Open Directory - options grayed out

[am2am]

Help please
OSX Server 4, fresh install on mac mini.

Trying to configure Open Directory for my home use. Theoretically all is working fine, but I have some options grayed out - see example below from users list (I cannot edit password policy etc.)

I could access all of those before turning on Open Directory.

Any idea what is wrong?

 

[Altemose]

Help please
OSX Server 4, fresh install on mac mini.

Trying to configure Open Directory for my home use. Theoretically all is working fine, but I have some options grayed out - see example below from users list (I cannot edit password policy etc.)

I could access all of those before turning on Open Directory.

Any idea what is wrong?

That user is a local user and not a network user.

 

[am2am]

Yes I know - just used it for the screenshot.
The same is with the network users - options grayed out

 

[gavinstubbs09]

I'm experiencing the same issue. Last week I upgraded a lab from yosemite to Mavericks and my OD was ruined so I had to add all the users back manually. What worked for me was to load the server app up on another machine and connect to the server from there. Then press the unlock in the corner of the user window and sign in with your diradmin account.

Kind of a pita but it works, and going back to MV would put the lab out another week which I can't have.

 

[am2am]

.. Then press the unlock in the corner of the user window and sign in with your diradmin account.

sorry - I'm trying to follow-up your solution, but don't understand.
Which user window are you referring to?
In server.app users window there is no unlock ...

 

[gavinstubbs09]

sorry - I'm trying to follow-up your solution, but don't understand.
Which user window are you referring to?
In server.app users window there is no unlock ...

Ok. I have a client iMac, and I copied the server.app off the server and ran it on iMac.

Open it, and connect to the server through the app, go to users on the side, and in the bottom left corner next to the +/- button should be a lock if you are not using the server. Unlock that with diradmin and you can edit users/add/delete them again.

 

[am2am]

Well - in my case I have no lock (running form server or from external machine in my case is the same).

I believe that our problems are slightly different - I can add/remove users. I do not have all rights as soon as I turn on open directory. I tried to loging with server admin, with OD admin (diradmin), I even activated root and logged with it - no change.

It is really frustrating
I started over, format my macmini, reinstalled yosemite OS, installed server 4 - still the same.
As soon as I turn on open directory I am blocked with some admin activities (eg I cannot define password policies for users).

See below - right screenshoot - OD disabled - I have all rights (including advanced options), left screenshot - OD enabled - I have limmitted rights

anybody? any idea - what can be wrong?

 

[chrfr]

Well - in my case I have no lock (running form server or from external machine in my case is the same).

I believe that our problems are slightly different - I can add/remove users. I do not have all rights as soon as I turn on open directory. I tried to loging with server admin, with OD admin (diradmin), I even activated root and logged with it - no change.

What's the output of

sudo changeip -checkhostname

in a terminal window?

 

[am2am]

thanks for the replay
I'm not at my machine now, but I tested it before and got "success"

 

[am2am]

OK - solved it.
The solution is .. simple.

I have been wondering why I don's see lock mentioned by gavinstubbs09
I have also read discussions about similar problems on apple forum and found a hint there.

I have always been accessing users screen in server app with "All Users" selected. At least in my case with this view I have limited rights.
As soon as I select "Local Users" or "Local Network Users" (where I finally found the lock icon ) I have access to all functions including password reset and templates.

I believe it is the result of admin and diradmin rights separation.

Anyhow - problem solved. Thank you all who tried to help.

 

[gavinstubbs09]

OK - solved it.
The solution is .. simple.

I have been wondering why I don's see lock mentioned by gavinstubbs09
I have also read discussions about similar problems on apple forum and found a hint there.

I have always been accessing users screen in server app with "All Users" selected. At least in my case with this view I have limited rights.
As soon as I select "Local Users" or "Local Network Users" (where I finally found the lock icon ) I have access to all functions including password reset and templates.

I believe it is the result of admin and diradmin rights separation.

Anyhow - problem solved. Thank you all who tried to help.

Actually I was on the server and noticed this myself, where I had to be under Local Network Users instead of All Users.

Next problem: time to figure out why some people can log in and others can't. Figured Profile Manager out too (not pushing out settings, I had to delete a certificate), that was a nightmare.

 

[gavinstubbs09]

Fixed it.

On a few accounts I had to go to "Edit Access to Services..." and some accounts only had Calender and File Sharing checked. If I check all of them they can log in just fine and get to the point where they can sign in with iCloud.

Weird.