Many of you are aware that you can open Directory Access, click on the Server menu item, click Connect, and fill in the address, username, and password of an OS X Server and then make changes to the server’s authentication settings as if you are at the console.
I needed to remote control Directory Access the other day on a plain OS X box that I was using for some server functions, but unlike a full OS X Server, Remote Directory Access would not work.
Read on for how to potentially solve this…Then I remembered a great tip from “Essential Mac OS X Panther Server Administration” by Michael Bartosh. On pages 116-117, he discusses Directory Access, and mentions in a tip-
DirectoryService knows whether to listen on port 625 according to the existance of the /Library/Preferences/DirectoryService/.DSTCPListening file. By creating this file and restarting the DirectoryService daemon, it is feasible to access Mac OS X client directory data and configuration remotely.
So I did it, and it worked perfectly. This could be quite useful to incorporate into a deployed image if you occasionally have computers that forget their directory data. Security implications are an exercise for the reader.
Ed. Note: You should probably be more than a bit careful with this since it’s an open port on your client systems that any breach of would cause some serious ramifications. I typically use ssh and dscl and friends to manage this.
On the other hand, this is also a handy tip to use in reverse. You have an OS X Server but it’s a stand alone and you really don’t want it listening on the DS port. Remove the file and restart DS.