7:09 a.m.
We added a Mac to our network, and I would like the network users to be able to login with
their existing credentials on our Debian openLDAP server.
I configured the LDAP access on the Mac, and it can indeed see the users and groups from
the openldap server. But when I try to login after clicking "Other...", the
login window shakes around, and nothing happens.
The server logs show the connection from the Mac and it's searches (
http://pastebin.com/MB2JswAa).
(Logging is configured with Parse, Stats, Stats2, Sync. Is there something else I should
add to logging that may be useful?)
On the Mac, I didn't find anything looking helpful in the logs
(http://pastebin.com/yRreFQrJ), but maybe I don't know what to look for.
I found many instructions on the Internet which concentrate on mounting user homes from
the server over NFS. This is NOT what we want. Users would be authenticated with openldap,
but have their homes locally on the Mac, like normal users.
I also saw many mentions of adding the apple schema, and I have done that. But maybe I now
need to actually use parts of that schema in the user records?
Thanks for any help...
10:59 a.m.
This one pretty much describes what you need to do:
http://vuksan.com/linux/mac-os-x-ldap/openldap-mac-os-x-authentication.html
Greetings,
Dennis
On 05/27/2011 04:09 PM, Mi wrote:
We added a Mac to our network, and I would like the network users to
be
able to login with their existing credentials on our Debian openLDAP
server.
I configured the LDAP access on the Mac, and it can indeed see the users
and groups from the openldap server. But when I try to login after
clicking "Other...", the login window shakes around, and nothing happens.
The server logs show the connection from the Mac and it's searches (
http://pastebin.com/MB2JswAa).
(Logging is configured with Parse, Stats, Stats2, Sync. Is there
something else I should add to logging that may be useful?)
On the Mac, I didn't find anything looking helpful in the logs
(http://pastebin.com/yRreFQrJ), but maybe I don't know what to look for.
I found many instructions on the Internet which concentrate on mounting
user homes from the server over NFS. This is NOT what we want. Users
would be authenticated with openldap, but have their homes locally on
the Mac, like normal users.
I also saw many mentions of adding the apple schema, and I have done
that. But maybe I now need to actually use parts of that schema in the
user records?
Thanks for any help...
7:15 a.m.
Mac OS X ships with OpenLDAP's command line tools. You may wish to verify
that ldapwhoami(1) and similar OpenLDAP programs work first, prior to
introducing additional software like DSLDAPv3.
Such testing may well reveal a need for configuration of OpenLDAP's
ldap.conf(5).
Also, please realize that OS X is aware of some SASL mechanisms, although
it is (at least historically) sadly unconfigurable on this matter. As
such, if your installation expects simple binds, please see
http://www.openldap.org/lists/openldap-software/200602/msg00210.html
On Fri, 27 May 2011, Mi wrote:
We added a Mac to our network, and I would like the network users to
be able
to login with their existing credentials on our Debian openLDAP server.
I configured the LDAP access on the Mac, and it can indeed see the users and
groups from the openldap server. But when I try to login after clicking
"Other...", the login window shakes around, and nothing happens.
The server logs show the connection from the Mac and it's searches (
http://pastebin.com/MB2JswAa).
(Logging is configured with Parse, Stats, Stats2, Sync. Is there something
else I should add to logging that may be useful?)
On the Mac, I didn't find anything looking helpful in the logs
(http://pastebin.com/yRreFQrJ), but maybe I don't know what to look for.
I found many instructions on the Internet which concentrate on mounting user
homes from the server over NFS. This is NOT what we want. Users would be
authenticated with openldap, but have their homes locally on the Mac, like
normal users.
I also saw many mentions of adding the apple schema, and I have done that.
But maybe I now need to actually use parts of that schema in the user
records?
Thanks for any help...
4:24 a.m.
> I configured the LDAP access on the Mac, and it can indeed see
the users and groups from the openldap server. But when I try to login after clicking
"Other...", the login window shakes around, and nothing happens.
>
Also, please realize that OS X is aware of some SASL mechanisms,
although it is (at least historically) sadly unconfigurable on this matter. As such, if
your installation expects simple binds, please see
http://www.openldap.org/lists/openldap-software/200602/msg00210.html
It's a bit late to reply to this, but it may be useful for others.
Indeed, as Aaron suggested, I had to disable SASL. I did it in the server config
("cn=config") by setting "olcSaslSecProps" to
"noanonymous,noplain,noactive,nodict".
Then there was a different problem, easy to solve once found.
On the Mac, under Accounts: Login Options, "Allow network users to log in ...",
behind the Options button, the selection was "Only these network users:", with
an empty list!! Really stupid. Setting it to "All network users" fixed the
problem.
Thanks for your help.
MI
> Mac OS X ships with OpenLDAP's command line tools. You may wish to verify that
ldapwhoami(1) and similar OpenLDAP programs work first, prior to introducing additional
software like DSLDAPv3.
>
> Such testing may well reveal a need for configuration of OpenLDAP's
ldap.conf(5).
>
Also, please realize that OS X is aware of some SASL mechanisms,
although it is (at least historically) sadly unconfigurable on this matter. As such, if
your installation expects simple binds, please see
http://www.openldap.org/lists/openldap-software/200602/msg00210.html
> On Fri, 27 May 2011, Mi wrote:
>
>> We added a Mac to our network, and I would like the network users to be able to
login with their existing credentials on our Debian openLDAP server.
>>
> I configured the LDAP access on the Mac, and it can indeed see
the users and groups from the openldap server. But when I try to login after clicking
"Other...", the login window shakes around, and nothing happens.
>
>> The server logs show the connection from the Mac and it's searches
( http://pastebin.com/MB2JswAa).
>>
>> (Logging is configured with Parse, Stats, Stats2, Sync. Is there something else I
should add to logging that may be useful?)
>>
>> On the Mac, I didn't find anything looking helpful in the logs
(http://pastebin.com/yRreFQrJ), but maybe I don't know what to look for.
>>
>> I found many instructions on the Internet which concentrate on mounting user
homes from the server over NFS. This is NOT what we want. Users would be authenticated
with openldap, but have their homes locally on the Mac, like normal users.
>>
>> I also saw many mentions of adding the apple schema, and I have done that. But
maybe I now need to actually use parts of that schema in the user records?
>>
>> Thanks for any help...
>>
>>
4402
days inactive
4505
days old
openldap-technical@openldap.org
3 comments
3 participants
participants (3)
-
Aaron Richton -
Dennis Leeuw -
Mi