OS X & LDAP

[06/18/2006]
What works…

The automounter in OSX does work flawlessly. But there are some rules.
Build an openldap instance… Create an ou for mounts, then create an entry that looks something like this:

dn: cn=xxx.xxx.xxx.xxx:/media,ou=mounts,ou=services,dc=daveshouse
mountType: url
objectClass: mount
objectClass: top
structuralObjectClass: mount
mountDirectory: /Network/Servers
cn: xxx.xxx.xxx.xxx:/media
mountOption: net
mountOption: url==afp://;AUTH=NO USER AUTHENT@xxx.xxx.xxx.xxx:/media
First, notice that the mount url is for AFP, not CIFS. I’ll update the page with the correct CIFS url later.
Second: the host must be addressed by IP address. If you try using the DNS name, the mounter will fail.
I have not figured out why this is yet.

Once you have that set up, you can setup the directory through the Directory Access application. You can use RFC 2307, and that will configure things so that your client will get, and use the mount information. You can also do things that are custom, as long as you include the mount objectclass.

For my own purposes, I’ve turned on extensive logging on the directory server, so that I can see all the requests coming from the Mac client. When I reboot the machine, this is what that log looks like:
Jun 18 14:03:37 master slapd[1425]: conn=60728 fd=8 ACCEPT from IP=192.168.0.1:51849 (IP=0.0.0.0:389)
Jun 18 14:03:37 master slapd[1425]: conn=60728 fd=8 closed
Jun 18 14:03:37 master slapd[1425]: conn=60729 fd=8 ACCEPT from IP=192.168.0.1:51850 (IP=0.0.0.0:389)
Jun 18 14:03:37 master slapd[1425]: conn=60729 op=0 BIND dn=”" method=128
Jun 18 14:03:37 master slapd[1425]: conn=60729 op=0 RESULT tag=97 err=0 text=
Jun 18 14:03:37 master slapd[1425]: conn=60729 op=1 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=tty)))”
Jun 18 14:03:37 master slapd[1425]: conn=60729 op=1 SRCH attr=cn gidNumber memberUid
Jun 18 14:03:37 master slapd[1425]: conn=60729 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:03:40 master slapd[1425]: conn=60729 op=2 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(memberUid=nobody)))”
Jun 18 14:03:40 master slapd[1425]: conn=60729 op=2 SRCH attr=cn gidNumber
Jun 18 14:03:40 master slapd[1425]: conn=60729 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:03:40 master slapd[1425]: conn=60729 op=3 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=ffffeeee-dddd-cccc-bbbb-aaaafffffffe)))”
Jun 18 14:03:40 master slapd[1425]: conn=60729 op=3 SRCH attr=cn gidNumber
Jun 18 14:03:40 master slapd[1425]: conn=60729 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:03:48 master slapd[1425]: conn=60729 fd=8 closed
Jun 18 14:04:55 master slapd[1425]: conn=60730 fd=8 ACCEPT from IP=192.168.0.1:49156 (IP=0.0.0.0:389)
Jun 18 14:04:56 master slapd[1425]: conn=60730 fd=8 closed
Jun 18 14:04:56 master slapd[1425]: conn=60731 fd=8 ACCEPT from IP=192.168.0.1:49157 (IP=0.0.0.0:389)
Jun 18 14:04:56 master slapd[1425]: conn=60731 op=0 BIND dn=”" method=128
Jun 18 14:04:56 master slapd[1425]: conn=60731 op=0 RESULT tag=97 err=0 text=
Jun 18 14:04:56 master slapd[1425]: conn=60731 op=1 SRCH base=”" scope=0 deref=0 filter=”(objectClass=*)”
Jun 18 14:04:56 master slapd[1425]: conn=60731 op=1 SRCH attr=supportedSASLMechanisms
Jun 18 14:04:56 master slapd[1425]: conn=60731 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jun 18 14:04:56 master slapd[1425]: conn=60731 op=2 UNBIND
Jun 18 14:04:56 master slapd[1425]: conn=60731 fd=8 closed
Jun 18 14:04:56 master slapd[1425]: conn=60732 fd=8 ACCEPT from IP=192.168.0.1:49158 (IP=0.0.0.0:389)
Jun 18 14:04:56 master slapd[1425]: conn=60732 op=0 BIND dn=”" method=128
Jun 18 14:04:56 master slapd[1425]: conn=60732 op=0 RESULT tag=97 err=0 text=
Jun 18 14:04:56 master slapd[1425]: conn=60732 op=1 SRCH base=”" scope=0 deref=0 filter=”(objectClass=*)”
Jun 18 14:04:56 master slapd[1425]: conn=60732 op=1 SRCH attr=altserver
Jun 18 14:04:56 master slapd[1425]: conn=60732 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jun 18 14:04:56 master slapd[1425]: conn=60732 op=2 UNBIND
Jun 18 14:04:56 master slapd[1425]: conn=60732 fd=8 closed
