Home Forums OS X Server and Client Discussion Open Directory Using dsconfigldap to bind to OD

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • December 8, 2005 at 3:22 am #364348
    fherbert
    Participant

    I am using the following command:

    dsconfigldap -f -a my.od.server -u odadminname -p odadminpassword -v

    to try and bind the machine to an OD master, but it is unsuccessful and gives me a “Bus Error” – real handy error description..

    Anyway, here is the output of the command:

    dsconfigldap verbose mode
Options selected by user:
Force (un)binding option selected
Add server option selected
Server name provided as <my.od.server>
Network username provided as <odadminname>
Network user password provided as <odadminpassword>
Local username determined to be <root>

Step 1 - Server Information Discovery
   Status:  Success - Server Responded.

Step 2 - Validating Record/Attribute Mapping
   Status:  Success - Valid Record/Attribute Mapping

Step 3 - Detecting Required Security Levels and Binding requirements
   Status:  Success

   WARNING:  No Security Levels configured by Administrator!

      Your LDAP server supports Secure authentication.

   Directory Binding is ENABLED but OPTIONAL.

   Directory Binding is being Forced as requested.
Bus error

    I am running the command as root. I can run the command without the -f switch and it runs successfully but does not bind the machine to OD. I can manually run Directory Access and create a new LDAP Connection, the “Directory Binding” section pops up and I enter the odadmin usernamd and password and it binds successfuly.

    It it possible to do this through dsconfigldap?

    August 18, 2006 at 11:52 pm #366855
    fherbert
    Participant

    Well, I’ll answer my own post for others info.

    It turns out (makes sense when you think about it) that when binding to ldap, you need to pass the computer name of the computer you are binding as.

    So… if my client computer name is ibook01 then the command from the above post will turn into somthing like:

    [quote]dsconfigldap -f -a my.od.server [b]-c ibook01[/b] -u odadminname -p odadminpassword -v[/quote]

    And that gets ldap binding working from the command line. (note the -v switch just gives me verbose results from the command so are not needed in the “production” environment.

    October 30, 2007 at 1:20 pm #370323
    mgnicks
    Participant

    Hello,

    i am trying to configure dsconfigldap through ARD but am stuck on the -c switch. You say above that it is required although the man page states otherwise. Is there a workaround i can use to get it to work from ARD?

    I thought about some sort of variable set with the computerid on the client but do not know where to start to implement this.

    Is it just a case of declaring a variable then setting it with whatever is used to get the computerid direclty in the “send unix command” or do you have to create a script first then run it?

    I don’t know much about scripting so please forgive my innocence

    Thanks for any help you may be able to give.

    December 11, 2007 at 9:58 pm #370773
    eigerman
    Participant

    I believe the command to everything in one fell swoop is:

    [code]dsconfigldap -f -a my.od.server -c $HOSTNAME -u odadminname -p odadminpassword -v
    [/code]

    This will use the full host FQDN, but it does work. I’ve been able to push it out via ARD to multiple clients. It must be run as an admin, of course, so you might want to add sudo to the beginning of you’re running it locally.

    The -v at the end is optional too, of course.

    March 11, 2009 at 4:59 pm #375672
    sirlucks
    Participant

    I know this post is 2 years old but if anybody was still interested, I have put a script to help make things easier.

    [code]
    #!/bin/sh
    ###### bind to Open Directory Server ########
    # Luciano M. Rodriguez | [email protected]
    #######################################

    ### Description ###
    # The purpose of this script is to
    # add the OD SERVER to Directory Access

    computerid=`scutil –get ComputerName`

    dsconfigldap -f -v -a OD.SERVER.COM -c $computerid -u ODADMINNAME -p ODADMINPASSWORD -v
    sleep 20

    dscl /Search -create / SearchPolicy CSPSearchPath
    dscl /Search -append / CSPSearchPath /LDAPv3/OD.SERVER.COM

    ### Alaways exit with 0 status
    exit 0
    [/code]

    [b]You will have to change ODADMINNAME, ODADMINPASSWORD, and OD.SERVER.COM to fit your info.[/b]

    I know this makes things easier for me when mass joining computers to my network. If you also have developer tools, you can make an install package and deploy it with that. 🙂 Hope this helps.

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.