Ldap – How to use 389 Directory Server with Mac OS X for login

389-dsldap

We are using 389 Directory Server on a Fedora machine as our LDAP server and wish to sign on to Mac OS X Snow Leopard clients using this. Is there a particular LDAP schema to use for Mac OS X Snow Leopard? (The default schema of 389 Directory Server does not seem to work.)

Best Answer

You don't need any special schema for basic functionality. You can use Directory Utility on the Mac to map LDAP attributes to user, group, and automount attributes.

In older versions, there was a feature to save the mapping on the server, but it does nothing in Snow Leopard. Now, you must extract everything within the "LDAP Server Configs" part of /Library/Preferences/DirectoryService/DSLDAPv3PlugInConfig.plist and save it in the description attribute in cn=macosxodconfig,dc=yourbasedn.

Here is the outside of mine to give you a hint:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Attribute Type Map</key>
    <array>
    ...
</dict>

You can still use Workgroup Manager if you add the apple.schema to 389 and remap some attributes. I found a tutorial for OpenLDAP. The only difference for 389 will be how you import the schema. Also, the author was using OS X 10.5 with a working "Write to Server" button in the Directory Utility attribute map.

Best Answer

Related Solutions

Is it possible for 389 Directory Server to do read-only AD sync

Iptables – How to set up iptables for LDAP on Fedora

Related Topic