[arekdreyer]

[QUOTE]And lastly, at login, I get a dialog asking if I want to “Enable Workgroup Manager”. Why is it asking this and what affect does a yes or no responce have? Remember, I do not need to manage these Macs via OD or WGM.[/QUOTE]
Do you mean “Enable Workgroup ManageMENT?” Could it be that you are authenticating at the loginwindow with an administrative account? Admins get the choice of being managed. It sounds like loginwindow asks admins if they want management or not, regardless of whether or not there is actually any management going on. That decision makes some sense.

However, many people still insist on logging in locally as an admin user, which is not as necessary as it used to be (for example, in earlier versions of Pro Tools like Final Cut Pro, you had to be an admin).

Does it fit with your org culture for the users to be non-admins?

I acknowledge that the admin account might not be the issue here

[arekdreyer]

It sounds like you may have other issues, but this is what I’ve used to backup LDAP stuff:

1: Use Workgroup Manager to export and import users and groups
2: Use scripts to back up some stuff

Workgroup Manager:
Select all your users (except your admin user), and export these.
Note that no passwords will be preserved.

Select all your groups, and export.

Use this script for the other stuff stored in LDAP:
LDAP-backup
#!/bin/sh
/usr/bin/ldapsearch -LLL -x -h your.server.name.here -b “dc=your,dc=search,dc=base” “(objectClass=apple-computer-list)” > computer-list.LDIF
/usr/bin/ldapsearch -LLL -x -h your.server.name.here -b “dc=your,dc=search,dc=base””(objectClass=apple-computer)” > computer.LDIF
/usr/bin/ldapsearch -LLL -x -h your.server.name.here -b “dc=your,dc=search,dc=base” “(objectClass=mount)” > mount.LDIF

Bring the server to standalone, then make it OD Master again.

Run the script
LDAP-restore
#!/bin/sh
/usr/bin/ldapadd -D “uid=root,cn=users,dc=your,dc=search,dc=base” -W -f computer.LDIF
/usr/bin/ldapadd -D “uid=root,cn=users,dc=your,dc=search,dc=base” -W -fcomputer-list.LDIF
/usr/bin/ldapadd -D “uid=root,cn=users,dc=your,dc=search,dc=base” -W -f mount.LDIF

Use Workgroup Manager
Import the Users
Import the Groups

The users will NOT be Open Directory password server users until you change them.

I’ve run into problems selecting more than 150 or so users and changing them all at once, but you may not.

Select 100 Users at a time, click the Advanced tab, and select “Open Directory” for User Password Type. You will be prompted to give them a password. You can force them to change their password on their next authentication, whether this is at the login screen or just connecting via AFP.

[arekdreyer]

Mobile Users is a new feature of 10.3. It basically synchronizes user, workgroup, and computer records when the mobile client connects to the network. It is specifically LACKING (Apple-supported) synchronizing between local home directory and network home directory. When a mobile user logs in, a brand new local home directory will be created for them (unless one already exists, which might cause problems!) If all your users use the EXACT SAME computer each time, I suggest you explore moving your server to 10.3, making all your users mobile users, and implementing a manual synchronization upon login and logout. I’d be awful nervous about the synchronization falling apart at a crucial moment

[Author]

Posts