[playdrums]

I’m curious about this as well. Has anyone had any success disabling the auto mounting of a network home when the user logs in via SSH?

[playdrums]

[QUOTE][u]Quote by: MacTroll[/u]

File this as a bug with Apple. And then have your FMP export actually assign UIDs to the import files. You’ll get exactly what you want then.

[/QUOTE]
Yeah, the bummer is that I’m gonna have to have my FMP database discern available numbers. It actually used to do this before I, uh…….
didn’t think I needed it anymore. 🙄

[playdrums]

Recently we have been doing a lot of imports using dsimport – it is the beginning of the school year so we needed to add a lot of accounts. We also have a FileMaker based management tool that uses dsimport to add records to OD. In both cases we currently use the  “-s” flag in dsimport to set the starting uidNumber to 9000. Even so, there doesn’t seem to be any sense to the way uidNumbers are currently incrementing. They seem to stay in a “series” for a while, then they appear to make some crazy jump in magnitude, then stay in series a bit again……. wash, rinse, repeat. Until finally you get to a point where you end up with a negative value.

At this point the negative value is assigned using WGM as well as dsimport. We are able to reset a uidNumber after addition to OD but that is a lowsy solution.

T

[playdrums]

Findings:

When I use this flag wtih dsimport it does indeed remove the user record from OD. However, for groups that the user was a member of there are still remnants of that user in the group records. If I run either of the following, those groups still get returned:

(our group names end in ‘grp’ so I grep for it to reduce returned lines)

dscl /LDAPv3/127.0.0.1 -search Groups memberUid deletedUser | grep grp

dscl /LDAPv3/127.0.0.1 -search Groups GroupMembership deletedUser | grep grp

For all intents and purposes, if your uid is in one of those attributes, you’re really still a group member.

Also, in Workgroup Manager, if I do an advanced search on groups with the criteria being ‘Membership contains deletedUser,’ WGM itself still returns those groups as having deletedUser as a member.

At the very least, Apple’s tools do a terrible job of keeping directory records in sync. At worst it is a pretty bad security risk. In our workplace our groups protect research documents. We also have people hired all the time that have the same last name as a previous user, and if there is no conflict with an existing user, we’ll re-use the username since we use last name typically.

I’ll probably have to write a script that before removing a user, loops through that user’s groups and removes the user from each one.

[playdrums]

Thanks Josh!!!

It must be very super secret since googling it returns nothing for me.

I take it a typical header is required? Does it require only the recordName to delete or does it require a more detailed description like dsimport typically would? Since it isn’t documented I can’t find anything about usage.

[playdrums]

responding to myself here for an update since there’s a radio silence:

It looks like passwordserver is taking a crap on us. Apparently, after talking with our Apple rep it looks like there are some major problems with passwordserver that will hopefully be fixed in 10.4.3.

[playdrums]

[QUOTE BY= AllanMarcus] Have you tried just creating an alias to the mounts and dragging the aliases to the login items window in system prefs?[/QUOTE]

When you’re dealing with a couple hundred users that isn’t really an option. I can’t set up each of their login items. Well, I might be able to by scripting but I’d much rather have shell scripts running that just mount their shares.

[Author]

Posts