[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OSX client to a openLDAP (SLES9) server





--On Saturday, December 11, 2004 11:13 AM -0600 Craig Herring <cherring@nbbc.edu> wrote:

Has anyone been able to get a OSX client to authenticate to a SLES9
server? I have read it is necessary to use the apple.schema file but
there is a problem when I include it...
I get this error:
/etc/openldap/schema/apple.schema: line 165: AttributeType not found:
"authAuthority"

Trying to exclude those lines that reference "AttributeType" in the file
give another error:
/etc/openldap/schema/apple.schema: line 161: Unexpected token before
ObjectClassDescription = "(" whsp
  numericoid whsp                 ; ObjectClass identifier
  [ "NAME" qdescrs ]
  [ "DESC" qdstring ]
  [ "OBSOLETE" whsp ]
  [ "SUP" oids ]                ; Superior ObjectClasses
  [ ( "ABSTRACT" / "STRUCTURAL" / "AUXILIARY" ) whsp ]
                                  ; default structural
  [ "MUST" oids ]               ; AttributeTypes
  [ "MAY" oids ]                ; AttributeTypes
  whsp ")"

I do not consider myself a wizard with LDAP. Any help is appreciated. My
goal is to make the Mac authenticate against a SLES9 server. We have
around 10 Macs around with more comming and would be easier to use a
single directory source rather than placing 20 usernames and passwords on
all the machines.

Do you have a Kerberos realm? Running Kerberos will make all of this a lot simpler, then you just need to have OS X get its posix stuff from the LDAP directory. You can tell the Apple directory manager to use the posix schema, or custom schema's, as well. We have done that @ Stanford, it is documented somewhere in Apple's stuff.


--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html