Currently Being ModeratedAug 22, 2012 7:45 AM (in response to kr2008)
I am going to add this for whats is worth. Our ARD script is similar but it pull the computer name first and I had to answer the question after the fact or else it wouldn't work. So here is how my code worked out for me.
computerid='scutil --get ComputerName'
dsconfigldap -vf -a 'servername' -n 'configname' -c $computerid -u 'diradmin' -p 'diradminpass' -l'localadmin' -q'localadminpass'
yesMountain Lion Server, OS X Server
Currently Being ModeratedOct 19, 2012 6:46 AM (in response to kr2008)
Using information from this site and my own scripting experience I present to you a more secure way to do it which supports munki and other deployment tools without having the password to the ODM or client in clear text on the client or on packages easeliy accessable on a http server:
Save the output of ~/.ssh/id_rsa.pub to your clip board
Then create a launchd or something so that this runs at startup
nc -kl 1337 | xargs -n 1 -I host ssh -q -o StrictHostKeyChecking=no root@host /usr/local/bin/setupLDAP diradminpassword localadminpassword > /dev/null 2>&1
Create script (to use in a package as postinstall or something):
# Turns on ssh
systemsetup -f -setremotelogin On
# Sets up passwordless login to root account from server
echo "ssh-rsa FROM_YOUR_CLIPBOARD_A_VERYLONGOUTPUTOFCHARACTERS email@example.com" >> /var/root/.ssh/authorized_keys
# installs setupLDAP
mkdir -p /usr/local/bin
cat > /usr/local/bin/setupLDAP <<'EOF'
computerid=`scutil --get ComputerName`; yes | dsconfigldap -vfs -a 'server.domain.no' -n 'server' -c $computerid -u 'diradmin' -p $1 -l 'l' -q $2
chmod +x /usr/local/bin/setupLDAP
That was the code, now you just add the skeleton And to clearify what this does, first we let the server connect to the client as root even though root access is "disabled" (he has no password and therefore you can't log in as root as default). Then we create a small script to setup OD binding (/usr/local/bin/setupLDAP) but this script doesn't contain the passwords. Then the client send a request to the small socket server on the server with it's hostname, then the server connects to that hostname and executes /usr/local/bin/setupLDAP with the needed passwords.Mac mini, OS X Mountain Lion (10.8.2)