OpenLDAP on Linux for Apple Clients?

← Back to Stories (view on slashdot.org)

OpenLDAP on Linux for Apple Clients?

Posted by Cliff on Monday January 27, 2003 @01:20PM from the interoperability dept.

groovemaneuver asks: "I've managed to get a working OpenLDAP directory running on my network. Linux, Windows, and Apple boxes are all happily authenticating. I have imported the 'apple.schema' file to the LDAP server from one of my Macs, but I cannot seem to find any info on the proper syntax for the various apple schema attributes. Anyone have any idea where one could find this? This is the one obstacle keeping my network from having a single source of authentication, and I'm sure this info would be useful to more than just myself. Thanks!"

4 of 22 comments (clear)

Min score:

Reason:

Sort:

apple discussions pages have some hits. relevent? by davidyorke · 2003-01-27 13:44 · Score: 4, Informative

try http://discussions.info.apple.com and search on "openldap"
You need to check MacOS X Secrets. by PorkCharSui · 2003-01-27 13:45 · Score: 5, Informative

Since most users are users are not using LDAP on Jaguar, Apple does not tend to document the steps necessary to set it up. Jaguar Server on the other hand is a different question though.
Integrating Mac OS X with Active Directory BTW this also includes using secure LDAP authentication!
A quick search at Mac OS X Hints turns up some usefull sources too.
Look in NetInfo, or just use RFC 2307 by plsuh · 2003-01-27 13:55 · Score: 4, Informative

Apple's version of OpenLDAP uses NetInfo as its backing store -- the apple.schema file merely exports the contents. Go to a Mac OS X Server machine and look at the values it puts into NetInfo. This will give you examples of what you need to put into the corresponding LDAP server entries on your Linux server.

Probably easier is to just use the LDAP values you already have in the RFC 2307 schema for your Linux machines, and set the Mac OS X machines to use the RFC 2307 schema by using the Directory Access application.

--Paul
LDAP warning by sofar · 2003-01-27 23:45 · Score: 3, Interesting

After 4 years of professional experience in running routers, general multipupose servers and all the way to full GNU desktops, I decided to try to install a LDAP server so everyone here can keep a joint company address book.

Bad idea

almost a year later this project is still not finished. I've prolly stumped into this once a month and spent a days reading and trying to figger out how to get the backend bootstrapped. No such luck.

I've completely dropped the idea of having LDAP as a database server because of this and I'm very disappointed because of it. In the end you can get the software everywhere, the user-howto's are sublimely stupid (open netscape and click "my addressbooK"), but there is no adequate support, help or whatever information about what to do when you have slapd running, but no data in there yet.

I've no time to dig into this deeper, but I think LDAP should be shot dead for this. I hope you don't fall into the same pifall I did.