Using Linux & Open LDAP for a Mac Network
I'm looking for resources/suggestions/experience on administering a medium sized network of Macs (300ish) using Open LDAP on Linux rather than using Open or Active Directory.
Would like the following features:
First off you really want to read Apple's Open Directory Administration Guide, this guide has a lot of information both on the Open Directory server, but also how Mac OS X authenticates to any directory system. Somewhat confusingly the name "Open Directory" is often used for both the client side and server side of this.
The basic method you're after is this:
- Build OpenLDAP server, you may want to add Apple's schema extensions to your OpenLDAP database. You can find them at
/etc/openldap/schema/apple.schema
- Bind Mac OS X computer to authenticate with LDAP (use
/Applications/Utilities/Directory Utility.app
to configure the LDAPv3 plugin. The search mappings options are very important here, they tell Mac OS X what attribute to look at in LDAP for each attribute of the account it wants to know about. RFC2307 mappings are standard Unix, the Open Directory mappings contain more Mac specific stuff that come from theapple.schema
file - Test binding works with simple stuff:
id username
to see if the username maps correctly, thensu - username
to switch to that user. - Now you can look at fancy stuff like pointing
Workgroup Manager
from Apple's Server Administration Tools [http://support.apple.com/downloads/Server_Admin_Tools_10_5_7
not linkified due to new user restrictions :-( ] atlocalhost
, then changing your directory to the LDAP host (look for a little globe under the toolbar). From here you should be able to edit users/groups etc once you've authenticated to your LDAP server and generally manage it like an Open Directory server (missing some parts naturally).
Good luck!
Not sure if the following page will help you, it suggests that you can configure the LDAP client to look OpenLDAP
Found > Here <
and
Found > Here <
Hope that helps