Problem following Cylinder of Destiny Article Sample Config

[chefhomer]

I never see the /Library/Preferences/DirectoryService/SearchNodeConfig.plist get updated to include the Augment configuration on the Leopard OD server or Leopard client.

and ‘dscl /Search’
‘read /Users/username’

Still only returns the info about username from the PD and not the additional info about the username in the SD

PD is named mail2 (/LDAPv3/mail2 ) mail2 has an entry in all local /etc/hosts files and Leopard server is able to retrieve info via LDAP from it
SD is the local leopard server – (/LDAPv3/127.0.0.1 )

The plist for augment config was entered like this:
[code]


Augment Attribute List

dsRecTypeStandard:Users

dsAttrTypeStandard:MCXSettings
dsAttrTypeStandard:MCXFlags
dsAttrTypeStandard:IMHandle
dsAttrTypeStandard:MailAttribute
dsAttrTypeStandard:ServicesLocator


Augment Directory Node Name
/LDAPv3/127.0.0.1
Augment Search
Augmented Directory Node Name
/LDAPv3/mail2

__
[/code]
But this is what SearchNodeConfig.plist reads after doing that:

[code]

DHCP LDAP

/Sets/13D03B90-1FD2-41BE-A2E0-C55E86D9B547


Search Node Custom Path Array

/LDAPv3/mail2
/LDAPv3/127.0.0.1

Search Node PlugIn Version
Search Node PlugIn Version 1.7
Search Policy
3

[/code]

I can see with an LDAP java client that a record has been created under the ‘cn=augments’ on the Leopard Server Open Directory Master.

Can someone help me figure out what the SearchNodeConfig.plist should now look like, and/or help me figure out where I screwed up?

Thanks.

[chefhomer]

Tried using a FQDN for both the PD and SD and it does not appear to have made any difference – I also tried a clean 10.5.1 server OS install to a second disk and started again from scratch but am seeing the same results. No change in the /Library/Preferences/DirectoryService/SearchNodeConfig.plist file after adding the augmentconfiguration via workgroup manager – Can you post what the plist should look like from your example config?

Do you think if I try editing the plist on the server by hand, and then restart the service it might work?

[chefhomer]

I never was able to get this to work on my Leopard servers – can you point me to any more ‘Cylinder of Destiny’ resources that might help me get this working? Also I saw you mention OpenLDAP with Transparent Overlays in the WWDC OD presentation – is there more information available regarding setting up those types of configurations?

Thanks in advance.

[mroach]

Chefhomer, I had one issue what trying to the initial mapping of the directory, my university requires pam certs to be installed, before anything would work for me, this could be a thought for you.

But, i’ve a slightly different issue following the configuration.
I’ve followed the sample config also. I’ve ran into an issue when actually writing the augments to the user, within the workgroup manager.

My plist for the augment config was entered like this

[code]


Augment Attribute List

dsRecTypeStandard:Users

dsAttrTypeStandard:MCXSettings
dsAttrTypeStandard:MCXFlags
dsAttrTypeStandard:HomeDirectory
dsAttrTypeStandard:NFSHomeDirectory
dsAttrTypeStandard:PrimaryGroupID
dsAttrTypeStandard:UserShell


Augment Directory Node Name
/LDAPv3/box126.atc.**.edu
Augment Search
Augmented Directory Node Name
/LDAPv3/authn.directory.**.edu

[/code]

When i go to augment the NFSHomeDirectory or any element. I get the following error.

[quote]
Attribute not mapped.

The attribute with the name “NFSHomeDirectory” is not mapped for the record type “Augments”. You should report this error to the administrator of your directory server.
[/quote]

I did check my SearchNodeConfig.plist and it is as follows:

[code]


Augment Attribute List

dsRecTypeStandard:Users

dsAttrTypeStandard:MCXSettings
dsAttrTypeStandard:MCXFlags
dsAttrTypeStandard:HomeDirectory
dsAttrTypeStandard:NFSHomeDirectory
dsAttrTypeStandard:PrimaryGroupID
dsAttrTypeStandard:UserShell


Augment Directory Node Name
/LDAPv3/127.0.0.1
Augment Search
Augmented Directory Node Name
/LDAPv3/authn.directory.**.edu
DHCP LDAP

/Sets/20AEDA80-BE94-4205-8FE7-31DDC1A6C927


Search Node Custom Path Array

/LDAPv3/127.0.0.1
/LDAPv3/authn.directory.**.edu

Search Node PlugIn Version
Search Node PlugIn Version 1.7
Search Policy
3

[/code]

The PD which i am using is authn.directory.**.edu, i am able to browse the directory under workgroup manager. I had to do a custom mapping on the server with the directory utility since my university has a unique schema.

I am wondering since the schema at my university is unique and does not have the typical dsAttrTypeStandard fields, is this causing issues with performing the augmentation?

I did check on the clients and the augmentation has been pushed down, and they can also authenticate against the authn.directory.**.edu.

[mroach]

Without augmenting augmenting the NFShome i had mixed successes. I do not know if the augmentation is actually taking place or if the client is authentication to the ldap server at my university. I do know that the augmentation is taking place via reading the SearchNodeConfig.plist but i also checked the DSLDAPv3PlugInConfig.plist and could not find any trace of augmentation.

This brings up a second question, for the client, do i need to have both the ldap directory configured and also open directory or just the open directory? I am running 10.5 server and clients.

