Kevin Long <> writes:

> It’s unclear to me whether I truly need to add the apple/samba schemas
> to OpenLDAP to appease OS X,  or whether I can map more standard
> attributes from the cosine etc schema to whatever OS X is looking for.

All my users have samba schema (because I also use samba), but they do
not have apple schema.

They can still authenticate on the iMac.

The last time I reinstalle Mac OS X was El captain. I wrote the
following to remember what I needed to do:

The file mentionned there is below. It contains 3 parts:
- what LDAP server is managing the authentication, how to access it, I
am using LDAPS; you may have to change that for TLS
- what is the attribute mapping between MacOSX own version of LDAP and
real OpenLDAP
- the part about SALS disabled authentication: I cannot remember what it
means, but I know it was important (like I waste way to much time to
figure that out).

I hope the information help. It's free, but if you are hiring on that
problem, I can pretend I did not tell you and do the job :)

Best regards,


Dict {
    mappings = Dict {
        template = LDAPv3
        function = ldap:translate_recordtype
        attributes = Array {
        recordtypes = Dict {
            dsRecTypeStandard:Users = Dict {
                attributetypes = Dict {
                    dsAttrTypeStandard:ModificationTimestamp = Dict {
                        native = modifyTimestamp
                    dsAttrTypeStandard:Expire = Dict {
                        native = shadowExpire
                    dsAttrTypeStandard:CreationTimestamp = Dict {
                        native = createTimestamp
                    dsAttrTypeStandard:Change = Dict {
                        native = shadowLastChange
                    dsAttrTypeStandard:UserShell = Dict {
                        native = loginShell
                    dsAttrTypeStandard:PrimaryGroupID = Dict {
                        native = gidNumber
                    dsAttrTypeStandard:RecordName = Dict {
                        native = uid
                    dsAttrTypeStandard:UniqueID = Dict {
                        native = uidNumber
                    dsAttrTypeStandard:Password = Dict {
                        native = userPassword
                    dsAttrTypeStandard:Comment = Dict {
                        native = description
                    dsAttrTypeStandard:RealName = Dict {
                        native = gecos
                    dsAttrTypeStandard:NFSHomeDirectory = Dict {
                        native = homeDirectory
                info = Dict {
                    Group Object Classes = OR
                    Object Classes = Array {
                    Search Base = dc=cs,dc=ait,dc=ac,dc=th
            dsRecTypeStandard:People = Dict {
                attributetypes = Dict {
                    dsAttrTypeStandard:RealName = Dict {
                        native = gecos
                    dsAttrTypeStandard:MobileNumber = Dict {
                        native = mobile
                    dsAttrTypeStandard:State = Dict {
                        native = st
                    dsAttrTypeStandard:JobTitle = Dict {
                        native = title
                    dsAttrTypeStandard:UserCertificate = Dict {
                        native = userCertificate;binary
                    dsAttrTypeStandard:UserPKCS12Data = Dict {
                        native = userPKCS12
                    dsAttrTypeStandard:Country = Dict {
                        native = c
                    dsAttrTypeStandard:PagerNumber = Dict {
                        native = pager
                    dsAttrTypeStandard:PostalCode = Dict {
                        native = postalCode
                    dsAttrTypeStandard:Street = Dict {
                        native = street
                    dsAttrTypeStandard:FirstName = Dict {
                        native = givenName
                    dsAttrTypeStandard:OrganizationName = Dict {
                        native = o
                    dsAttrTypeStandard:PhoneNumber = Dict {
                        native = telephoneNumber
                    dsAttrTypeStandard:RecordName = Dict {
                        native = cn
                    dsAttrTypeStandard:City = Dict {
                        native = l
                    dsAttrTypeStandard:FAXNumber = Dict {
                        native = facsimileTelephoneNumber
                    dsAttrTypeStandard:ModificationTimestamp = Dict {
                        native = modifyTimestamp
                    dsAttrTypeStandard:UserSMIMECertificate = Dict {
                        native = userSMIMECertificate
                    dsAttrTypeStandard:Building = Dict {
                        native = buildingName
                    dsAttrTypeStandard:Department = Dict {
                        native = departmentNumber