Jun 18 14:04:56 master slapd[1425]: conn=60733 fd=8 ACCEPT from IP=192.168.0.1:49159 (IP=0.0.0.0:389)
Jun 18 14:04:56 master slapd[1425]: conn=60733 fd=8 closed
Jun 18 14:04:56 master slapd[1425]: conn=60734 fd=8 ACCEPT from IP=192.168.0.1:49160 (IP=0.0.0.0:389)
Jun 18 14:04:56 master slapd[1425]: conn=60734 op=0 BIND dn=”" method=128
Jun 18 14:04:56 master slapd[1425]: conn=60734 op=0 RESULT tag=97 err=0 text=
Jun 18 14:04:56 master slapd[1425]: conn=60734 op=1 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(memberUid=nobody)))”
Jun 18 14:04:56 master slapd[1425]: conn=60734 op=1 SRCH attr=cn gidNumber
Jun 18 14:04:56 master slapd[1425]: conn=60734 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:04:57 master slapd[1425]: conn=60734 op=2 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=ffffeeee-dddd-cccc-bbbb-aaaafffffffe)))”
Jun 18 14:04:57 master slapd[1425]: conn=60734 op=2 SRCH attr=cn gidNumber
Jun 18 14:04:57 master slapd[1425]: conn=60734 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:04:57 master slapd[1425]: conn=60734 op=3 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=lp)))”
Jun 18 14:04:57 master slapd[1425]: conn=60734 op=3 SRCH attr=cn gidNumber memberUid
Jun 18 14:04:57 master slapd[1425]: conn=60734 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:04:57 master slapd[1425]: conn=60734 op=4 SRCH base=”ou=services,dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=mount)))”
Jun 18 14:04:57 master slapd[1425]: conn=60734 op=4 SRCH attr=cn mountDirectory mountType mountOption mountDumpFrequency mountPassNo
Jun 18 14:04:57 master slapd[1425]: conn=60734 op=4 SEARCH RESULT tag=101 err=0 nentries=2 text=
Jun 18 14:04:58 master slapd[1425]: conn=60734 op=5 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=admin)))”
Jun 18 14:04:58 master slapd[1425]: conn=60734 op=5 SRCH attr=cn gidNumber memberUid
Jun 18 14:04:58 master slapd[1425]: conn=60734 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:04:58 master slapd[1425]: conn=60734 op=6 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(memberUid=www)))”
Jun 18 14:04:58 master slapd[1425]: conn=60734 op=6 SRCH attr=cn gidNumber
Jun 18 14:04:58 master slapd[1425]: conn=60734 op=6 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:04:58 master slapd[1425]: conn=60734 op=7 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=ffffeeee-dddd-cccc-bbbb-aaaa00000046)))”
Jun 18 14:04:58 master slapd[1425]: conn=60734 op=7 SRCH attr=cn gidNumber
Jun 18 14:04:58 master slapd[1425]: conn=60734 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:05:00 master slapd[1425]: conn=60734 op=8 SRCH base=”ou=services,dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=mount)))”
Jun 18 14:05:00 master slapd[1425]: conn=60734 op=8 SRCH attr=cn mountDirectory mountType mountOption mountDumpFrequency mountPassNo
Jun 18 14:05:00 master slapd[1425]: conn=60734 op=8 SEARCH RESULT tag=101 err=0 nentries=2 text=
Jun 18 14:05:19 master slapd[1425]: conn=60734 op=9 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=tty)))”
Jun 18 14:05:19 master slapd[1425]: conn=60734 op=9 SRCH attr=cn gidNumber memberUid
Jun 18 14:05:19 master slapd[1425]: conn=60734 op=9 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=10 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=abcdefab-cdef-abcd-efab-cdef0000004f)))”
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=10 SRCH attr=cn gidNumber
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=10 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=11 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=abcdefab-cdef-abcd-efab-cdef00000050)))”
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=11 SRCH attr=cn gidNumber
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=11 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=12 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=abcdefab-cdef-abcd-efab-cdef00000051)))”
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=12 SRCH attr=cn gidNumber
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=12 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=13 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(memberUid=dbuttric)))”
