The article I had written about integrating Mac OS X with LDAP attracted a bit of attention. While I had mentioned in that document that we do manage our [tag]mac[/tag] os x users using WGM, I have not provided information on how I was able to integrate WGM with a non-OD server.
In this post, however, I am attempting to bridge that gap and provide information as to how exactly we were able to get WGM working with our LDAP server. Our LDAP server happens to be a Sun Directory Server, as opposed to a more commonly used [tag]OpenLDAP[/tag] server. Still, it does not matter since they all are standards-based.
In order to get WGM working, we need to get a few things ironed out first:
- The computer you are using to run WGM should be configured to use LDAP for authentication. That is done using the Directory Access application.
- The computer should also have the Server Admin tools installed. Never mind if the mac is not actually a server. You can simply go the apple download website and download the Server Admin Tools application.
- A LDAP account with write privileges. There is more detailed explanation of this below.
When you start up WGM, a dialog box will pop up to enter the Address, username and password.
- In the address field, enter the hostname of the client machine that you are on (say client.example.com). You could also specify localhost.
- In the username field, enter a valid username
- In the password field, enter a valid password
Once you successfully authenticate, the Workgroup manager window will open up. By default, it will query the LDAP server that is configured on the client and will pull all of the apple objects. The configuration of the LDAP server in Directory Access will dictate what objects are queried and shown here.
You will also notice that on the top portion of the window, you will see a text line
Viewing directory: /LDAPv3/<ldap server name>. Not authenticated
If the sidebar is not showing any accounts, then verify the LDAP configuration, specifically the Search & Mappings tab and ensure that you have it configured correctly.
In order to modify an object, you will need to bind with proper credentials. If you click on the lock icon on the right side of the window, you will get a dialog box to enter the logon username and password. Enter your username and password. The user binding is also looked up according to the LDAP configuration you have in place.
If you are not having luck with these instructions, then you probably should re-visit this article and make sure you have followed the steps properly. If all else fails, drop me a note!