Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Command-Line
141142143144145146147148149150
Chapter 8 Advanced Directory Client Settings 145
Changing the Security Policy for an LDAP Connection
Using Directory Utility, you can congure a stricter security policy for an LDAPv3
connection than the security policy of the LDAP directory. For example, if the LDAP
directory’s security policy permits clear-text passwords, you can set an LDAPv3
connection to not permit clear-text passwords.
Setting a stricter security policy protects your computer from a malicious hacker trying
to use a rogue LDAP server to gain control of your computer.
The computer must communicate with the LDAP server to show the state of the
security options. Therefore when you change security options for an LDAPv3
connection, the computers authentication search policy should include the LDAPv3
connection.
The permissible settings of an LDAPv3 connections security options are subject to the
LDAP servers security capabilities and requirements. For example, if the LDAP server
doesn’t support Kerberos authentication, several LDAPv3 connection security options
are disabled.
To change an LDAPv3 connection’s security options:
1 Open System Preferences and click Accounts.
2 If the lock icon is locked, unlock it by clicking it and entering the name and password
of an administrator.
3 Click Login Options, then click Edit.
4 Click Open Directory Utility.
5 If the lock icon is locked, unlock it by clicking it and entering the name and password
of an administrator.
6 Click Search Policy.
7 Click Authentication and make sure the LDAPv3 directory you want is listed in the
search policy.
For more information about adding the LDAPv3 directory to the authentication search
policy, see Dening Custom Search Policies” on page 129.
8 Click Services.
9 In the list of services, select LDAPv3 and click the Edit (/) button.
10 If the list of server congurations is hidden, click Show Options.
11 Select the conguration for the directory you want, then click Edit.
12 Click Security and then change any of the following settings.
Note: The security settings here and on the corresponding LDAP server are
determined when the LDAP connection is set up. The settings aren’t updated when
server settings are changed.