAPv3 compliant directory server, such as OpenLDAP.

(more…)