rajeev karamchedu

Technology and Professional Services Director, currently part of a very exciting and talented team of technology/data management solution provider, IronBrick

59 responses to “Integrating Mac OS X into Unix LDAP Environment with NFS Home Directories”

  1. Juan Piñero

    Hi Rajeev
    Thanks for this tutorial.
    I’m very new in MacOS world and we are trying to integrate a couples of iMac into our network.
    We are running Sun ONE Directory Server 5.2 and I want to authenticate mac user versus our ladp servers. Are there anything in the Mac side that can parse information from solaris schema to apple.schema? something like “NS_LDAP_SERVICE_SEARCH_DESC” in solaris or “nss_map_attribute” in linux?. I’m a bit afraid to change anything in the schema.
    Another thing is I can’t access to this link “http://www.tigr.org/%7Erajeev/92apple_schema.html”

    Thanks again
    Juan

  2. Stephen Winnall

    I used this information to set up an ODS clone on Ubuntu 9.04 using OpenLDAP and was able to access it without problem from my Leopard clients up to 10.5.8. Thanks!

    However, a machine that I have upgraded to Snow Leopard (10.6.2) – although able to see the ODS clone – seems to ignore it completely. WGM 10.6.2 won’t let me log in with the credentials which work for Leopard. The shell “id” command doesn’t return any information from the ODS clone.

    I presume that Apple has changed the schemas for ODS, though the only change I have been able to identify is the introduction of apple_auxillary.schema. Adding that to my ODS clone has not solved the problem though.

    Do you have any insight into what needs to be done to get an ODS clone running for Snow Leopard clients?

    Steve

  3. Bill Bradley

    The link to apple.schema ldif is broken. does anyone have a copy?

  4. Ulrix

    Hi,

    your article help a lot. But I still encounter some problems. I’m trying to use NFS + Kerberos + LDAP. I’m using OS X 10.5. The LDAP users can login, but they won’t get their home directories. It seams as if the mac system isn’t even trying to mount the NFS share. The Kerberos configuration seams to be fine, because the user gets a valid ticket. Perhaps you could explain the apple-user-homeurl, homeDirectory values. I don’t quiet get it if i need the apple-user-homeurl value for nfs. Is it possible that 10.5 changed the way how you mount the home directory?

    Best reagrds,

    Ulrich

  5. Daryn

    Greetings. I found this article very informative. The article mentions: “On an OS X Server, we started the Open Directory Server and created one admin user. We then dumped the directory tree contents to a file…”. Would you please email me this file, or post a link to it?

  6. Ryan

    Rajeev,

    Ben is not alone; 10.6 does indeed do nothing when you click “write to server”. I have run tcpdump on the client, and it does not even try to make a network connection. So sadly, I don’t think this works for 10.6, so I’ve had to resort to passing around the .plist configuration to the clients, which kinda stinks. For reference, I use SSL with my configuration and the ACL’s are correct, because if I manually update the mappings on the clients, everything works just fine.

Leave a Reply