Specifications
9 Select the options for accessing the directory:
Select “Encrypt using SSL” if you want Open Directory to use Secure Sockets Layer Â
(SSL) for connections with the LDAP directory. Before you select this, ask your Open
Directory administrator to determine if SSL is needed.
Select “Use for authentication” if this directory contains user accounts that someone Â
will use to log in or authenticate to services.
Select “Use for contacts” if this directory contains mail addresses and other Â
information you want to use in Address Book.
If Directory Utility can’t contact the LDAP server, a message appears and you must
congure access manually or cancel the setup process. For more information about
manual conguration instructions, see “Conguring Access to an LDAP Directory
Manually” on page 13 7.
If the dialog expands to show mapping options, choose the mapping template from
the pop-up menu, enter the search base sux, and then click Continue.
Typically, the search base sux is derived from the server’s DNS name. For example,
the search base sux could be “dc=ods,dc=example,dc=com” for a server whose DNS
name is ods.example.com.
If no available mapping templates apply to the connection you’re setting up,
click Manual. For more information, see “Conguring Access to an LDAP Directory
Manually” on page 13 7.
10 To have Directory Utility get information from the LDAP server, click Continue.
11 If the dialog expands to display options for trusted binding, enter the name of the
computer and the name and password of a directory administrator. (The binding
might be optional.)
The dialog tells you whether the LDAP directory requires trusted binding or makes
it optional. Trusted binding is mutual: each time the computer connects to the LDAP
directory, they authenticate each other. If trusted binding is set up or the LDAP
directory doesn’t support trusted binding, the Bind button does not appear. Make sure
you supplied the correct computer name.
If you see an alert saying that a computer record exists, click Cancel to go back and
change the computer name, or click Overwrite to replace the existing computer record.
The existing computer record might be abandoned, or it might belong to another
computer.
If you replace an existing computer record, notify the LDAP directory administrator in
case replacing the record disables another computer. In this case, the LDAP directory
administrator must give the disabled computer a dierent name and add it back to the
computer group it belonged to.
13 6 Chapter 8 Advanced Directory Client Settings