Mac OS X LDAP Client Setup

1. Enable root account
2. Add LDAPv3 source to Directory Access
   1. go to Applications -> Utilities, open Directory Utility
   2. Unlock it with root password
   3. Click "Show Advanced Settings"
   4. Click "Services"
   5. Select LDAPv3, click Configure
   6. click the edit pen icon at bottom left
   7. Check off "Use DHCP-supplied LDAP server"
   8. Select Options then click New
      • Enter a configuration name ie: Master LDAP
      • Server Name: your Master LDAP server name ie. ldap.example.org
      • Click on LDAP Mappings and select RFC 2307 (Unix)
      • A window will pop up that will ask you for a search base. Put ie. dc=example,dc=org
        • Check SSL
   9. Click OK then OK again.
   10. Now you'll be back at the Directory Access Window
   11. Click on Authentication at the top of the window
   12. Under Search Pull Down choose "Custom Path" then Click Add. Select ldap/ldap.example.org source
   13. Click OK and OK again until Directory Access closes.
   14. Restart the machine
   15. After the restart you should be able to log in as any valid LDAP user

Troubleshooting

1. If after configuring your LDAP you still can't authenticate and your /var/log/system.log contains messages like these /System/Library/LoginPlugins/MCX.loginPlugin/Contents/MacOS/MCXCacher: DSOpenNode(): dsOpenDirNode("/LDAPv3/ldap.example.org") == -14002
   • The problem comes from the Format utility of the Directory Access which apparently keeps misconfiguration even if it is corrected.
   • To correct
     1. Remove all contents of the directory /Library/Preferences/DirectoryService ie. double click on your Mac HDD
     2. Open /Applications/Utilities/Netinfo Manager and within it remove all contents of /config/mcx-mask
     3. Then restart the machine and reconfigure.
2. After an update to Mac OS X Server 10.5.3 some clients do not find the LDAP server with messages:
   • DirectoryService[48]: DSLDAPv3PlugIn: [machine] LDAP server config not updated with server mappings due to server mappings error.
   • DirectoryService[48]: LDAPv3: SafeOpen Can't retrieve server mappings from search base of <cn=config,dc=lip6,dc=fr>.
   • DirectoryService[48]: LDAPv3: SafeOpen Cannot retrieve server mappings at this time.
   • The problem came from utility Utility directory (Directory Utility) that keeps obviously a bad configuration. Pour corriger cela il faut : To correct this requires:
     1. Delete the contents of the directory / Library / Preferences / DirectoryService.
     2. Then, (restart), and repeat the configuration format Directory without error:)
3. I just spent a very long time on a client does not find the LDAP server with messages: /System/Library/LoginPlugins/MCX.loginPlugin/Contents/MacOS/MCXCacher: DSOpenNode(): dsOpenDirNode("/LDAPv3/mon.server.fr") == -14002
   • The problem came from utility format Directory (Directory Access) that keeps obviously a bad configuration even if it is correct.
   • To correct this requires:
     1. Delete the contents of the directory / Library / Preferences / DirectoryService.
     2. Delete the entire contents of / config / pcs-cache in the NetInfo Manager (NetInfo Manager).
     3. Then, (restart), and repeat the configuration format Directory without error:)
4. sudo dscl . -delete /Config/mcx_cache; sudo reboot

References

1. Configuring Mac OS X LDAP Authorization for Leopard (Mac OS X 10.5.x)
2. Configuring Mac OS X LDAP Authorization for Tiger (Mac OS X 10.4.x)
3. Mac OS X authentication against OpenLDAP
4. Setting up Mac OS X Server
5. Mac OS X: How to Connect to an LDAPv3 Server Using a Self-Signed Certificate
6. Integrating Apple OS X Clients with an OpenLDAP Directory(10.4 Tiger)
7. Integrating OSX Clients with an OpenLDAP Directory
8. Mac OS X: dscl
9. Mac OS X ldap client
10. Integrating Mac OS X And Novell eDirectory
11. Integrating OS X into Active Directory
12. dsconfigldap command
13. MAC OS/X authentication against OpenLDAP 2.3 (Resolved)