[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: A couple of questions about openldap on MacOS X Panther



Ah. Unfortunately that's out of my experience :( Maybe someone else can chime in.

There is a Kerberos page at MIT, specifically for Apple, but they don't mention anything about the LDAP utilities.

And I fear you are correct, about ldap utilities being compiled without kerberos support for OSX.

You could possibly turn on SASL support on your server's LDAP service, and then use SASL from the client. I'm not too familiar with how to do this though.

The authentication methods in the Directory Access application are only for applications written with support for Apple's OpenDirectory API.

You might get more debugging information by sending a USR2 signal to the DirectoryServices daemon on the OSX client. (sudo killall -USR2 DirectoryServices) This will dump directory services debugging data to /var/log/system.log for about 10 minutes.

-Matt

Hi there,

Thanks for your replies (and thanks also to Jens).

 I forgot to ask you what version of Mac OSX you are using, and if
 it's OSX Server or OSX desktop/client

10.3 has kerberos support, but I'm not sure how much and where.

The version I'm using is MacOS X 10.3, ordinary desktop/client, although I do have a copy of 10.3 server which I can investigate.

Basically, what I'm doing is investigating how Macs could be
integrated into our departmental kerberos/ldap infrastructure (mostly
running RH Linux 9).  This means I need to know how MacOS X works with
ldap *as a regular client*.  This does confuse matters a little as
most of the Apple documentation that refers to LDAP is talking about
running under OS X server.

An example of the type of thing I'm having problems with is the issue
of gssapi authentication for the ldap connection - our ldap server
allows only authenticated connections, but (a) the ldapsearch with osx
seems to have been compiled without this, so what can I do about this?
and (b) the "use authentication" values in the Directory Access
utility don't seem to be being used, but how can I check, etc.  It's
not being able to get under the hood of what's happening that's the
real problem.

Cheers
Toby


--
Matt Richard
Access and Security Coordinator
Franklin & Marshall College
matt.richard@fandm.edu
(717) 291-4157