Home / Mac / How-To
Working Mac

A primer in Profile Manager: Set up Open Directory

The last major step before turning on Profile Manager is turning on Server's Open Directory service so that you can centrally manage network user accounts.
Working Mac
By Jeffery Battersby, Macworld DEC 16, 2015 9:00 pm PST

This is episode five of our Profile Manager Primer series. Some of you, I know, are thinking I fancy myself a modern day Charles Dickens and I’m stringing you along week-by-week for no other reason than to keep you reading. Not true! While we haven’t yet talked specifically about Profile Manager since I mentioned it in the first installment, every step we have taken thus far is an important foundation for working with Profile Manager. And I promise that after this installment, we’ll turn Profile Manager on and go to work in earnest on managing devices.

If you’re just tuning in now, you’ll want to look at:

Using Server to manage users

The last major step we need to take before turning on Profile Manager is turning on Server’s Open Directory service so that you can centrally manage network user accounts. Open Directory is required for using Profile Manager.

If you’re not using a directory service, Open Directory is an excellent way to manage users in a small office environment. If you’re already using a directory service, such as Microsoft’s Active Directory, once you turn Open Directory on you can bind your server to your Active Directory server and use Profile Manager with users created in your Active Directory environment.

What’s in a host name?

In order for your server to be accessible over the Internet we first need to set it up for access over the Internet. Normally this would require that you’ve registered a domain name for your server. That’s more than we can cover here—although that may be fodder for a future Working Mac column—but at the very least we need to make sure that there are DNS records set up for your server in your network.

DNS records are like the forward and reverse phonebooks of the Internet.

A Forward address takes a fully qualified domain name (FQDN), such as www.apple.com and returns an IP address that your computer uses to locate that computer on the Internet or your network.

A Reverse address takes an IP address and returns a FQDN.

Check for correct DNS records

My server’s FQDN is pmserver.reyespoint.com and has an IP address of 10.0.1.23, although this isn’t a publicly available URL. You can check to see if your DNS server has a forward and reverse record for your server by opening the Network Utility and using the Lookup tool:

  1. Use Spotlight to open the Network Utility. You can open Spotlight by clicking the magnifying glass in the upper-right of your menu bar or by typing Command-Space on your keyboard.
  2. Click the tab that says Lookup.
  3. Type Your Server’s IP address in the address field and click the Lookup button. You should see something that looks like the following:10.0.1.23 -> pmserver.reyespoint.comOnly, the server name should be your server’s FQDN.This is a reverse lookup.
  4. Now type your FQDN in the address field. You should see something that looks like the following:pmserver.reyespoint.com -> 10.0.1.23Only, the IP address should be your server’s IP address.This is a forward lookup.
forward
reverse

If your lookup results in an error it means that your DNS server doesn’t have a record for your server. If you were expecting your DNS server to have a record, check with your DNS admin or double check and DNS settings you’ve created. If your network doesn’t have a DNS server for computers in your network, our next step will turn on the Server app’s DNS server for you.

Note: Under most circumstances having the Server app turn on the DNS server for you is an error, unless you’re working in a small office and this is the first server you have set up on your network.

Edit your host name

Now it’s time to set your server up for access over the Internet.

  1. Open the Server app and select your server in the sidebar.
  2. Make sure the Overview tab is selected and click the button that says Edit Host Name (Take note of your server’s Host Name, it is likely something such as PM-Server.local).
    edithostname
  3. An information window will appear explaining what a Host Name is used for. Click the Next button.
  4. A new sheet will appear asking how you want devices to access your server. Choose Internet and click next.
  5. The next sheet has two fields where you can make changes to your server’s name.If DNS was working properly in the previous exercise, the host name field should display your server’s FQDN. If server could not resolve your host name from your IP address, change that name from whatever is in the field to yourservername.yourdomain.com (or whatever your top level domain is, such as .edu, .net, .ca, etc.).
    verifyinfo
  6. Click the next button.
  7. You’ll see a warning message telling you that changing your host name may cause running services to stop working correctly. Click the Change Host Name button.
    changehostname
  8. If your DNS is working, the process will complete and you should see your host name updated to reflect your FQDN. If your DNS is not working properly you will see a message asking if you want to automatically set up DNS. Click the Set Up DNS button ONLY if you are not expecting for there to be a record for your server in your DNS server.
    setupdns
    When this process completes the host name field should display your server’s FQDN.

Turn on Open Directory

Now that your server has a proper host name that resolves to an IP address using DNS, let’s set up Open Directory.

  1. Locate and select Open Directory under the Advanced section in the sidebar of the Server app.
  2. Click the Open Directory service’s on button.
  3. A new sheet appears asking what kind of Open Directory server you’d like to create. Select “Create a new Open Directory domain” and click the Next button.
  4. A new sheet appears asking you to create an administrative account to manage network users and groups. Leave the Name and Account Name fields with the default information, enter and verify your administrative password, then click the Next button.
    creatediradmin
  5. In the sheet that appears, enter your organization name and your email address, then click Next.
  6. Confirm that the information you just entered is correct and click the Set Up button. Click the Previous button and make changes if it isn’t.

It may take a minute or two for the creation of your Open Directory databases to complete. When the process does complete you should see a green dot appear next to the service in the sidebar and your server should appear in the list of servers with the word Master in the type column.

setupcomplete

That’s it! We’re now set to begin working with Profile Manager. That’s next.