Knowledge base

OS X Server: Using the Profile Manager or Wiki service with Active Directory or third-party LDAP services

Posted in Apple Mac OS

Summary

Under certain circumstances, OS X Server requires additional configuration in order to use the Profile Manager or Wiki service with user accounts stored in Active Directory or a third-party LDAP database.

Products Affected

Lion Server, OS X Server (Mountain Lion)

In OS X Server, Profile Manager and the Wiki service support Digest MD5 authentication, which is supported by the Active Directory connector. If all users and the server are bound to the same Active Directory domain, no additional configuration is required to support Active Directory users.

Use the following steps if:

  • You use Active Directory for authentication in a multi-domain environment, where the server running the Profile Manager or Wiki service and the clients are bound to different domains.
  • Your Profile Manager or Wiki server uses a third-party LDAP server for authentication.

These steps will set the Profile Manager and Wiki services to use plain text authentication instead of digest authentication. To avoid passwords being sent over the network in clear text, you should enable SSL encryption for the Profile Manager and Wiki websites.

OS X Server (Mountain Lion)

For OS X Server (Mountain Lion) only, execute these Terminal commands:

sudo /usr/libexec/PlistBuddy -c 'set :common:authenticator plaintext' /Library/Server/Wiki/Config/webauthd.plist
sudo /usr/libexec/PlistBuddy -c 'set :common:use_inline_webauth false' /Library/Server/Wiki/Config/collabcored.plist 
sudo serveradmin stop wiki
sudo serveradmin start wiki

Note: These commands assume that you're using the default service data location of /Library/Server. You'll need to adjust these commands accordingly if you've moved the service data location elsewhere.


Lion Server

For Lion Server only, execute these Terminal commands:

sudo /usr/libexec/PlistBuddy -c 'set :common:authenticator plaintext' /etc/collabd/webauthd.plist
sudo serveradmin stop wiki
sudo serveradmin start wiki
Important: Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apple’s recommendation or endorsement. Please contact the vendor for additional information.

Read more http://support.apple.com/kb/HT4837