Working Settings for Open Directory (Apple's LDAP)


#1

EDIT: I banged at it long enough to get it working. Here are the working settings.

First, assuming your domain is “thisismydomain.com”, your MacOS server’s name is “servername” with a FQDN of “servername.thisismydomain.com” and you have a LDAP user of “myldapusername”

LDAP Host: servername.thisismydomain.com

LDAP Port: 636

LDAP Security: SSL
(This is assuming you have ssl set up properly in Open Directory)

Username Or DN: uid=myldapusername,cn=users,dc=servername,dc=thisismydomain,dc=com

Password: ************

User Schema: dc=servername,dc=thisismydomain,dc=com

User Filter: (&(uid={login}))
This will let your users log in with their username (short name) instead of email address.

Attributes:

  • Email Attribute: mail
  • First Name Attribute: givenName
  • Last Name Attribute: sn

Original Post:

Hey All,

We are using Apple’s Open Directory Server (LDAP) and would like to start using it for Metabase Authentication. I do not have a lot of LDAP experience, and have been playing around with the information in LDAP Debugging. But still struggling to get it right.

Has anyone out there already set this up and able to share what settings worked for them? I’ll share here if I ever figure it out. :slight_smile:

Thanks!


#2

Figured it out! Updated first post with working settings and moved it to FAQs for anyone who might need it later.


#3

Though, I still have not figured out the proper settings for group mappings if anyone has any pointers.