Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Version 10.3 or Later
919293949596979899100
92 Chapter 7 Managing Directory Access
Configuring Access to an LDAP Directory
You can use Directory Access to create a configuration that specifies how Mac OS X
accesses a particular LDAPv3 or LDAPv2 directory.
To create a configuration for accessing an LDAP directory:
1 In Directory Access, click Services.
2 If the lock icon is locked, click it and type the name and password of an administrator.
3 Select LDAPv3 in the list of services, then click Configure.
4 If the list of LDAP directory configurations is hidden, click Show Options.
5 Click New and enter a name for the configuration.
6 Press Tab and enter the DNS name or IP address of the server that hosts the LDAP
directory you want to access.
7 Click the pop-up menu next to the DNS name or IP address and choose a mapping
template or choose From Server.
8 Enter the search base suffix for the LDAP directory and click OK.
If you chose a template in step 7, you must enter a search base suffix, or the computer
will not be able to find information in the LDAP directory. Typically, the search base
suffix is derived from the servers DNS name. For example, the search base suffix could
be dc=example, dc=com for a server whose DNS name is server.example.com.
If you chose From Server in step 7, you don’t need to enter a search base. In this case,
Open Directory assumes the search base is the first level of the LDAP directory.
9 Select the SSL checkbox if you want Open Directory to use Secure Sockets Layer (SSL)
for connections with the LDAP directory.
If you want the computer to access the LDAP directory for which you just created a
configuration, you must add the directory to a custom search policy in the
Authentication or Contacts pane of Directory Access. You must also make sure LDAPv3
is enabled in the Services pane. For instructions, see “Enabling or Disabling LDAP
Directory Services” on page 85 and “Defining Custom Search Policies on page 89.
Note: Before you can use Workgroup Manager to create users on a non-Apple LDAP
server that uses RFC 2307 (UNIX) mappings, you must edit the mapping of the Users
record type. For instructions, see “Editing RFC 2307 Mapping to Enable Creating Users
on page 98.
LL2352.Book Page 92 Friday, August 22, 2003 3:12 PM