===Purpose===

Make Mac OS X clients authenticate against an ubuntu openLDAP server. The emphasis of this page is on using Ubuntu 9.04 (Jaunty Jackalope) and Mac OS 10.5 (Leopard).

This is presently what I am working on, and it is not yet working, though I believe I have a handle on many of the steps. Fundamentally, there are five:

  1. Setup the openLDAP server. Good instructions at [ "https://help.ubuntu.com/9.04/serverguide/C/openldap-server.html" ] though note the following: The CA certificate file must be .pem format when using the default installation of openldap with gnutls. If using a self-signed certificate, do _NOT_ set the olcTLSCACertificateFile in the configuration (if you do, the server will fail to initialize TLS).

  2. Add the apple.schema and samba.schema to the schemas for the server.
  3. Add attributes to the LDAP user entries to make them Apple open-directory compatible, using elements from the schemas.
  4. Use the DirectoryUtility program on a client to write appropriate mappings into the macosxodconfig element.

  5. Use DirectoryUtility to set the client to consult the LDAP server for authentication.

This last step is presently under investigation. It is unclear what a Leopard 10.5 client will require.

OSXClientAuthenticationToLDAP (last edited 2009-09-12 04:41:02 by ip72-208-81-143)