OpenLDAP for Mac OS X Login and Authentication

This is a little bit off-topic, but I'm running out of ideas and places to
look. In other words, I'm stuck.

Has anyone successfully used OpenLDAP for login and authentication on Mac OS

According to the OS X docs, I ~should~ be able to have the login sequence
check LDAP directories for authentication ~before~ it checks NetInfo.

Here is a quick summary of what I "know" about OpenLDAP and Mac OS X so far:

1. OpenLDAP's slurpd will not work due to the OS X threading scheme. (I
don't need slurpd, so I haven't spent any time trying to figure out how to
make it work yet.)

2. The compiling and building of OpenLDAP from source needs to be done a
little bit differently than in the INSTALL file. I made my notes available
at http://dev.cokernet.com/ldap/openldap-macosx.php. The notes I've posted
so far will get you through a basic installation. I have more hand-written
notes on the ./configure options, but I haven't had time to write them up
on the web page yet.

3. After installation is complete, OpenLDAP works like it does on Linux (my
other test platform) and I assume like other OSs.

4. The LoginHook and LogoutHook parameters for customizing loginwindow do
not work (official word from Apple) and ~rumor says~ they will be removed
from future OS X releases.

5. lookupd is supposed to allow you to change the order of lookups for
authentication. It doesn't. On a Mac OS X Development list, it has been
suggested that looking at, and modifying, lookupd's source might be the way
to go, but I haven't done this yet.

6. I have posixGroup and posixAccount objects for the people in my OpenLDAP
database. (Right now I just have the userPassword field MIME encoded. I
haven't checked which encryption method Mac OS X uses.) They work fine from
the command line and from test apps I've written.

I can supply more detailed information if anyone is interested. Email me
personally since this isn't a Mac OS X list. :^)

Any suggestions, ideas, places to look or people to ask for more info would
be greatly appreciated.


Chuck Coker <chuckc@tyrell.com>
Software Developer, Tyrell Software Corporation
23151 Verdugo Drive, Suite 204
Laguna Hills, California 92653 United States
+1 949 458 1911 ext. 3