Awhile ago I wrote about how insecure Open Directory was on Leopard Server. I was not the first person to have discovered this, but apparently no one has found a real workaround. I did find information on how to secure it, but then you can’t use Directory Utility to properly setup the machine. After much head bashing, I have completely given up on securing individual components of Leopard Server. It would appear that the only way to secure it is to use a VPN, turn on the firewall to block all, but VPN traffic, and set Open Directory and iCal Server to NOT use SSL. Turns out there are bugs in the iCal (CalDAV) server that don’t handle a GoDaddy SSL certificate.
It still amazes me that an experienced software engineer like myself can’t secure a server designed for small business that don’t have an IT person. Maybe this will work in Snow Leopard.