[Date Prev][Date Next]
Re: A couple of questions about openldap on MacOS X Panther
Ah. Unfortunately that's out of my experience :( Maybe someone else
can chime in.
There is a Kerberos page at MIT, specifically for Apple, but they
don't mention anything about the LDAP utilities.
And I fear you are correct, about ldap utilities being compiled
without kerberos support for OSX.
You could possibly turn on SASL support on your server's LDAP
service, and then use SASL from the client. I'm not too familiar
with how to do this though.
The authentication methods in the Directory Access application are
only for applications written with support for Apple's OpenDirectory
You might get more debugging information by sending a USR2 signal to
the DirectoryServices daemon on the OSX client. (sudo killall -USR2
DirectoryServices) This will dump directory services debugging data
to /var/log/system.log for about 10 minutes.
Thanks for your replies (and thanks also to Jens).
I forgot to ask you what version of Mac OSX you are using, and if
it's OSX Server or OSX desktop/client
10.3 has kerberos support, but I'm not sure how much and where.
The version I'm using is MacOS X 10.3, ordinary desktop/client,
although I do have a copy of 10.3 server which I can investigate.
Basically, what I'm doing is investigating how Macs could be
integrated into our departmental kerberos/ldap infrastructure (mostly
running RH Linux 9). This means I need to know how MacOS X works with
ldap *as a regular client*. This does confuse matters a little as
most of the Apple documentation that refers to LDAP is talking about
running under OS X server.
An example of the type of thing I'm having problems with is the issue
of gssapi authentication for the ldap connection - our ldap server
allows only authenticated connections, but (a) the ldapsearch with osx
seems to have been compiled without this, so what can I do about this?
and (b) the "use authentication" values in the Directory Access
utility don't seem to be being used, but how can I check, etc. It's
not being able to get under the hood of what's happening that's the
Access and Security Coordinator
Franklin & Marshall College