[Date Prev][Date Next] [Chronological] [Thread] [Top]

Request For Comments: Apple Open Directory and Open Ldap

To: ldap <OpenLDAP-software@OpenLDAP.org>, <macos-x-server@lists.apple.com>, Mike Bombich <bombich@apple.com>, <cambra@apple.com>, Eric Harrison <eharrison@mail.mesd.k12.or.us>
Subject: Request For Comments: Apple Open Directory and Open Ldap
From: Jamie McParland <jamie@listserv.newberg.k12.or.us>
Date: Wed, 31 Dec 1969 17:58:37 -0800
User-agent: Microsoft-Entourage/10.0.0.1309

Please excuse some of the obvious things listed in this posting/mailing as I
am posting to Macintosh and openldap groups, and emailing to different
people. I'm just looking for help and don't want any flames ;)

Mac OS 10.2 supports the authentication against an LDAPv3 server. This give
Macintoshes the ability to store user application prefs and home directory
locations. 

They have also released MacOS 10.2 server which includes OpenDirectory. Upon
inspection the Ldap server (Open Directory) looks to be openldap.

Also with OSX server comes a front end management tool called Workgroup
Manager. This is how you administer the "OpenDirectory" server (Login names,
passwords, application prefs)

We want to incorporate these new ldap features for our OSX clients at the
school dist. We are already running Redhat 7.2 with openldap 2.0.21-1

I looked at the schema files from the OSX server and noticed that they seem
to make Netinfo calls. Now I'm not a directory engineer so I'm not 100% on
this one. 

Here is a copy of the /etc/openldap/ on my osx server.

http://www.jamiemcparland.com/openldap_apple.zip

I copied the apple schema files to my RH server and ldap complained about
some of the directives in the schema files and refused to startup. So much
for thinking I could just copy them over ;)

Apple also noted with their Directory Service application you could change
the mappings on a LDAPv3 server. So I added schemacheck off in the slap.conf

Well that isn't working either. It gives me the error "Write Failed" When  I
look at the packets with a sniffer it says:

#####Packet from Client#####
Lightweight Directory Access Protocol
    Message: ID=2 Delete Request
    Message Length:21
`   Distinguished Name: ou = macosxodconfig,
######################

####Packet from Server#####
Lightweight Directory Access Protocol
    Message: ID=2 Delete Result
    Result Code: Invalid DN Syntax (0X22)
    Matched DN: (null)
    Error Message: Invalid DN
######################

Why is it trying to delete "macosxodconfig" that¹s not even an OU in my
schema!

I noticed in the Open Ldap faq that schema updates using ldap are not
supported in the current version. Maybe this is the problem?
http://www.openldap.org/faq/data/cache/649.html

The apple admin guide mentions the mappings you can add to your server but I
am totally confused on how to write my own schema file. OIDs and stuff!

Heres a link to the apple admin guide.
http://a320.g.akamai.net/7/320/51/1739d12419ef7c/www.apple.com/server/pdfs/M
ac_OS_X_Server_v10.2.pdf

Also heres a link to their webpage about Open Directory
http://www.apple.com/server/opendirectory.html

I called apple but they won't even talk to me about using a "3rd party" Ldap
server even though they say its doable in the admin guide. Classic!

So I guess I am wondering if anyone else out there has this running or has
any suggestions. The first day of school is closing in on me... Yikes!


Jamie McParland
Apple Certified Technician  ?  Apple Product Professional
jamiemcparland@yahoo.com

Prev by Date: SoftTerra ldap browser
Next by Date: ldapadd won't add entry via SASL/DIGEST-MD5
Index(es):
- Chronological
- Thread