[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Request For Comments: Apple Open Directory and Open Ldap

To: Jamie McParland <jamie@staff.newberg.k12.or.us>
Subject: Re: Request For Comments: Apple Open Directory and Open Ldap
From: Phil Mayers <p.mayers@ic.ac.uk>
Date: Fri, 20 Sep 2002 01:51:50 +0100
Cc: ldap <OpenLDAP-software@OpenLDAP.org>, macos-x-server@lists.apple.com, Mike Bombich <bombich@apple.com>, cambra@apple.com, Eric Harrison <eharrison@mail.mesd.k12.or.us>
In-reply-to: <7C255BCD.69A6%jamie@listserv.newberg.k12.or.us>
References: <7C255BCD.69A6%jamie@listserv.newberg.k12.or.us>
User-agent: Internet Messaging Program (IMP) 3.0

I see great potential for OS X - if Apple don't kill it. Provided you're using 
RFC 2307 schema, I can verify OpenLDAP/Linux works as a server:

1) You *must* be using a vanilla OS X >= 10.2 (do *NOT* try to enable NIS, or 
follow any HOWTOs for older OS vers)
2) Go to "/Applications/Utilities/Directory Access"
3) Tick the LDAPv3 box
4) Select "Configure" or "Add" - put in the FQDN and Base DN of your RFC 2307 
(i.e. Linux/Solaris compatible schema) e.g:

dn: ou=People, dc=domain, dc=com
objectClass: top
objectClass: organizationalUnit
ou: People

dn: uid=user, ou=People, dc=domain, dc=com
objectClass: top
objectClass: posixAccount
uid: user
cn: user
uidNumber: 1001
homeDirectory: /whatever...

and so on - Honestly, 10.2 and 10.2.1 "just work" for RFC 2307 (Linux/Solaris) 
Schema - just don't try to fiddle too hard.


-- 
Regards, 
Phil 

+------------------------------------------+ 
| Phil Mayers                              | 
| Network & Infrastructure Group           | 
| Information & Communication Technologies | 
| Imperial College                         | 
+------------------------------------------+ 


Quoting Jamie McParland <jamie@listserv.newberg.k12.or.us>:

> Please excuse some of the obvious things listed in this posting/mailing as
> I
> am posting to Macintosh and openldap groups, and emailing to different
> people. I'm just looking for help and don't want any flames ;)
> 
> Mac OS 10.2 supports the authentication against an LDAPv3 server. This give
> Macintoshes the ability to store user application prefs and home directory
> locations. 
> 
> They have also released MacOS 10.2 server which includes OpenDirectory.
> Upon
> inspection the Ldap server (Open Directory) looks to be openldap.
> 
> Also with OSX server comes a front end management tool called Workgroup
> Manager. This is how you administer the "OpenDirectory" server (Login
> names,
> passwords, application prefs)
> 
> We want to incorporate these new ldap features for our OSX clients at the
> school dist. We are already running Redhat 7.2 with openldap 2.0.21-1
> 
> I looked at the schema files from the OSX server and noticed that they seem
> to make Netinfo calls. Now I'm not a directory engineer so I'm not 100% on
> this one. 
> 
> Here is a copy of the /etc/openldap/ on my osx server.
> 
> http://www.jamiemcparland.com/openldap_apple.zip
> 
> I copied the apple schema files to my RH server and ldap complained about
> some of the directives in the schema files and refused to startup. So much
> for thinking I could just copy them over ;)
> 
> Apple also noted with their Directory Service application you could change
> the mappings on a LDAPv3 server. So I added schemacheck off in the
> slap.conf
> 
> Well that isn't working either. It gives me the error "Write Failed" When 
> I
> look at the packets with a sniffer it says:
> 
> #####Packet from Client#####
> Lightweight Directory Access Protocol
>     Message: ID=2 Delete Request
>     Message Length:21
> `   Distinguished Name: ou = macosxodconfig,
> ######################
> 
> ####Packet from Server#####
> Lightweight Directory Access Protocol
>     Message: ID=2 Delete Result
>     Result Code: Invalid DN Syntax (0X22)
>     Matched DN: (null)
>     Error Message: Invalid DN
> ######################
> 
> Why is it trying to delete "macosxodconfig" that¹s not even an OU in my
> schema!
> 
> I noticed in the Open Ldap faq that schema updates using ldap are not
> supported in the current version. Maybe this is the problem?
> http://www.openldap.org/faq/data/cache/649.html
> 
> The apple admin guide mentions the mappings you can add to your server but
> I
> am totally confused on how to write my own schema file. OIDs and stuff!
> 
> Heres a link to the apple admin guide.
> http://a320.g.akamai.net/7/320/51/1739d12419ef7c/www.apple.com/server/pdfs/M
> ac_OS_X_Server_v10.2.pdf
> 
> Also heres a link to their webpage about Open Directory
> http://www.apple.com/server/opendirectory.html
> 
> I called apple but they won't even talk to me about using a "3rd party"
> Ldap
> server even though they say its doable in the admin guide. Classic!
> 
> So I guess I am wondering if anyone else out there has this running or has
> any suggestions. The first day of school is closing in on me... Yikes!
> 
> 
> Jamie McParland
> Apple Certified Technician  ?  Apple Product Professional
> jamiemcparland@yahoo.com
> 
> 
> 
> 


-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

Prev by Date: RE: Problems with OpenLDAP 2.1.4 and Kerberos
Next by Date: Re: ldap_search returning protocol error?
Index(es):
- Chronological
- Thread