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=13 SRCH attr=cn gidNumber
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=13 SEARCH RESULT tag=101 err=0 nentries=2 text=
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=14 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=aaaabbbb-cccc-dddd-eeee-ffff000003e8)))”
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=14 SRCH attr=cn gidNumber
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=14 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=15 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=aaaabbbb-cccc-dddd-eeee-ffff000003e9)))”
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=15 SRCH attr=cn gidNumber
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=15 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=16 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=7f9ead80-936c-11da-b9aa-0011247d2682)))”
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=16 SRCH attr=cn gidNumber
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=16 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:03:40 master slapd[1425]: conn=60729 op=3 SRCH attr=cn gidNumber
Jun 18 14:03:40 master slapd[1425]: conn=60729 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:03:48 master slapd[1425]: conn=60729 fd=8 closed
Jun 18 14:04:55 master slapd[1425]: conn=60730 fd=8 ACCEPT from IP=192.168.0.1:49156 (IP=0.0.0.0:389)
Jun 18 14:04:56 master slapd[1425]: conn=60730 fd=8 closed
Jun 18 14:04:56 master slapd[1425]: conn=60731 fd=8 ACCEPT from IP=192.168.0.1:49157 (IP=0.0.0.0:389)
Jun 18 14:04:56 master slapd[1425]: conn=60731 op=0 BIND dn=”" method=128
Jun 18 14:04:56 master slapd[1425]: conn=60731 op=0 RESULT tag=97 err=0 text=
Jun 18 14:04:56 master slapd[1425]: conn=60731 op=1 SRCH base=”" scope=0 deref=0 filter=”(objectClass=*)”
Jun 18 14:04:56 master slapd[1425]: conn=60731 op=1 SRCH attr=supportedSASLMechanisms
Jun 18 14:04:56 master slapd[1425]: conn=60731 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jun 18 14:04:56 master slapd[1425]: conn=60731 op=2 UNBIND
Jun 18 14:04:56 master slapd[1425]: conn=60731 fd=8 closed
Jun 18 14:04:56 master slapd[1425]: conn=60732 fd=8 ACCEPT from IP=192.168.0.1:49158 (IP=0.0.0.0:389)
Jun 18 14:04:56 master slapd[1425]: conn=60732 op=0 BIND dn=”" method=128
Jun 18 14:04:56 master slapd[1425]: conn=60732 op=0 RESULT tag=97 err=0 text=
Jun 18 14:04:56 master slapd[1425]: conn=60732 op=1 SRCH base=”" scope=0 deref=0 filter=”(objectClass=*)”
Jun 18 14:04:56 master slapd[1425]: conn=60732 op=1 SRCH attr=altserver
Jun 18 14:04:56 master slapd[1425]: conn=60732 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jun 18 14:04:56 master slapd[1425]: conn=60732 op=2 UNBIND
Jun 18 14:04:56 master slapd[1425]: conn=60732 fd=8 closed
Jun 18 14:04:56 master slapd[1425]: conn=60733 fd=8 ACCEPT from IP=192.168.0.1:49159 (IP=0.0.0.0:389)
Jun 18 14:04:56 master slapd[1425]: conn=60733 fd=8 closed
Jun 18 14:04:56 master slapd[1425]: conn=60734 fd=8 ACCEPT from IP=192.168.0.1:49160 (IP=0.0.0.0:389)
Jun 18 14:04:56 master slapd[1425]: conn=60734 op=0 BIND dn=”" method=128
Jun 18 14:04:56 master slapd[1425]: conn=60734 op=0 RESULT tag=97 err=0 text=
Jun 18 14:04:56 master slapd[1425]: conn=60734 op=1 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(memberUid=nobody)))”
Jun 18 14:04:56 master slapd[1425]: conn=60734 op=1 SRCH attr=cn gidNumber
Jun 18 14:04:56 master slapd[1425]: conn=60734 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:04:57 master slapd[1425]: conn=60734 op=2 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=ffffeeee-dddd-cccc-bbbb-aaaafffffffe)))”
Jun 18 14:04:57 master slapd[1425]: conn=60734 op=2 SRCH attr=cn gidNumber
Jun 18 14:04:57 master slapd[1425]: conn=60734 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:04:57 master slapd[1425]: conn=60734 op=3 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=lp)))”
Jun 18 14:04:57 master slapd[1425]: conn=60734 op=3 SRCH attr=cn gidNumber memberUid
