Snow Leopard, Ubuntu, LDAP & Automounter Step 4: Configure MacOS to talk to autenticate to LDAP

This article is one part in a multi-part series about how to have centralized logins and home directories with Mac OS 10.6 using an Ubuntu 9.10 server, LDAP & Automounter.  You can find the parent article here.

Important Note: Unless stated otherwise, all the commands in this procedure should be run as root.  To become root from a typical admin user, just type sudo su and enter your password.  You can also just stay the regular user and put the word sudo in front of every command.  I’m using to a root prompt and that drives me crazy, so I just su to root.

This part of the procedure was adapted & updated for Snow Leopard from this one.  (Their procedure has a lot of extra stuff that’s really not necessary.) Their procedure does have a lot of pretty pictures of this, though.  However, it’s with a Leopard client, not a Snow Leopard one, so things look a little different now.

  1. Go to System Preferences > Accounts > Unlock (if locked) > Login Options > Network Account Server > Join > Open Directory Utility
  2. Unlock (if locked). You will be prompted for your admin password.
  3. Select/highlight LDAPv3
  4. Click the small “Pencil” icon in the lower left hand corner just above the lock
  5. Click “New”
  6. Enter the IP address of the LDAP server
  7. Leave “Encrypt using SSL” unchecked (I chose not to use SSL as it’s just my home network.  If you choose to use SSL, there will be additional steps that I did not do.)
  8. Click Continue
  9. You will be asked for your admin passwd.  Enter it.
  10. If you did everything above correct, the dialogue box should now expand, and you should see “dc=home,dc=com” in the “Search Base” box.
  11. Under “Pick a Template,” select RFC 2307 (Unix)
  12. Click Continue.  It will say “Adding Server to Configuration” then “Configuration of New Server Complete.”
  13. Click OK
  14. You will see your server listed there with a name of “Untitled 1.”  Give it your own name and click OK
  15. Select the entry again and Click Edit
  16. On the connection screen change these values:
    1. Open/close times out in 10
    2. Query times out in 10
    3. Re-bind attempted in 10
    4. Uncheck Ignore server referrals
  17. On the Security screen, uncheck “Disable clear-text passwords.”
  18. Click OK
  19. Click OK again
  20. Now look at the top of the box for the second tab called “Search Policy” and select it.
  21. Click the + sign and you should see the new server you just added.  Select it and click Add.
  22. Click the Lock to Save and Lock these settings.
  23. Reboot the Mac

The “Disable Clear Text Passwords” button is a weird one.  The box really only applies if your LDAP server doesn’t allow anonymous queries.  (Yours does because that’s how we configured it.)  That’s why you don’t have to check the “Server requires authentication” box and put a username and password.  But –  if you leave this checked, it doesn’t work.  So there.

Now that the Mac is talking to LDAP, the next step is to configure NFS on the server.

----- Signature and Disclaimer -----

Written by W. Curtis Preston (@wcpreston). For those of you unfamiliar with my work, I've specialized in backup & recovery since 1993. I've written the O'Reilly books on backup and have worked with a number of native and commercial tools. I am now Chief Technical Evangelist at Druva, the leading provider of cloud-based data protection and data management tools for endpoints, infrastructure, and cloud applications. These posts reflect my own opinion and are not necessarily the opinion of my employer.