Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Command-Line
131132133134135136137138139140
Chapter 8 Advanced Directory Client Settings 137
For more information about adding a computer to a computer group, see the
computer groups chapter of User Management.
12 If the dialog expands to display connection options, select “Use authentication
when selecting” and enter the distinguished name and password of a user account
in the directory.
The options for an authenticated connection appear if the LDAP server supports an
authenticated connection but not trusted binding. An authentication connection
is not mutual: the LDAP server authenticates the client but the client doesn’t
authenticate the server.
“Use authentication when selecting is preselected but dimmed if the LDAP server
requires you to enter a user account’s distinguished name and password for an
authenticated connection.
The distinguished name can specify any user account that has permission to see data
in the directory. For example, a user account whose short name is dirauth on an LDAP
server and whose address is ods.example.com would have the distinguished name uid
=dirauth,cn=users,dc=ods,dc=example,dc=com.
Important: If the distinguished name or password are incorrect, you can log in to the
computer using user accounts from the LDAP directory.
13 Click OK to nish creating the LDAP connection.
14 Click OK to nish conguring LDAPv3 options.
If you selected “Use for authentication or “Use for contacts in step 5, the LDAP
directory conguration you created is added to a custom search policy in the
Authentication or Contacts pane of Directory Utility.
Make sure LDAPv3 is enabled in the Services pane so the computer will use the LDAP
conguration you created. For more information, see Enabling or Disabling LDAP
Directory Services on page 13 3.
Conguring Access to an LDAP Directory Manually
You can manually create a conguration that species how Mac OS X accesses an
LDAPv3 or LDAPv2 directory. You must know the DNS name or IP address of the LDAP
directory server.
If the directory is not hosted by Mac OS X Server, you must know the search base
and the template for mapping Mac OS X data to the directorys data. The supported
mapping templates are:
 From Server, for a directory that supplies its own mappings and search base,
such as Mac OS X Server
 Open Directory Server, for a directory that uses the Mac OS X Server schema