Specifications
 LDAP Mapping: Choose a template from the pop-up menu, then enter the search
base sux for the LDAP directory and click OK.
If you chose a template, you must enter a search base sux or the computer
can’t nd information in the LDAP directory. Typically, the search base sux is
derived from the server’s DNS name. For example, for a server whose DNS name is
ods.example.com the search base sux is “dc=ods,dc=example,dc=com.“
If you choose From Server instead of a template, a search base sux is not needed.
In this case, Open Directory assumes the search base sux is the rst level of the
LDAP directory.
If you choose Custom, you must set up mappings between the Mac OS X record
types and attributes and the classes and attributes of the LDAP directory you’re
connecting to. For more information, see “Conguring LDAP Searches and
Mappings” on page 14 6.
 SSL: Click the checkbox to enable or disable encrypted communications using
the SSL protocol. Before you select the SSL checkbox, ask your Open Directory
administrator if SSL is needed.
11 To change the following default settings for the duplicate LDAP conguration, click
Edit to display the options, make changes, and click OK when you nish editing them:
Click Connection to set up trusted binding (if the LDAP directory supports it), set Â
timeout options, specify a custom port, ignore server referrals, or force use of the
LDAPv2 (read-only) protocol. For more instructions, see “Changing the Connection
Settings for an LDAP Directory” on page 143.
Click Search & Mappings to set up searches and mappings for an LDAP server. For Â
more information, see “Setting Up Trusted Binding for an LDAP Directory” on page 14 9.
Click Security to set up an authenticated connection (instead of trusted binding) Â
and other security policy options. For more information, see “Changing the Security
Policy for an LDAP Connection” on page 145.
Click Bind to set up trusted binding, or click Unbind to stop trusted binding. (You Â
might not see these buttons if the LDAP directory doesn’t permit trusted binding.) For
more information, see “Setting Up Trusted Binding for an LDAP Directory” on page 14 9.
12 To nish changing the duplicate conguration, click OK.
13 If you want the computer to access the LDAP directory specied by the duplicate
conguration you created, add the directory to a custom search policy in the
Authentication or Contacts pane of Search Policy in Directory Utility and make sure
LDAPv3 is enabled in the Services pane.
For more information, see “Enabling or Disabling LDAP Directory Services” on page 13 3 ,
and “Dening Custom Search Policies” on page 129.
142 Chapter 8 Advanced Directory Client Settings