As part of the migration of my MacOS Server to Linux the most tricky service to migrate is Apple’s OpenDirectory service. Although it is based on the open-source OpenLDAP project, Apple did customize things a lot, making it very tricky to move and block a real migration due to these closed-source customizations. Instead of spending a lot of time on trying to figure out how to migrate OpenDirectory, I decided to start with a clean FreeIPA installation and migrate the users to that. Since I have been using MacOS Server’s OpenDirectory handled my authentication for quite some time and ran in to issues before I learned that starting from scratch (and only migrating user information) isn’t that hard and in often the best approach.
As it is already quite long, this post focuses on how to configure FreeIPA on Fedora Core and migrating DNS and users. Integrating MacOS is covered on the FreeIPA WiKi and will be covered in a subsequent post including the integration with Apple’s Profile Server (the main component Apple seems to intend to support in the future). To aid with the configuration / setup I wrote a couple of scripts that are available from my Gitlab instance.
Of course, being a mac user at home, after yesterday’s post on locking a windows machine I have been looking for a similar solution to automatically lock my mac when I step out. A similar setup as with btprox for Windows can be established easily by combining the power of an open-source tool called Proximity with a little AppleScript.
Proximity is a more generic solution that allows one to run an AppleScript when a Bluetooth device gets in or out of range. The generic solution was already described on Lifehacker and Macworld Hints. However, they both have a too generic solution where just getting in range with the paired device would unlock the computer, which is not exactly what I wanted. I use the following AppleScript instead, which only switches off iTunes if it is running (and does not start it when it is not) and locks the screen:
if application id "com.apple.iTunes" is running then
tell application id "com.apple.iTunes" to pauze
activate application id "com.apple.ScreenSaver.Engine"
My Default settings for the screen saver to always require a password after 1 minute suffice for me and render the setup I need on my Mac OS X Lion machines.
For my work I need to use a laptop running MS Windows 7 Enterprise in a domain. To ensure that all laptops lock automatically, my employer’s IT department has deployed a domain policy to activate the screen saver after 10 minutes idleness and lock the screen. These settings are enforced through adomain policy and cannot be modified by the user, which means that I cannot have the screen lock sooner either so I have been looking for a way to work around this.
Some time ago I discovered BtProx, an open-source Bluetooth Proximity Lock Utility for Windows and I am quite happy with how it works. This utility allows one to lock the screen when a bluetooth device gets out of range. I have paired this app with my cell phone so now my laptop’s screen locks 1 minute after I step out from my desk.
So far, the only drawback I noticed is that I need to activate it manually after logging in (you cannot set it up an forget about it). Besides that for me this is a perfect solution to lock my screen when I need it to despite the enforced domain policy.