Well, today's miniblog is really just an aide-memoir for me and a Googlable entry for others, about how to use dscl - Apple's command line tool for queerying and amending entries in the OpenDirectory of users on the server.
If the above makes no sense to you I fear this Blog probably won't help that much but let me set the scene...
Users on a Macintosh are 'stored' in a structure referred to as OpenDirectory - technically this is some form of 'abstraction ' and I'm happy to correct this blog if anyone points out that that isn't quite correct. It's based on LDAP as an opensource standard if that helps. Basically it means that all aspects of the operating system can authenticate services against user names and passwords. You may have noticed that there's a LogIn button at the bottom of this page. If you click on it the wiki can use OpenDirectory to check to see if you're allowed to log in.
Now, one of the things that I want to be able to do for this, and other websites, is allow people to update their entries in the system after they've been allocated a username and password, Particularly, if I were to implement a system where new users were automatically allocated a username and password, I'd like people to be able to change them via the web. Now, I've managed to track down a .cgi script that allows people to change their password (written in c by the way) but I have singularly failed to find anything that will allow them to give an 'alias' to the name that they are allocated.
As you may imagine there exists a very nice tool in OS Server, WorkGoup Manager, that allows me to do this because I have access to the server so I know it can be done. So, my first thought was to use AppleScript to automate the process. A day or so's searching made it clear that this is less than trivial but i came across a site,
www.sentman.com which offers a nifty little utility called "acgi dipatcher" that provides the hooks to achieve this. Unfortunately the download fails due to expiry of come elements of the code and the host of the site seems too busy to respond to emails - I think he may also in the process of turning it into a commercial product. Anyway, a dead end. (It's possible that another piece of software that he sells, X2Wwb might do the task but it's pretty heavily geared to yet another piece of software that he has for controlling a plug-in board and although I saw some light at the end of the tunnel, it seemed a vVERY long tunnel. So I stopped) Actually it turned out to be a double dead end because when I actually took the time to check the WorkGroup Manager application that performs the OpenDirectory tasks on OS X Server, I found it's not scriptable!
So.... a bit more Googling brought up dscl. This is a command line tool that Apple has for accessing the OpenDirectory structure - try Googling "dscl Leopard " to see the sort of info I managed to find.
As with most Unix commands it rather assumes that you know how it works before you start - learning is a pretty hit and miss process but to get you going this was a good reference
Easing into dscl
What follows in SPECIFICALLY relevent to how I've got OS X 10.5 set up, I fear I cannot guarantee that these line will work first time on your installation.
launch the terminal application on the server and type the following
dscl localhost list /
This should list the 'folders' within the root of you system. By adding folder names that you can see you can burrow down to,
dscl localhost list /LDAPv3/127.0.0.1/Users
which will return a list of the users on your server
Now you can use
dscl localhost read /LDAPv3/127.0.0.1/Users/username
and this will list all of the details that are stored about a particular user.
Now, I had a bit more of a problem amending details owing to the need to authenticate so the addressing has to be a bit different. A day's frustration ended up with the following that worked
dscl -u adminname /LDAPv3/127.0.0.1 append /Users/username RecordName newname
This will then ask you to enter the password for your Directory Administrator and Hey Presto. It's done!
It took me two days to achieve and half an hour to write it up.
Enjoy.