masa T

Level 1 (0 points)

Q: Any changes in how PasswordServer/Service work on Lion?

I've clean installed a Lion Server, configured OD master and tried to set "ExternalCommand" in com.apple.passwordserver.plist.

I have found "ExternalCommand" section but noting else.

com.apple.passwordserver.plist in Snow Leopart Server had much more properties.

Also, ExternalCommand dosn't seem to be working. I've changed that parameter to "weakpatt" or some other external shell scripts. However, when I change a password of a user, these changes are not captured and does not triger the external command.

Am I missing someting to make ExternalCommand to work in Lion Server?

All the authentication functions are working..

Any help would be greatly appreciated.

masa

Posted on Aug 16, 2011 1:13 AM

I have this question too

Solved

Level 1 (35 points)

A:

Figured this out!!! So excited haha.

Here's what happened:

Lion no longer stores com.apple.passwordserver.plist in /Library/Preferences.

This is now held inside the LDAP database:

This is the path to the object:

dn: cn=passwordserver,cn=config,dc=example,dc=com

Edit the attribute:

apple-xmlplist

You will find the ExternalCommand parameter in here. Change it from <string>Disabled</string> to either weakpass or whatever script you're trying to run.

Cheers!

Posted on Oct 21, 2011 10:21 AM

Q: Any changes in how PasswordServer/Service work on Lion?

All replies

Helpful answers

by masa T,

masa T Aug 21, 2011 5:38 AM in response to masa T
Level 1 (0 points)

Aug 21, 2011 5:38 AM in response to masa T

After checking various log files, I'm now suspecting that all these odd behaviours are due to the fact that my machine is behind a proxy and the Lion Server installation did not complete properly.

I wish I can get the entire list of all Lion Server installation scripts involved so taht I can execute them with proper proxy setting.
Reply options

Link to this post

by anotherspot,

anotherspot Sep 29, 2011 4:56 PM in response to masa T
Level 1 (0 points)

Sep 29, 2011 4:56 PM in response to masa T

I have multiple servers running 10.7.1
None of the servers have a passwordserver.plist by default. Even after fresh install.

Desperate for the externalcommand option so that I can take advantage of syncing the LDAP to Google Apps with password.

Here's hoping Apple adds the feature in future update.
Reply options

Link to this post

by DJEMiVT,

DJEMiVT Oct 20, 2011 5:54 PM in response to anotherspot
Level 1 (35 points)

Oct 20, 2011 5:54 PM in response to anotherspot

We are also trying to use the ExternalCommand option on lion server 10.7.2, in com.apple.passwordserver.plist and it does not seem to be working at all. I set the command to weakpass (a built-in unsupported feature) and am monitoring with "fs_usage | grep weak" and weakpass is never being called on a password change. I also used weakpass_edit to add a few weak passwords to the database and was even able to change my password to a weak password, which seems to confirm the fact that the externalcommand is never being executed.

Does anyone have any information about this? This is critical for us to fully leverage OD for SSO.

Please help!

Thanks
Reply options

Link to this post

by tArre,

tArre Oct 21, 2011 2:16 AM in response to DJEMiVT
Level 1 (85 points)

Oct 21, 2011 2:16 AM in response to DJEMiVT

I host a lion server 10.7.2

I can't find com.apple.passwordserver.plist in /Library/Preferences!
i can't neither "locate" it anywhere in o.s....
Reply options

Link to this post

by DJEMiVT,

DJEMiVT Oct 21, 2011 10:01 AM in response to tArre
Level 1 (35 points)

Oct 21, 2011 10:01 AM in response to tArre

This is a big problem because the only workable projects I have found to sync OD passwords to Google Apps required using this ExternalCommand feature to send the password off to Google. Now that this feature has been moved or removed, these projects are no longer working. If anyone has any information about what happened to the password server (where does the plist or configuration live now?) this would be greatly appreciated. If anyone has any suggestions as to how to sync passwords from OD to Google Apps that does not rely on the old passwordserver externalcommand setting, by all means feel free to enlighten me!

Thanks...
Reply options

Link to this post

by DJEMiVT,Solvedanswer

DJEMiVT Oct 21, 2011 10:21 AM in response to masa T
Level 1 (35 points)

Oct 21, 2011 10:21 AM in response to masa T

Figured this out!!! So excited haha.

Here's what happened:

Lion no longer stores com.apple.passwordserver.plist in /Library/Preferences.

This is now held inside the LDAP database:

This is the path to the object:

dn: cn=passwordserver,cn=config,dc=example,dc=com

Edit the attribute:

apple-xmlplist

You will find the ExternalCommand parameter in here. Change it from <string>Disabled</string> to either weakpass or whatever script you're trying to run.

Cheers!
Reply options

Link to this post

by masa T,

masa T Oct 22, 2011 9:17 PM in response to DJEMiVT
Level 1 (0 points)

Oct 22, 2011 9:17 PM in response to DJEMiVT

Thank you DJEMiVT!

I will test it on a virutual machine and if it works I will upgrade my SL server to Lion!

cheers,
masa
Reply options

Link to this post

by mona139,

mona139 Feb 9, 2016 1:04 AM in response to DJEMiVT
Level 1 (4 points)

Servers Enterprise

Feb 9, 2016 1:04 AM in response to DJEMiVT

Hello,

This doesn't work in El Captain Server. Do you know of a way it can be done in 10.11?

Thank you so much
Reply options

Link to this post

by mona139,

mona139 Feb 9, 2016 6:38 AM in response to DJEMiVT
Level 1 (4 points)

Servers Enterprise

Feb 9, 2016 6:38 AM in response to DJEMiVT

Sorry to keep posting comments about my issue. @DJEMiVT did you ever find a solution for this? We are planning on migrating to OD 10.11 and this is very important to us. Thanks
Reply options

Link to this post