I’ve checked our middleware site that runs the ldap directory and the schema does not have NFSHome or any other references in it to a traditional unix directory with those regards. If you would like to see the schema i can show you off the list.

[mroach]

I just checked the client and using dscl ant thhe /Search within dscl. The only change which i do recognize is the addition of NFSHomeDirectory to the path i’ve specified within the augments under wgm.

The other issue i’m noticing when using wgm to do the augments to the directory, that i still can not add simple attributes. For example, i just tried to put an IMHandle attribute in the augment, but it still would add. I have this added in the augmentconfiguration within the XMLPlist. Still no change saying that this attribute is not mapped.

[ryanlim]

chefhomer,

I ran into the same problem as you did. After checking my configuration over and over, and even going as far as to reinstall the entire server, I just realized the plist entry, if you did a copy and paste from the article, may have invisible characters at the indentation.

What I did was to paste the plist into a plain text editor, save it, then run plutil -lint.

After removing the invalid characters and saving the plist back in the WGM, the SearchNodeConfig.plist looked correct and the /Search/Users node contained the augmented record.

Hope this helps.

[chefhomer]

Thank you for the suggestions – however the text I am pasting into Workgroup Manager checks out fine via the plist editor utiltiy. (and the plutil command returns ‘OK’ on the same file.)
I still never see the /Library/Preferences/DirectoryService/SearchNodeConfig.plist file get updated when I click save in Workgroup Manager.

I have tried it on 2 different Leopard Servers we have with the same results on both. (the plist does show up as saved under augment configuration in workgroup manager)

Is it possible to just Manually doctor the SearchNodeConfig.plist directly with the plist editor, and then kill off DirectoryService to get it to read the manually edited file?

If so – can someone copy and paste the text of their updated SearchNodeConfig.plist file?

Thanks.

[ryanlim]

Having solved that issue, I’m running into a different issue now. In WGM, whenever I authenticate to the directory, I get an unexpected errors.[code]Error of type eServerSendError (-14740) on line 401 of /SourceCache/WorkgroupManager/WorkgroupManager-319/DirNodeRefController.m[/code][code]Error of type ePlugInNotFound (-14275) on line 1194 of /SourceCache/WorkgroupManager/WorkgroupManager-319/PMMUGAccountsContentsView.mm[/code][code]Error of type ePlugInNotFound (-14275) on line 3708 of /SourceCache/WorkgroupManager/WorkgroupManager-319/PMMUGSearchController.mm[/code]

After that, if I browse the /Search or /Local node I get [code]Error of type eDSInvalidReference (-14071) on line 3162 of /SourceCache/WorkgroupManager/WorkgroupManager-319/PMMUGMainView.mm[/code] and see nothing change on the WGM window.

I can’t seem to find any workaround this. dscl seems to work fine (I think).

[ryanlim]

[QUOTE][u]Quote by: chefhomer[/u][p]Thank you for the suggestions – however the text I am pasting into Workgroup Manager checks out fine via the plist editor utiltiy. (and the plutil command returns ‘OK’ on the same file.)
I still never see the /Library/Preferences/DirectoryService/SearchNodeConfig.plist file get updated when I click save in Workgroup Manager.

I have tried it on 2 different Leopard Servers we have with the same results on both. (the plist does show up as saved under augment configuration in workgroup manager)

Is it possible to just Manually doctor the SearchNodeConfig.plist directly with the plist editor, and then kill off DirectoryService to get it to read the manually edited file?

If so – can someone copy and paste the text of their updated SearchNodeConfig.plist file?

Thanks.
[/p][/QUOTE]

Here’s how my SearchNodeConfig.plist looks like:
[code]

Augment Attribute List

dsRecTypeStandard:Users

dsAttrTypeStandard:MCXSettings
dsAttrTypeStandard:MCXFlags
dsAttrTypeStandard:IMHandle
dsAttrTypeStandard:MailAttribute
dsAttrTypeStandard:ServicesLocator


Augment Directory Node Name
/LDAPv3/sd.abc.xyz
Augment Search
Augmented Directory Node Name
/LDAPv3/pd.abc.xyz
DHCP LDAP

/Sets/5B2782D2-9660-467A-AFBD-589FCEA6C790


Search Node Custom Path Array

/LDAPv3/pd.abc.xyz
/LDAPv3/sd.abc.xyz

Search Node PlugIn Version
Search Node PlugIn Version 1.7
Search Policy
3

[/code]

[chefhomer]

Thank you for posting the SearchNodeConfig.plist – after manually editing mine by hand with vi (and then sanity checking it post edit with plisteditor) I have had some success.

‘dscl /Search’ is now returning the IMHandle attribute from the Augment records I created along with the user info from the Primary LDAP Server – and I am able to login to the iChat jabber server via the accounts from the Primary LDAP!

2 questions –
– 1) when you look at your Augmented User in Workgroup Manager (viewing “Search Policy”) – do you see the Augmented IMHandle info show up in the Info Pane under ‘Chat’ field?
(I don’t)
– 2) What about under the Inspector Info for that user in Workgroup Manager? (I don’t see IMHandle info for the user show up in there either)

I only see the ‘merged record’ when I use ‘dscl /Search’

(Is Workgroup Manager not able to display the merged user records when viewing the ‘Search Policy’?)

[ryanlim]

My Workgroup Manager doesn’t work anymore 🙁

[Author]

Posts