Jun 18 14:04:57 master slapd[1425]: conn=60734 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:04:57 master slapd[1425]: conn=60734 op=4 SRCH base=”ou=services,dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=mount)))”
Jun 18 14:04:57 master slapd[1425]: conn=60734 op=4 SRCH attr=cn mountDirectory mountType mountOption mountDumpFrequency mountPassNo
Jun 18 14:04:57 master slapd[1425]: conn=60734 op=4 SEARCH RESULT tag=101 err=0 nentries=2 text=
Jun 18 14:04:58 master slapd[1425]: conn=60734 op=5 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=admin)))”
Jun 18 14:04:58 master slapd[1425]: conn=60734 op=5 SRCH attr=cn gidNumber memberUid
Jun 18 14:04:58 master slapd[1425]: conn=60734 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:04:58 master slapd[1425]: conn=60734 op=6 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(memberUid=www)))”
Jun 18 14:04:58 master slapd[1425]: conn=60734 op=6 SRCH attr=cn gidNumber
Jun 18 14:04:58 master slapd[1425]: conn=60734 op=6 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:04:58 master slapd[1425]: conn=60734 op=7 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=ffffeeee-dddd-cccc-bbbb-aaaa00000046)))”
Jun 18 14:04:58 master slapd[1425]: conn=60734 op=7 SRCH attr=cn gidNumber
Jun 18 14:04:58 master slapd[1425]: conn=60734 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:05:00 master slapd[1425]: conn=60734 op=8 SRCH base=”ou=services,dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=mount)))”
Jun 18 14:05:00 master slapd[1425]: conn=60734 op=8 SRCH attr=cn mountDirectory mountType mountOption mountDumpFrequency mountPassNo
Jun 18 14:05:00 master slapd[1425]: conn=60734 op=8 SEARCH RESULT tag=101 err=0 nentries=2 text=
Jun 18 14:05:19 master slapd[1425]: conn=60734 op=9 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=tty)))”
Jun 18 14:05:19 master slapd[1425]: conn=60734 op=9 SRCH attr=cn gidNumber memberUid
Jun 18 14:05:19 master slapd[1425]: conn=60734 op=9 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=10 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=abcdefab-cdef-abcd-efab-cdef0000004f)))”
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=10 SRCH attr=cn gidNumber
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=10 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=11 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=abcdefab-cdef-abcd-efab-cdef00000050)))”
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=11 SRCH attr=cn gidNumber
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=11 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=12 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=abcdefab-cdef-abcd-efab-cdef00000051)))”
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=12 SRCH attr=cn gidNumber
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=12 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=13 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(memberUid=dbuttric)))”
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=13 SRCH attr=cn gidNumber
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=13 SEARCH RESULT tag=101 err=0 nentries=2 text=
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=14 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=aaaabbbb-cccc-dddd-eeee-ffff000003e8)))”
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=14 SRCH attr=cn gidNumber
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=14 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=15 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=aaaabbbb-cccc-dddd-eeee-ffff000003e9)))”
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=15 SRCH attr=cn gidNumber
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=15 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=16 SRCH base=”dc=daveshouse” scope=2 deref=0 filter=”(&(|(objectClass=posixGroup))(|(cn=7f9ead80-936c-11da-b9aa-0011247d2682)))”
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=16 SRCH attr=cn gidNumber
Jun 18 14:05:20 master slapd[1425]: conn=60734 op=16 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 18 14:07:31 master slapd[1425]: conn=60734 op=17 UNBIND
Jun 18 14:07:31 master slapd[1425]: conn=60734 fd=8 closed

