Home Forums OS X Server and Client Discussion Open Directory Can’t bind Tiger client to Leopard Server

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • December 12, 2007 at 4:14 am #370777
    DominikHoffmann
    Participant

    I have a Tiger Server, which is also functioning as a desktop workstation. Under Tiger operation the local users have records in the server’s Open Directory database. Using the Directory Access utility of Tiger, the server is bound to its own OD domain. Since obtaining a Leopard server running on a different machine, I have attempted to replace the binding of the Tiger Server machine to the new Leopard OD domain. This has failed, in that after successful setup of the bind log-ins using the user credentials from the Leopard OD domain don’t work.

    The server has the LDAP search base dc=xserve,dc=a,dc=b,dc=net. The Leopard Server is an Open Directory Master. I have enabled authenticated binding (in Open Directory->Policy->Binding) and am requiring authenticated binding between directory and clients.

    In the Tiger Server’s Directory Access utility I have temporarily unchecked the “Enable” checkbox binding the Tiger Server to itself. Instead I have created and enabled a new LDAP search policy to the server xserve.a.b.net. The LDAP mapping is set to “Open Directory Server” and the search base suffix is set to “cn=config,dc=xserve,dc=a,dc=b,dc=net”. The Authentication has “/LDAPv3/xserve.a.b.net” included in the list of directory domains as a “Custom path.” Said directory domain is listed ahead of “/LDAPv3/127.0.0.1”.

    As a troubleshooting step I bound my MacBook Pro, which runs Leopard to the Leopard Server domain, successfully, with the ability to log into a session hosted by the Leopard Server.

    So, what’s the difference between Tiger and Leopard as a client to a Leopard-hosted Open Directory domain?

    Dominik Hoffmann

    December 12, 2007 at 3:58 pm #370784
    DominikHoffmann
    Participant

    [QUOTE][u]Quote by: MacTroll[/u][p]Can you use dscl to walk the Leopard directory after you have bound to it?[/p][/QUOTE]
    With a little time studying the dscl man page I could probably do that, given that I had never heard of that command before. However, would you, MacTroll, mind assembling a command like that, more or less ready to use?

    Dominik

    December 17, 2007 at 12:25 am #370818
    tgunr
    Participant

    I think what he means is to check to insure you are bound using something like the following:

    [code]
    [mb]davec (499): dscl
    Entering interactive mode… (type “help” for commands)
    > ls
    BSD
    LDAPv3
    Local

    Search
    Contact
    > cd LDAPv3/
    /LDAPv3 > ls
    xs.davec.us
    /LDAPv3 > cd xs.davec.us/
    cd: Invalid Path
    DS Error: -14009 (eDSUnknownNodeName)
    /LDAPv3 >

    [/code]
    As you can see, I am not bound correctly which is why I was searching this forum. I should have seen a nice list like this:

    [code]
    /LDAPv3/127.0.0.1 > ls
    AccessControls
    Augments
    Automount
    AutomountMap
    AutoServerSetup
    CertificateAuthorities
    ComputerGroups
    ComputerLists
    Computers
    Config
    FileMakerServers
    Groups
    Locations
    Machines
    Maps
    Mounts
    Neighborhoods
    OLCBDBConfig
    OLCFrontEndConfig
    OLCGlobalConfig
    OLCOverlayDynamicID
    OLCSchemaConfig
    People
    Places
    PresetComputerGroups
    PresetComputerLists
    PresetComputers
    PresetGroups
    PresetUsers
    Printers
    Resources
    Users
    /LDAPv3/127.0.0.1 >

    [/code]
    Which came from my server.

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.