Using dsconfigldap to bind to OD

[fherbert]

I am using the following command:

dsconfigldap -f -a my.od.server -u odadminname -p odadminpassword -v

to try and bind the machine to an OD master, but it is unsuccessful and gives me a “Bus Error” – real handy error description..

Anyway, here is the output of the command:

dsconfigldap verbose mode
Options selected by user:
Force (un)binding option selected
Add server option selected
Server name provided as <my.od.server>
Network username provided as <odadminname>
Network user password provided as <odadminpassword>
Local username determined to be <root>

Step 1 - Server Information Discovery
   Status:  Success - Server Responded.

Step 2 - Validating Record/Attribute Mapping
   Status:  Success - Valid Record/Attribute Mapping

Step 3 - Detecting Required Security Levels and Binding requirements
   Status:  Success

   WARNING:  No Security Levels configured by Administrator!

      Your LDAP server supports Secure authentication.

   Directory Binding is ENABLED but OPTIONAL.

   Directory Binding is being Forced as requested.
Bus error

I am running the command as root. I can run the command without the -f switch and it runs successfully but does not bind the machine to OD. I can manually run Directory Access and create a new LDAP Connection, the “Directory Binding” section pops up and I enter the odadmin usernamd and password and it binds successfuly.

It it possible to do this through dsconfigldap?

[fherbert]

Well, I’ll answer my own post for others info.

It turns out (makes sense when you think about it) that when binding to ldap, you need to pass the computer name of the computer you are binding as.

So… if my client computer name is ibook01 then the command from the above post will turn into somthing like:

[quote]dsconfigldap -f -a my.od.server [b]-c ibook01[/b] -u odadminname -p odadminpassword -v[/quote]

And that gets ldap binding working from the command line. (note the -v switch just gives me verbose results from the command so are not needed in the “production” environment.

[mgnicks]

Hello,

i am trying to configure dsconfigldap through ARD but am stuck on the -c switch. You say above that it is required although the man page states otherwise. Is there a workaround i can use to get it to work from ARD?

I thought about some sort of variable set with the computerid on the client but do not know where to start to implement this.

Is it just a case of declaring a variable then setting it with whatever is used to get the computerid direclty in the “send unix command” or do you have to create a script first then run it?

I don’t know much about scripting so please forgive my innocence

Thanks for any help you may be able to give.

[eigerman]

I believe the command to everything in one fell swoop is:

[code]dsconfigldap -f -a my.od.server -c $HOSTNAME -u odadminname -p odadminpassword -v
[/code]

This will use the full host FQDN, but it does work. I’ve been able to push it out via ARD to multiple clients. It must be run as an admin, of course, so you might want to add sudo to the beginning of you’re running it locally.

The -v at the end is optional too, of course.

[sirlucks]

I know this post is 2 years old but if anybody was still interested, I have put a script to help make things easier.

[code]
#!/bin/sh
###### bind to Open Directory Server ########
# Luciano M. Rodriguez | [email protected]
#######################################

### Description ###
# The purpose of this script is to
# add the OD SERVER to Directory Access

computerid=`scutil –get ComputerName`

dsconfigldap -f -v -a OD.SERVER.COM -c $computerid -u ODADMINNAME -p ODADMINPASSWORD -v
sleep 20

dscl /Search -create / SearchPolicy CSPSearchPath
dscl /Search -append / CSPSearchPath /LDAPv3/OD.SERVER.COM

### Alaways exit with 0 status
exit 0
[/code]

[b]You will have to change ODADMINNAME, ODADMINPASSWORD, and OD.SERVER.COM to fit your info.[/b]

I know this makes things easier for me when mass joining computers to my network. If you also have developer tools, you can make an install package and deploy it with that. 🙂 Hope this helps.

[Author]

Posts