Here is the mount part for the automounter…
Jun 18 14:05:00 master slapd[1425]: conn=60734 op=8 SRCH base="ou=services,dc=daveshouse" scope=2 deref=0 filter="(&(|(objectClass=mount)))"
Jun 18 14:05:00 master slapd[1425]: conn=60734 op=8 SRCH attr=cn mountDirectory mountType mountOption mountDumpFrequency mountPassNo
Jun 18 14:05:00 master slapd[1425]: conn=60734 op=8 SEARCH RESULT tag=101 err=0 nentries=2 text=
So, now the client has all the info it needs to automount things. Which in my case, is the media directory on my media server. iTunes uses this as it’s music library.

If you want to get the automounter working, and you have an LDAP server handy, that’s how you get it working. To get the logging working at the level that I have, add this line line to your slapd.conf:
loglevel 256
I hope this helps those of you that are confused…

[02/11/2005]
There really is something broken about OSX’s use of LDAP as a directory server.
I dont have an OS X Server. That’s probably a good thing, because I think it must do something to the OOB netinfo that basically invalidates it.

I dont know how they do that.
What needs to happen is this: At system start up after the network is enabled, I need to see some kind of attempt to read some information from the directory.
But I dont see any until AFTER a user logs in.
This means that users that are valid LDAP users cannot login to a machine until AFTER a netinfo user has logged in, and some of the LDAP information is known to the system.
Once that happens, any user with an LDAP entry can login.
Again, the first login has to be from a user with valid local netinfo creds, otherwise no dice. Once a local netinfo user has logged in, all is fine.

This is only for environments where all the machines have local netinfo databases, which is pretty par for the course in small environments. If you have an XServe, and everyone is migrated, then you are fine.
But this leadds me to wonder what happens to the 50% of other businesses that are not configured right, where profiles are not migrated to the server… There’s got to be trouble there.

OpenDirectory is very half baked right now, mostly the work needs to be done at the client side. I’ve been trying alot of things. I’ve customixed my lookupd prefs so that the default search order is Cache DS NI. This did not work. Does anyone know how to override the search order in Directory Access?

[02/01/05]
In further attempts at reverse engineering OpenDirectory, here is the latest status report.

I’ve managed to get just about as far as I really want to go right now. I still cannot BIND to the directory without deleting my user in the local netinfo db. I suppose I could login as one user at home (LDAP) and another on the road, and give them both the same home dir.

