Specifications
If any of the last four options are selected but disabled, the LDAP directory requires
them. If any of these options are unselected and disabled, the LDAP server doesn’t
support them. For more information about setting these options for a Mac OS X
Server LDAP directory, see “Setting a Security Policy for an Open Directory Server”
on page 187.
 Use authentication when connecting: Determines whether the LDAPv3 connection
authenticates itself with the LDAP directory by supplying the specied distinguished
name and password. This option is not visible if the LDAPv3 connection uses trusted
binding with the LDAP directory.
 Bound to the directory as: Species the credentials the LDAPv3 connection uses
for trusted binding with the LDAP directory. This option and the credentials can’t
be changed here. Instead, you can unbind and then bind again with dierent
credentials.
For more information, see “Stopping Trusted Binding with an LDAP Directory” on
page 150 and “Setting Up Trusted Binding for an LDAP Directory” on page 149.
This option is not visible unless the LDAPv3 connection uses trusted binding.
 Disable clear text passwords: Determines whether the password is to be sent as
cleartext if it can’t be validated using an authentication method that sends an
encrypted password.
For more information, see “Selecting Authentication Methods for Shadow Password
Users” on page 11 3 and “Selecting Authentication Methods for Open Directory
Passwords” on page 114 .
 Digitally sign all packets (requires Kerberos): Certies that directory data from the
LDAP server hasn’t been intercepted and modied by another computer while en
route to your computer.
 Encrypt all packets (requires SSL or Kerberos): Requires the LDAP server to encrypt
directory data using SSL or Kerberos before sending it to your computer. Before you
select the “Encrypt all packets (requires SSL or Kerberos)” checkbox, ask your Open
Directory administrator if SSL is needed.
 Block man-in-the-middle attacks (requires Kerberos) Protects against a rogue server
posing as the LDAP server. Best if used with the “Digitally sign all packets” option.
Conguring LDAP Searches and Mappings
Using Directory Utility, you can edit the mappings, search bases, and search scopes
that specify how Mac OS X nds specic data items in an LDAP directory. You can edit
these settings separately for each LDAP directory conguration listed in Directory
Utility. Each LDAP directory conguration species how Mac OS X accesses data in an
LDAPv3 or LDAPv2 directory.
You can edit the following:
The mapping of each Mac OS X record type to LDAP object classes Â
146 Chapter 8 Advanced Directory Client Settings