[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Request For Comments: Apple Open Directory and Open Ldap
I see great potential for OS X - if Apple don't kill it. Provided you're using
RFC 2307 schema, I can verify OpenLDAP/Linux works as a server:
1) You *must* be using a vanilla OS X >= 10.2 (do *NOT* try to enable NIS, or
follow any HOWTOs for older OS vers)
2) Go to "/Applications/Utilities/Directory Access"
3) Tick the LDAPv3 box
4) Select "Configure" or "Add" - put in the FQDN and Base DN of your RFC 2307
(i.e. Linux/Solaris compatible schema) e.g:
dn: ou=People, dc=domain, dc=com
objectClass: top
objectClass: organizationalUnit
ou: People
dn: uid=user, ou=People, dc=domain, dc=com
objectClass: top
objectClass: posixAccount
uid: user
cn: user
uidNumber: 1001
homeDirectory: /whatever...
and so on - Honestly, 10.2 and 10.2.1 "just work" for RFC 2307 (Linux/Solaris)
Schema - just don't try to fiddle too hard.
--
Regards,
Phil
+------------------------------------------+
| Phil Mayers |
| Network & Infrastructure Group |
| Information & Communication Technologies |
| Imperial College |
+------------------------------------------+
Quoting Jamie McParland <jamie@listserv.newberg.k12.or.us>:
> Please excuse some of the obvious things listed in this posting/mailing as
> I
> am posting to Macintosh and openldap groups, and emailing to different
> people. I'm just looking for help and don't want any flames ;)
>
> Mac OS 10.2 supports the authentication against an LDAPv3 server. This give
> Macintoshes the ability to store user application prefs and home directory
> locations.
>
> They have also released MacOS 10.2 server which includes OpenDirectory.
> Upon
> inspection the Ldap server (Open Directory) looks to be openldap.
>
> Also with OSX server comes a front end management tool called Workgroup
> Manager. This is how you administer the "OpenDirectory" server (Login
> names,
> passwords, application prefs)
>
> We want to incorporate these new ldap features for our OSX clients at the
> school dist. We are already running Redhat 7.2 with openldap 2.0.21-1
>
> I looked at the schema files from the OSX server and noticed that they seem
> to make Netinfo calls. Now I'm not a directory engineer so I'm not 100% on
> this one.
>
> Here is a copy of the /etc/openldap/ on my osx server.
>
> http://www.jamiemcparland.com/openldap_apple.zip
>
> I copied the apple schema files to my RH server and ldap complained about
> some of the directives in the schema files and refused to startup. So much
> for thinking I could just copy them over ;)
>
> Apple also noted with their Directory Service application you could change
> the mappings on a LDAPv3 server. So I added schemacheck off in the
> slap.conf
>
> Well that isn't working either. It gives me the error "Write Failed" When
> I
> look at the packets with a sniffer it says:
>
> #####Packet from Client#####
> Lightweight Directory Access Protocol
> Message: ID=2 Delete Request
> Message Length:21
> ` Distinguished Name: ou = macosxodconfig,
> ######################
>
> ####Packet from Server#####
> Lightweight Directory Access Protocol
> Message: ID=2 Delete Result
> Result Code: Invalid DN Syntax (0X22)
> Matched DN: (null)
> Error Message: Invalid DN
> ######################
>
> Why is it trying to delete "macosxodconfig" that¹s not even an OU in my
> schema!
>
> I noticed in the Open Ldap faq that schema updates using ldap are not
> supported in the current version. Maybe this is the problem?
> http://www.openldap.org/faq/data/cache/649.html
>
> The apple admin guide mentions the mappings you can add to your server but
> I
> am totally confused on how to write my own schema file. OIDs and stuff!
>
> Heres a link to the apple admin guide.
> http://a320.g.akamai.net/7/320/51/1739d12419ef7c/www.apple.com/server/pdfs/M
> ac_OS_X_Server_v10.2.pdf
>
> Also heres a link to their webpage about Open Directory
> http://www.apple.com/server/opendirectory.html
>
> I called apple but they won't even talk to me about using a "3rd party"
> Ldap
> server even though they say its doable in the admin guide. Classic!
>
> So I guess I am wondering if anyone else out there has this running or has
> any suggestions. The first day of school is closing in on me... Yikes!
>
>
> Jamie McParland
> Apple Certified Technician ? Apple Product Professional
> jamiemcparland@yahoo.com
>
>
>
>
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/