I’ve even tried deleting the AuthAuthority setting in my local nidb, no dice. Again, what does work is to rename your nidb user entry to something else. Once you do that - Then BIND authentication works. I think there must be a flag in netinfo that says not to rely on the nidb, and to always validate the user with LDAP, if possible, otherwise fallback to the nidb cache.

You can turn on the Workgroup manager client in OS X by creating an object of objectclass apple-computer and giving it the apple-mcxflags with a value of ‘*has_mcx_settings*’ and creating attribute attribute ‘apple-mcxsettings’ with an empty string as the value. This will cause Workgroup Manager client interface to be displayed on login.

I’m still working on what is contained inside the applemcxsettings attribute, to get stuff to appear insode the workgroup dialog.

Later.

[9/16/2004]
Here’s what I know so far:
First you should know that I am ignoring the Apple documentation, because I cannot get their recommendations to work.
My biggest problem is that I am trying to get a client that has existing user accounts to authenticate on the network using LDAP Bind authentication.
NetInfo stands in the way of this - AFAIK - this is why Apple’s recs are not working for me.
But I am making progress: I’ve turned on the OpenDirectory mapping to the LDAPv3 plugin, and things are starting to look very good. my LDAP server is reporting all the transactions that come across the wire, so I’m able to see what apple is searching for, etc. So far, my laptop has the attributes that it needs to get OD to start to try to get MCX data for it. But since I dont know what that looks like yet, I’m at a loss.
I think that this is what OD wants to do: He wants to start at the machine that you are one, and traverse the tree util he sees that that machine can get auth from the LDAP server, at which point, he’ll try a BIND.
It is taking some time to get to that point…

Anyway, if you want some debug logs so that you see what the client is doing to the LDAP server, leave a message up here, and I can get you the logs.

For the truly brave, try nidump’ing your netInfo db, deleting it, and starting your config from scratch. Actually, I’m half tempted to do this…

[9/15/2004]
The LDAP saga continues
I cant get OSX to BIND to the LDAP directory unless there is no user entry in NetInfo. So, my username is dbuttric, what I did is I changed my netinfo name to dbuttric-0.
Now when I try to login, I get BIND authentication.
The problem with this is that I can only do that after someone else has logged in to the machine I’m trying to login to.
So here’s the sequence of events:
reboot machine.
login as me -> failure.
login as root -> success (root has a netinfo entry)
logout of root.
login as me ->success.

Weird aint it? It only works AFTER you’ve logged in as someone else.

I’ll continue working on this…

[9/15/2004]
Well, so here’s the latest from the research department. I’ve gotten as far as getting OpenLDAP to work using the Apple schema extensions.

The Apple extensiosn are dependent on two schema’s 1) the apple LDAP extensions. 2) the Samba schema.

The fortunate thing is that Apple is not really doing anything proprietary. They are extending two RFC’s that talk about how to use LDAP as an NIS.
But it is tricky. You can download the apple.schema file from Apple, but when you incorporate into a default OpenLDAP installation you get errors about undefined attributes of type ‘authAuthority’.

It turns out that you just need to edit the schema. The authAuthority attribute is defined AFTER it is instanced by an objectClass. As you know, this is illegal, you must define attributetypes first, then you can use them in objectclasses. So, you edit the schema: find where the ‘authAuthority’ is defined, and move it up to before the first objectClass that uses it.

Once you’ve done that, you can start the LDAP server. But you may get another error that says that acctFlag is undefined. This is why you need to incorporate the samba schema.

This is what my includes section of the slapd.conf looks like:

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/rfc822-MailMember.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/redhat/kerberosobject.schema
include /etc/openldap/schema/samba.schema
include /etc/openldap/schema/apple.schema

If youre’s looks like this, and you have edited the apple.schema as I mentioned above, you should be OK.

Now, if I can just figure out how to get the system to BIND for authentication - it seems to just do a FIND when I login… It’s looking for something, and I dont know what…