Specifications
To enable creating user records in an LDAP directory with RFC 2307 mappings:
1 Open System Preferences and click Accounts.
2 If the lock icon is locked, unlock it by clicking it and entering the name and password
of an administrator.
3 Click Login Options, then click Edit.
4 Click Open Directory Utility.
5 If the lock icon is locked, unlock it by clicking it and entering the name and password
of an administrator.
6 Click Services.
7 In the list of services, select LDAPv3 and click the Edit (/) button.
8 If the list of server congurations is hidden, click Show Options.
9 Select the directory conguration with RFC 2307 mappings, then click Edit.
10 Click Search & Mappings.
11 In the list on the left, select Users.
By default, “Map to __ items in list” is set to Any and the list on the right includes
posixAccount, inetOrgPerson, and shadowAccount.
12 Change “Map to __ items in list” to All and then change the list on the right to include
the set of LDAP object classes you want the Users record type mapped to.
For example, you could delete shadowAccount from the list so that users map to
only posixAccount and inetOrgPerson. Alternatively, you could map Users to account,
posixAccount, and shadowAccount:
To change an item on the list, double-click it. Â
To add an item to the list, click Add. Â
To delete the selected item from the list, click Delete. Â
To change the order of listed items, drag items up or down in the list. Â
You can nd the object classes of user records in the LDAP directory by using the
ldapsearch UNIX tool in Terminal. For example, the following code nds object classes
for a user record whose cn attribute is “Leonardo da Vinci:”
$ ldapsearch -x -h ldapserver.example.com -b "dc=example, dc=com"
'cn=Leonardo da Vinci' objectClass
The output displayed for this example would be:
# Leonardo da Vinci, example.com
dn: cn=Leonardo da Vinci, dc=example, dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
15 6 Chapter 8 Advanced Directory Client Settings