Profile installation failed: No user identifier found in record
I see it's been a while since the question was raised, but I came across the same recently and fortunately found help on the MacAdmins Slack: the cause is that a GUID attribute is missing from the OpenLDAP user record.
In Apple directory services, the attribute is called GeneratedUID
.
The slight difficulty is that the RFC2307 mapping in the LDAP configuration does not map any LDAP attribute onto this one.
The Open Directory mapping does, but it doesn't work with my LDAP user database - probably because it is not structured/designed accordingly, but according to RFC2307.
As a workaround, I created a custom mapping starting with RFC2307, and mapped the LDAP attribute apple-generateduid
onto GeneratedUID
.
Server-side, I added apple-generateduid
to all users. This should be a UUID and I simply copied entryUUID
. (My first thought was to map entryUUID
directly, but it doesn't work - probably because it's a special attribute and not fetched, or not available for mapping.)
To be able to add the apple-generateduid
you will also need to add the object class apple-user
.
And if these attributes/object classes are not known to your OpenLDAP, you probably have to import the Apple schema files first.