Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Version 10.3 or Later
919293949596979899100
98 Chapter 7 Managing Directory Access
10 Click Write to Server if you want to store the mappings in the LDAP directory so that it
can supply them automatically to its clients.
You must enter a search base to store the mappings, a distinguished name of an
administrator (for example, cn=admin,dc=example,dc=com), and a password. If you are
writing mappings to an Open Directory LDAP server, the correct search base is
cn=config, <suffix>” (where <suffix> is the server’s search base suffix, such as
dc=example,dc=com”).
The LDAP directory supplies its mappings to clients that are configured to use an
automatic search policy. For instructions on configuring the client search policy, see
“Setting Up the Authentication and Contacts Search Policies on page 87.
The LDAP directory also supplies its mappings to clients that have been configured
manually to get mappings from the server. For instructions on configuring client access
to the server, see “Configuring Access to an LDAP Directory on page 92 through
“Changing the Connection Settings for an LDAP Directory on page 95.
Mapping Config Record Attributes for LDAP Directories
If you want to store information for managed Mac OS X users in an LDAP directory,
make sure you map the following attributes of the Config record type: RealName and
DataStamp. If you do not map these attributes, the following error message will be
displayed when you use Workgroup Manager to change a user record that resides in
the LDAP directory:
The attribute with name dsRecTypeStandard:Config is not mapped.
You can ignore this message if you are not using Mac OS X client management, which
depends on the Config record type’s RealName and DataStamp attributes for a cache.
Editing RFC 2307 Mapping to Enable Creating Users
Before you can use Workgroup Manager to create users on a non-Apple LDAP directory
server that uses RFC 2307 (UNIX) mappings, you must edit the mapping of the Users
record type. You do this with the Directory Access application.
To enable creating user records in an LDAP directory with RFC 2307 mappings:
1 In Directory Access, click Services.
2 If the lock icon is locked, click it and type the name and password of an administrator.
3 Select LDAPv3 in the list of services, then click Configure.
4 If the list of server configurations is hidden, click Show Options.
5 Select the directory configuration with RFC 2307 mappings, then click Edit.
6 Click Search & Mappings.
7 Select Users in the list on the left.
By default, “Map to __ items in list” is set to Any and the list on the right includes
posixAccount, inetOrgPerson, and shadowAccount.
LL2352.Book Page 98 Friday, August 22, 2003 3:12 PM