Authenticating OS X clients against central openldap server via OpenDirectory

[Mark]

I have an Open Directory Domain on an OS 10.3 server that is authenticating OS X clients

I want to allow the same clients to authenticate against my central LDAP (openldap) directory.

I added a Directory Services connection to me central open-LDAP server listed above.

I then used the workgroup manager on the appple server and could see the other directory (all 27 users).

Without any further configuration I tried to login to the client using a central directory username.
And it failed.

Any ideas on how to accomplish this?

Thanks

[honestpuck]

Hi,

A few things for you to check on the client

1/ In the Directory Access utility the client is pointed at the right LDAP server, is using the RFC mappings not the Open Directory mappings and has the right search base.

2/ If that’s all OK then at the command line try using ldapsearch

ldapsearch -h ldap.example.com -b ‘dc=example,dc=com’ -s sub "(cn=username)" cn sn uid

that should return a record. If it doesn’t then try and figure out why – a -v could help.

Tony

[Anonymous]

I am having a similar problem, but my LDAP connections _do_ work. I can even get the OS X box to authenticate against the LDAP server after going into Directory Access and fiddling with the configuration, causing it to reload something somewhere that gets the LDAP connection functional. Without that event, though, it will never work. It won’t start on boot. I have a tethereal trace running on the LDAP server and it proves that the OS X box doesn’t even try to contact it for LDAP lookups.

What gives here?

[Author]

Posts