The concepts for installing Open Directory is exactly the same as previous versions of OS X Server. Select whichever you want (Master or Replica) and walk through the assistant to get your ODM/ODR running. Screenshots of this process are below with quick comments. The glaring item is that the true functionality of Open Directory is now LDAP, Kerberos, and PasswordServer; and nothing more. Workgroup Manager used to store its values within the ODM’s Apple LDAP schema, but WGM does not exist anymore (that’s what you get for writing before things are released… WGM does exist!). The transition to using Configuration Profiles is now complete from Apple’s point of view, which is just like the transition to do everything via Server.app.
Things that I need to test;
- Will Mt Lion clients honor MCX values that are configured by a ODM that is not running Mt Lion OS X Server?
- What happens to your MCX values if you upgrade from Lion OS X Server?
- are there any issues running MT Lion server with older versions of OS X Server (10.7, 10.6, 10.5)?
For that last bullet, it is always best practices to use the same version of OS X Server throughout your environment. The only exception would be if a server is bound to your Directory for Authentication only (thus not functioning as a ODM or ODR).
I’ll do my best to work on the first two bullets, PLUS AD integration for future posts.
The on thing that is missing from the GUI is a backup and Restore process.
Open Directory Master Setup
(Click the “On” button on the top right hand side. You should be used to this as everything uses this method to enable services.)
(Creating a ODM first.)
(The usual “diradmin” username and password.)
(This is for your SSL Certificates.)
(Verify information and click on the “Set Up” button.)
(Configuring your new ODM.)
(View of ODM server now complete.)
(Select your ODM Server, and click on the gear icon to set your Global Password Policy.)
(Locals are also available in Mt Lion OS X Server.)
(View of the default Locale configuration.)
Open Directory Replica Setup
(When you want to create a ODR, select the second option and click on “Next”.)
(Provide the ODM’s FQDN, diradmin username and password, then click on “Next”.)
(If you receive any error messages, my first guest is you have BAD DNS. In this case, I pointed my Ethernet Settings to a bad value of a DNS server.)
(Verify ODR settings and click on “Set Up” button.)
(View from the ODM Server, which now recognizes that and ODR is available.)
Comments are closed. If you have a question concerning the content of this page, please feel free to contact me.
Comments
Mat X
Setting up OD master vs Profile manager
rockhill04
Do you need to be in the same local network to set up an ODR? Our can you do it from a remote relocation? In my case master is in Florida. I need to set up a new server in south Carolina? Any ports need to be open?
Justin
See https://support.apple.com/en-us/HT202944 for common ports.
You would want to start with 311 and 660. But you may want others open as well such as ARD to control, ssh, or look at Profile Manager thus need APNS.
To set up remotely, I would say get a VPN setup or get someone to start TeamViewer session. Less hassle than figuring out ports. :)