[zamoose]

On the disc 1 install DVD in /Applications, there’s an Open Firmware Password utility that lets you set a password to prevent such activity.

[zamoose]

I’m seeing the exact same thing on 10.4.6 and it’s pissing. me. off. ROYALLY!

Any updates would be most appreciated.

[zamoose]

Anyone? Bueller? Ideas, thoughts, comments?

[zamoose]

Perhaps I didn’t explain myself well enough – these are not uid-0-equivalent “admins” rather, they gain their admin status (currently) via sudo (policy set to `ALL: ALL` to allow for this). From OD’s perspective, they should appear as normal users. sudo will take care of the rest.

[zamoose]

Looks like I was missing shadowAccount. What does that objectClass add?

[zamoose]

Okay, I’ve coaxed the PADL scripts to export from our NIS domain and, using ldapadd, I am able to add all my users, but they STILL won’t show up in WGM. Here’s an example (names changed to protect the innocent):

====================================
dn: uid=username,cn=users,dc=xserver,dc=…
uid: username
cn: first last
givenName: first
sn: last
mail: username@domainname
mailRoutingAddress: [email protected]
mailHost: mail.domainname
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: apple-user
objectClass: extensibleObject
objectClass: posixAccount
objectClass: top
userPassword: {crypt}[cryptpw]
loginShell: /bin/tcsh
uidNumber: 1074
gidNumber: 1074
homeDirectory: /home/[username]
gecos: first last
====================================

So what am I doing wrong? Why aren’t the records showing up in WGM?

[zamoose]

Well darn. I’d obviously like to move in that direction long-term, but in the short term, if I attempted anything similar, I would probably have a wholesale user revolt on my hands. *sigh*

[Author]

Posts