AD/OD Group Synchronization

This script synchronizes AD group membership with OD group membership.

Use this to better manage MCX settings for AD groups. You can download it here.

Read more

Cyrus IMAP Mailbox Recovery

I’ve occasionally encountered IMAP mailboxes that were unreadable and undeletable
using any mail client. In Mac OS X Mail, this usually produces an “Unable to Select” error.

Here’s how to fix the server-side mailbox. At the bottom is a bonus: how to recover the locally cached .imapmbox file from Mail.

Read more
Articles Comments are Disabled

AD-OD Integration Whitepaper – Updated

A detailed overview of how to integrate OS X clients into an Active Directory environment while still retaining the ability to manage the clients with the OS X Server tools.

Now up to version 1.4. Lots of changes including a section on troubleshooting. Grab the AD Integration pdf here.

Read more

SquirrelMail Sends, But Does Not Return User to Inbox

I’ve noticed at times that although I can send mail in SquirrelMail on OSXS, I can’t see any visible sign that the mail went out – I don’t get redirected to the Inbox, and can only see that I’ve sent mail if I look at the Sent mailbox…

Check out KB#107982 for the fix.

Read more

Adding your own header filter to sieve

I recently came up with the idea of using sieve scripts that I installed using Joel’s article to filter my spam. I work for a University that filters all mail that comes to our site mail server through spamassassin. Messages that they suspect are spam get marked with the header X-SPAM-Level: and a number of stars. This header was unavailable in the sieve plugin of squirrelmail. I found that under /usr/share/squirelmail/plugins/avelsieve/config.php there is an array that holds the values of the headers you can use. I added my specific header in, saved it, went back to squirrelmail, applied it, and everything worked great. I sent a faked out test message with a spam level that I specified and it bounced back with the message “I don’t like SPAM!” so I know it worked.
You will want to search for something looking like this in your config.php file.

/* Headers to display in listbox widget, when adding a new header rule. */

$headers = array(
'From', 'To', 'Cc', 'Bcc', 'Subject', 'Reply-To', 'Sender', 'List-Id',
'MailingList', 'X-ML-Name', 'X-List', 'X-Mailer', 'X-MailingList',
'X-Mailing-List', 'X-Spam-Flag', 'X-Spam-Status', 'X-Spam-Level', 'X-Priority', 'Importance',
'X-MSMail-Priority', 'Precedence');

Read more

The Keys to the Door of the SSH Tunnel

Now that you know how to make a SSH tunnel how can you make it work without a password challenge?

Useful for automated processes, and lazy fingers, a public-private key set may be what you are looking for. You can also use keys with a passphrase for even more security.

Read more

The Light at the End of the SSH Tunnel

Stuck behind a draconian firewall and you need access to your Mac OS X Server? Read on to find out about the only tunnel on your Mac where you are not likely to be eaten by a grue…

(Updated 8/16/2004, 2:03 PM EST)

Read more

Unique ID Module Errors (Apache)

After a software update and reboot together with some system tweaking, my personal webserver was not loading httpd successfully. I checked /var/log/httpd/error_log and found this: "[alert] mod_unique_id: unable to gethostbyname" followed by my hostname – actually, the hostname I had specified when setting up my server.

I had changed the Rendezvous name in Sharing Preferences, and forgotten that my hostname would be changed too – this conflicted with settings in httpd’s conf files. For now, I’ll just switch off the unique id module in Server Admin under Web service.

Web service is back up.

Read more

Errors Regarding Unavailable Home Directories

I was having some trouble with a large Open Directory installation recently – users were able to authenticate, but never saw their desktop – they got a "you are unable to log in at this time…" error instead, then were logged back out.

After some googling, I found a story on’s discussion boards about bad aliases in /Volumes. I checked /Volumes on my server, and sure enough, though the Homes mount record pointed to /Volumes/ServerRAID, the homes were actually at /Volumes/ServerRAID 1 (note the 1!).

What had happened was simple but had pretty bad side effects – I had found that the admin previous to me had set two of the Xserve’s drive modules to fucntion as a striped RAID (!) – very bad for user data – I had cloned the drive (with CCC) to an external firewire disk, then changed the RAID to a mirrored one, cloned from the firewire to the RAID, then removed the firewire disk.

The problem with this was that CCC also clones the volume name – you see on your desktop two disks with the same name, but Darwin needs to differentiate between disks – hence adding the "1". Unplugging a firewire disk unmounted it, but didn’t remove the alias (ServerRAID) to it in /Volumes. The new RAID continued to be called "ServerRAID 1" – and that, of course, confused clients looking to automount a home in /Volumes/ServerRAID – which no longer existed.

It’s not easy (possible?) to rename an alias, so I waited till the server could be shut down, booted down, removed the RAID drive modules, booted in single user mode (fsck’ed the disk to be safe) – checked /Volumes and deleted any stray alias files, shut down again (shutdown -h now), reinserted the RAID modules, booted, and all was immediately well with user logins.

So, keep an eye on /Volumes if you have Home Dir troubles. (Anyone know a way to make the Finder display all the unix stuff?)

(ed. note. "defaults write AppleShowAllFiles ON" will show all files in the Finder and you can always use the "Go To Folder…" command to navigate to hidden folders. You might also want to check /private/var/automount/Network/Servers –pre 10.3.5– or /private/Network –10.3.5 on– on the client side for network home folder issues.)


Read more

OS X Server Add User Script

Quick script that will allow you to add a user from the Command Line

Get the script from the Downloads section.

Read more