[gilburns]

Answering my own question.

The security command-line tool has additional options on Leopard.

To add an additional root cert do this:

/usr/bin/security add-trusted-cert -d -r trustRoot -k “/Library/Keychains/System.keychain” “/path/to/your/rootcert.pem”

To add an intermediate/issuing cert do this:

/usr/bin/security add-trusted-cert -d -r trustAsRoot -k “/Library/Keychains/System.keychain” “/path/to/your/issuingcert.pem”

[gilburns]

I just tried it using dscl as you indicated, but AD plugin in Directory Setup did not enable, and the Search Path did not switch to “Custom path”.

By writing to the /L/P/DS files directly, I am able to set the search path, and enable the AD DS plugin.

I’m I missing something, or does your drive image have those attributes configured by default?

[QUOTE BY= macshome] Hmm… that seems like a lot of work. We’ve got a naming/binding AppleScript too.

	do shell script "sudo dscl /Search -append / CSPSearchPath \"/Active Directory/All Domains\"" with administrator privileges
	do shell script "sudo dscl /Search -append / CSPSearchPath /LDAPv3/macxmv2.0998.DOMAIN.com" with administrator privileges
	do shell script "sudo dscl /Search/Contacts -append / CSPSearchPath \"/Active Directory/All Domains\"" with administrator privileges

Except for clearing out the kerb files, it just uses dscl for searchpath setup.

This isn’t to say there is anything wrong with how you are doing it! I’ve pushed /L/P/DS around with ARD plenty of times to just copy the files to other workstations.[/QUOTE]

[gilburns]

You can also use the ARD2 command line tools to set the computer name, instead of the Bombich SetHostName.

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/systemsetup -setcomputername 'computername'

both systemsetup and networksetup are in that directory and both are nice to know about. Both need to be run with sudo.

After you cd into that directory, you can type:

./systemsetup -help
or
./networksetup -help

for details about the usage.

[gilburns]

I have an Applescript Studio app that I’m working on to do AD bind, and I have worked around the issue by writing directly to the plist files in /Library/Preferences/DirectoryService/ with the do shell script command.

sudo defaults write ‘/Library/Preferences/DirectoryService/DirectoryService’ ‘Active Directory’ ‘Active’

sudo defaults write ‘/Library/Preferences/DirectoryService/ContactsNodeConfig’ ‘Search Policy’ -int 3

sudo defaults delete ‘/Library/Preferences/DirectoryService/ContactsNodeConfig’ ‘Search Node Custom Path Array’

sudo defaults write ‘/Library/Preferences/DirectoryService/ContactsNodeConfig’ ‘Search Node Custom Path Array’ -array ‘/Active Directory/All Domains’

sudo defaults write ‘/Library/Preferences/DirectoryService/SearchNodeConfig’ ‘Search Policy’ -int 3

sudo defaults delete ‘/Library/Preferences/DirectoryService/SearchNodeConfig’ ‘Search Node Custom Path Array’

sudo defaults write ‘/Library/Preferences/DirectoryService/SearchNodeConfig’ ‘Search Node Custom Path Array’ -array ‘/Active Directory/All Domains’

If you are binding with “Allow authentication from any domain in the forest” unchecked you should use the actual name of your domain instead of “All Domains” in the commands above.

After you write to the plist files, you should do these commands:

sudo killall DirectoryService
sudo killall lookupd

so that the changes are picked up.

It works for me.

[Author]

Posts