MacLdapAuth: Difference between revisions

From LLL
Jump to navigationJump to search
No edit summary
(Mac LDAP setup)
Line 1: Line 1:
For LDAP, see http://www.spack.org/wiki/AppleOsxIntegrationWithOpenLdap
(This Howto is based on the instructions at http://www.spack.org/wiki/AppleOsxIntegrationWithOpenLdap)


# Open Directory Access (/Application/Utilities)
=Setting up LDAP access to LLL server on a Macintosh client=
# Enable LDAPv3 Plugin
# Select the LDAPv3 Plugin and click "Configure"
# Click "New"
## Enable: tick
## Server: ldap.infoladen.org.lu
## LDAP Mappings: RFC 2307 (Unix)
## Search Base Suffix: dc=infoladen,dc=org,dc=lu
## SSL: ticked
# Click "Edit"
## optional: Open/Close times out in: 10
## optional: Connection times out in: 10
## Use authentication while connecting: unticked


This page describes how to set up LDAP authentication with SSL on Mac OSX 4.


==Open Directory access==


For NFS, see http://www.molecularbear.com/blog/?p=11 , http://i1.dk/misc/automount_nfs_volumes_on_mac_osx/ ,
# Doubleclick on hard disk icon (red circle 1)
http://sial.org/howto/osx/automount/
# In the filebrowser window, chose application on the left (2)
# click on the "3 pane view" icon (3)
# Open /Application/Utilities/DirectoryAccess (by first single-clicking on Utilities in left pane, then doubleclick "Directory Access" in middle pane)
 
[[Image:MacLdapDirectoryAccess.png|Opening Directory Access]]
 
==Enable and configure LDAPv3 plugin==
 
[[Image:MacLdapEnableLdap1.png|Enable and configure LDAPv3 plugin]]
 
# Doubleclick on the padlock (lower left of directory acess window) and enter admin user and password until padlock is open
# Select "LDAPv3" in list
# Click "Configure"
 
==Create a new directory server entry==
 
[[Image:MacLdapEnableLdap2.png|Create a new LDAP server entry]]
 
* Click "New"
 
[[Image:MacLdapCreateNewLdap.png|Create a new LDAP server entry]]
 
* Enter LDAP server's host name (in this example, <code>ldap.lgl.lu</code>
* Check "Encrypt using SSL"
* Click "Manual"
 
[[Image:MacLdapCreateNewLdap2.png|Configuration of LDAP server]]
 
* Pick "RFC 2307 (Unix)" template
* Enter <code>dc=lgl,dc=lu</code> as search base
* Click ok
 
== Configure LDAPv3 server entry==
 
[[Image:MacLdapList.png|List of LDAP servers]]
 
* If you want, assign a meaningful Configuration Name to entry by entering it in place of <code>Untitled 0</code>
* Select configuration (<code>Untitled 0</code> or whatever name you gave it)
* Click Edit
 
[[Image:MacLdapConfig.png|List of LDAP servers]]
 
* Click "Search and Mappings" in tab bar
* Click Users in left hand pane
* Enter <code>ou=People,dc=lgl,dc=lu</code> as a search base
* Check check "first level only"
* Click Groups in left hand pane
* Enter <code>ou=Groups,dc=lgl,dc=lu</code> as a search base
* Check check "first level only"
* Click Mounts in left hand pane
* Enter <code>ou=Mounts,dc=lgl,dc=lu</code> as a search base
* Check check "first level only"
 
* Click ok
 
N.B. It is normal that the template setting automatically changes from <code>RFC 2307</code> to <code>Custom</code> as soon as you change one of the setting.
 
== Testing ==
 
Now is time for testing.
 
[[Image:MacTerminal.png|opening a terminal]]
 
* Open a terminal by calling Applications/Utilities/Terminal in file manager
* In terminal, enter <code>dscl localhost list /Search/Users
</code>. This displays a list of all users known by the macintosh. If everything worked, it should include all users from the server's LDAP database.
* If all users are included, log out, and log back in as one of the server users (you need to click "Other users" at the login window, then enter its name). It's expected that the login process is slow, as we have not yet set up mounting of <code>/home</code>.
* If login was successful, clean away its temporary home directory (if the system created one)

Revision as of 16:01, 10 August 2008

(This Howto is based on the instructions at http://www.spack.org/wiki/AppleOsxIntegrationWithOpenLdap)

Setting up LDAP access to LLL server on a Macintosh client

This page describes how to set up LDAP authentication with SSL on Mac OSX 4.

Open Directory access

  1. Doubleclick on hard disk icon (red circle 1)
  2. In the filebrowser window, chose application on the left (2)
  3. click on the "3 pane view" icon (3)
  4. Open /Application/Utilities/DirectoryAccess (by first single-clicking on Utilities in left pane, then doubleclick "Directory Access" in middle pane)

Opening Directory Access

Enable and configure LDAPv3 plugin

Enable and configure LDAPv3 plugin

  1. Doubleclick on the padlock (lower left of directory acess window) and enter admin user and password until padlock is open
  2. Select "LDAPv3" in list
  3. Click "Configure"

Create a new directory server entry

Create a new LDAP server entry

  • Click "New"

Create a new LDAP server entry

  • Enter LDAP server's host name (in this example, ldap.lgl.lu
  • Check "Encrypt using SSL"
  • Click "Manual"

Configuration of LDAP server

  • Pick "RFC 2307 (Unix)" template
  • Enter dc=lgl,dc=lu as search base
  • Click ok

Configure LDAPv3 server entry

List of LDAP servers

  • If you want, assign a meaningful Configuration Name to entry by entering it in place of Untitled 0
  • Select configuration (Untitled 0 or whatever name you gave it)
  • Click Edit

List of LDAP servers

  • Click "Search and Mappings" in tab bar
  • Click Users in left hand pane
  • Enter ou=People,dc=lgl,dc=lu as a search base
  • Check check "first level only"
  • Click Groups in left hand pane
  • Enter ou=Groups,dc=lgl,dc=lu as a search base
  • Check check "first level only"
  • Click Mounts in left hand pane
  • Enter ou=Mounts,dc=lgl,dc=lu as a search base
  • Check check "first level only"
  • Click ok

N.B. It is normal that the template setting automatically changes from RFC 2307 to Custom as soon as you change one of the setting.

Testing

Now is time for testing.

opening a terminal

  • Open a terminal by calling Applications/Utilities/Terminal in file manager
  • In terminal, enter dscl localhost list /Search/Users

. This displays a list of all users known by the macintosh. If everything worked, it should include all users from the server's LDAP database.

  • If all users are included, log out, and log back in as one of the server users (you need to click "Other users" at the login window, then enter its name). It's expected that the login process is slow, as we have not yet set up mounting of /home.
  • If login was successful, clean away its temporary home directory (if the system created one)