MacLdapAuth
From LLL
Jump to navigationJump to search
(This Howto is based on the instructions at http://www.spack.org/wiki/AppleOsxIntegrationWithOpenLdap)
Setting up LDAP access to LLL server on a Macintosh client
This page describes how to set up LDAP authentication with SSL on Mac OSX 4.
Open Directory access
- Doubleclick on hard disk icon (red circle 1)
- In the filebrowser window, chose application on the left (2)
- click on the "3 pane view" icon (3)
- Open /Application/Utilities/DirectoryAccess (by first single-clicking on Utilities in left pane, then doubleclick "Directory Access" in middle pane)
Error creating thumbnail: Unable to save thumbnail to destination
- On some versions of MacOS, you may instead need to go into Apple->SystemSettings->Accounts instead, and then click on Login Options, and add a "Network Account Server"
Enable and configure LDAPv3 plugin
Error creating thumbnail: Unable to save thumbnail to destination
- Doubleclick on the padlock (lower left of directory acess window) and enter admin user and password until padlock is open
- Select "LDAPv3" in list
- Click "Configure"
Create a new directory server entry
Error creating thumbnail: Unable to save thumbnail to destination
- Click "New"
Error creating thumbnail: Unable to save thumbnail to destination
- Enter LDAP server's host name (in this example,
ldap.lgl.lu
- Check "Encrypt using SSL"
- Click "Manual"
Error creating thumbnail: Unable to save thumbnail to destination
- Pick "RFC 2307 (Unix)" template
- Enter
dc=lgl,dc=lu
as search base - Click ok
Configure LDAPv3 server entry
Error creating thumbnail: Unable to save thumbnail to destination
- If you want, assign a meaningful Configuration Name to entry by entering it in place of
Untitled 0
- Select configuration (
Untitled 0
or whatever name you gave it) - Click Edit
Error creating thumbnail: Unable to save thumbnail to destination
- Click "Search and Mappings" in tab bar
- Click Users in left hand pane
- Enter
ou=People,dc=lgl,dc=lu
as a search base - Check check "first level only"
- Click Groups in left hand pane
- Enter
ou=Groups,dc=lgl,dc=lu
as a search base - Check check "first level only"
- Click Mounts in left hand pane
- Enter
ou=Mounts,dc=lgl,dc=lu
as a search base - Check check "first level only"
- Click ok
N.B. It is normal that the template setting automatically changes from RFC 2307
to Custom
as soon as you change one of the setting.
Testing
Now is time for testing.
Error creating thumbnail: Unable to save thumbnail to destination
- Open a terminal by calling Applications/Utilities/Terminal in file manager
- In terminal, enter
dscl localhost list /Search/Users
. This displays a list of all users known by the macintosh. If everything worked, it should include all users from the server's LDAP database.
- If all users are included, log out, and log back in as one of the server users (you need to click "Other users" at the login window, then enter its name). It's expected that the login process is slow, as we have not yet set up mounting of
/home
. - If login was successful, clean away its temporary home directory (if the system created one)