Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Command-Line
151152153154155156157158159160
Chapter 8 Advanced Directory Client Settings 155
Changing the Password Used for Authenticating an LDAP Connection
Using Directory Utility, you can update an authenticated LDAP connection to use
a password that has been changed on the LDAP server. (All computers having an
authenticated connection to an LDAP server must be updated if the password used to
authenticate the LDAP connection is changed on the server.)
To change the password for an LDAP connection:
1 Open System Preferences and click Accounts.
2 If the lock icon is locked, unlock it by clicking it and entering the name and password
of an administrator.
3 Click Login Options, then click Edit.
4 Click Open Directory Utility.
5 If the lock icon is locked, unlock it by clicking it and entering the name and password
of an administrator.
6 Click Services.
7 In the list of services, select LDAPv3 and click the Edit (/) button.
8 If the list of server congurations is hidden, click Show Options.
9 In the list, select a server conguration and click Edit.
10 Click Security and change the Password setting:
If the Password setting is dimmed because “Use authentication when connecting is Â
not selected, see Authenticating an LDAP Connection on page 154.
If the Password setting is dimmed because “Bound to the directory as is selected Â
(but dimmed), the connection isn’t authenticated with a user password. Instead, the
connection uses an authenticated computer record for trusted binding.
Mapping Cong Record Attributes for LDAP Directories
To store information for managed Mac OS X users in a non-Apple LDAP directory, you
must map the following Cong record type attributes: RealName and DataStamp.
If you do not map these attributes, the following error message will appear when you
use Workgroup Manager to change a user record that resides in the LDAP directory:
The attribute with name dsRecTypeStandard:Cong” is not mapped.
You can ignore this message if you are not using Mac OS X client management, which
depends on the Cong record types RealName and DataStamp attributes for a cache.
Editing RFC 2307 Mapping to Enable Creating Users
Before you can use Workgroup Manager to create users on a non-Apple LDAP
directory server that uses RFC 2307 (UNIX) mappings, you must edit the mapping of
the Users record type. You do this with Directory Utility.