[pingu]

Hi,

Did you ever find what was causing this? We are seeing the same problem on 10.6.x and 10.5.x clients following the upgrade of a home directory server to 10.6. ODM is 10.5.8.

Any help welcome…

Many thanks
Dan

[pingu]

Hi,

Did you ever find a solution to this?

I am seeing the same problem under 10.6.5 with a 10.5.8 ODM. Strangely another fileserver configured last week has the role set just fine.

Cheers
Dan

[pingu]

Is the fileserver hosting the home directories a different server from the Open Directory master?

If so, check the time differences between client and ODM and server and ODM.

Otherwise, check for fast user switching, only one user at a time can log in using an NHD

Sorry if you’ve seen these responses before

[pingu]

Chastise me if I speak to simple…

We’ve seen this occasionally when a fileserver falls out of time sync a little with the ODM/ADM and also when the same is true of the client. And/or both.

Check the times on client and server. If one or both are out enough to provide 5 or more minutes difference then they may be able to log on to their machine but not connect to the fileserver.

Dan

[pingu]

Absolutely. It’s not really even their attributes, they’re just ones I made up to get around not being able to search across multiple schemas/object classes.

Just gave my file server a bit of an upset trying it live! Whoops, guess I need to check why my replicas aren’t taking care of things…

BTW Do you know of any way I can append a string to the end of the mapped attribute before it is returned to the software?

I know that OpenLDAP 2.3 allows for use of the + and & symbols to concatenate and I noticed this line [code]# attributemap passwd userPassword appendPrefixTransform:{CRYPT} removePrefixTransform:{CRYPT}[/code] in the Netinfo schema. Basically the kerio-Mail-Address will return their primary email name and I need to tag a domain onto the end.

Any ideas?

[pingu]

So I did a bit of digging throught he existing schema files and the Netinfo one seemed to create some mapping stuff. Using that as a template I created the following file. I think that may do the job for me, but I’m loath to try without somebod telling me I’m either on the right track or heading for directory hell.

Any comments Joel or others?

[code]#
# Web Help Desk attribute mapping schema.
#

# Not sure if this is needed
#objectclassmap inetOrgPerson posixAccount shadowAccount apple-user extensibleObject
#
# or
#
#objectclassmap inetOrgPerson posixAccount shadowAccount apple-user extensibleObject organizationalPerson top person kerio-Mail-User

#
# The LDAP attributes are mapped to custom ‘whd’ properties to allow
# use of a single schema in Web Help Desk
#

attributemap whd_AuthAttribute dn
attributemap whd_username uid
attributemap whd_fullname givenName sn
attributemap whd_firstname givenName
attributemap whd_lastname sn
attributemap whd_emailprimary kerio-Mail-Address
attributemap whd_emailsecondary kerio-Mail-ForwardAddress
attributemap whd_phone1 telephoneNumber
attributemap whd_phone2 mobile
attributemap whd_location City
#attributemap whd_room
#attributemap whd_department [/code]

[pingu]

There doesn’t appear to be a way to give it a schema file. You give it the address and search base for the LDAP server and it can either detect schema or you can specify a custom schema name to use, but only one. When I tries using the list of object classes we use in Casper, it doesn’t like it at all and I lose all the clients.

I’ve got screen shots and the user docs I can mail if you’d like…

[pingu]

Looks like objectclassmap and attributemap could come in handy here if anyone can help me with the correct syntax or an example

[pingu]

Cheers Joel 🙂 That’s what I thought…

Any recommendations? I only mentioned the Steelhead one as it was the first up when googling…

D

[pingu]

Thanks Joel,

Our main problem is that we have a large number of users sending data to a smaller number of servers. I believe that if I need to change sysctl settings I have to do this at each machine, is this right?

Won’t this also affect though the way in which they interact with our other internal servers or with other parties external FTP servers etc?

Cheers
Dan

[pingu]

[QUOTE][u]Quote by: tdelporto[/u][p]I had a similar desire and wound up editing /etc/fstab thus:

LABEL=volumes /Users/volumes hfs rw,auto 1 2

where “volumes” is the label of the LUN on our XRaid I’m storing user home directories in. You’d probably do something like:

LABEL=RAID1 /Users hfs rw,auto 1 2[/p][/QUOTE]

When you do this, does ‘RAID1’ still show up on the Desktop as well as mounting at /Users?

I’m trying to do similar, but on client machines for PHDs, but the ‘User-Homes’ volume we’re mounting to /Users also shows on the Desktop which is a lttle confusing for the users. Do you knwo any way to prevent this?

Dan

[pingu]

Sorry Joel, it’s Monday morning, could you clarify a little for me…

We wanted to break the link between groups that we’re used for file permissions and management groups, to which end we went down the following line: –

group fp_Studio
group fp_Admin

group mcx_AllStaff
group mcx_Studio (Child of mcx_AllStaff)
group mcx_Admin (Child of mcx_AllStaff)

Bob_Designer is a member of fp_Studio and mcx_Studio

Carol_Accounts is a member of fp_Admin and mcx_Admin

mcx_AllStaff has a setting applied to configure all users to use PHDs, mcx_Studio has various settings that are specific to Studio staff and likewise mcx_Admin.

When Bob logs in he gets all the management prefs applied from mcx_Studio but we never see any of the mcx prefs from mcx_AllStaff applied. Is this what you were saying the behaviour should be? From your post I seem to understand that he would also inherit any file permissions from mcx_All, is this correct?

Can you think of a better way of dealing with this? We have many staff that need access to several depts files, but we only want them to have one set of mcx prefs, and yet there are some mcx prefs that just apply to everyone…

Cheers
Dan

[pingu]

Thanks Joel,

You don’t have a script for this by any chance do you?

Dan

[pingu]

Hi Joel,

Not one specific common theme, but they did seem to be either the very newest users or those that had been disabled.

The same users were the only ones to show up initially on the replica aftewr it had been created, but a reboot seemed to fix this and all the users showed up (i suspect this was not really fixed!).

It has occured to me that the replica may have been rebooted to soon after the replication process and that this may not have in fact completed correctly. Would this tie up with the symptoms?

[pingu]

Thanks JP and Peter, that should give me enough to be getting on with…

Dan

[Author]

Posts