                    dsAttrTypeStandard:AddressLine1 = Dict {
                        native = street
                    dsAttrTypeStandard:HomePhoneNumber = Dict {
                        native = homePhone
                    dsAttrTypeStandard:LastName = Dict {
                        native = sn
                    dsAttrTypeStandard:CreationTimestamp = Dict {
                        native = createTimestamp
                    dsAttrTypeStandard:EMailAddress = Dict {
                        native = mail
                    dsAttrTypeStandard:PostalAddress = Dict {
                        native = postalAddress
                info = Dict {
                    Group Object Classes = OR
                    Object Classes = Array {
                    Search Base = dc=cs,dc=ait,dc=ac,dc=th
            dsRecTypeStandard:Mounts = Dict {
                attributetypes = Dict {
                    dsAttrTypeStandard:VFSDumpFreq = Dict {
                        native = mountDumpFrequency
                    dsAttrTypeStandard:CreationTimestamp = Dict {
                        native = createTimestamp
                    dsAttrTypeStandard:VFSType = Dict {
                        native = mountType
                    dsAttrTypeStandard:VFSLinkDir = Dict {
                        native = mountDirectory
                    dsAttrTypeStandard:RecordName = Dict {
                        native = cn
                    dsAttrTypeStandard:VFSPassNo = Dict {
                        native = mountPassNo
                    dsAttrTypeStandard:VFSOpts = Dict {
                        native = mountOption
                    dsAttrTypeStandard:ModificationTimestamp = Dict {
                        native = modifyTimestamp
                info = Dict {
                    Group Object Classes = OR
                    Object Classes = Array {
                    Search Base = dc=cs,dc=ait,dc=ac,dc=th
            dsRecTypeStandard:CertificateAuthorities = Dict {
                attributetypes = Dict {
                    dsAttrTypeStandard:AuthorityRevocationList = Dict {
                        native = authorityRevocationList;binary
                    dsAttrTypeStandard:CreationTimestamp = Dict {
                        native = createTimestamp
                    dsAttrTypeStandard:CertificateRevocationList = Dict {
                        native = certificateRevocationList;binary
                    dsAttrTypeStandard:CrossCertificatePair = Dict {
                        native = crossCertificatePair;binary
                    dsAttrTypeStandard:RecordName = Dict {
                        native = cn
                    dsAttrTypeStandard:ModificationTimestamp = Dict {
                        native = modifyTimestamp
                    dsAttrTypeStandard:CACertificate = Dict {
                        native = cACertificate;binary
                info = Dict {
                    Group Object Classes = OR
                    Object Classes = Array {
                    Search Base = dc=cs,dc=ait,dc=ac,dc=th
            dsRecTypeStandard:Automount = Dict {
                attributetypes = Dict {
                    dsAttrTypeStandard:RecordName = Dict {
                        native = automountKey
                    dsAttrTypeStandard:CreationTimestamp = Dict {
                        native = createTimestamp
                    dsAttrTypeStandard:AutomountInformation = Dict {
                        native = automountInformation
                    dsAttrTypeStandard:Comment = Dict {
                        native = description
                    dsAttrTypeStandard:ModificationTimestamp = Dict {
                        native = modifyTimestamp
                info = Dict {
                    Group Object Classes = OR
                    Object Classes = Array {
                    Search Base = dc=cs,dc=ait,dc=ac,dc=th
            dsRecTypeStandard:Groups = Dict {
                attributetypes = Dict {
                    dsAttrTypeStandard:RecordName = Dict {
                        native = cn
                    dsAttrTypeStandard:PrimaryGroupID = Dict {
                        native = gidNumber
                    dsAttrTypeStandard:GroupMembership = Dict {
                        native = memberUid
                    dsAttrTypeStandard:CreationTimestamp = Dict {
                        native = createTimestamp
                    dsAttrTypeStandard:ModificationTimestamp = Dict {
                        native = modifyTimestamp
                    dsAttrTypeStandard:Member = Dict {
                        native = memberUid
                info = Dict {
                    Group Object Classes = OR
                    Object Classes = Array {
                    Search Base = dc=XXXXXXXXXXXXXXXXXXXXXXXXXXXX
            dsRecTypeStandard:AutomountMap = Dict {
                attributetypes = Dict {
                    dsAttrTypeStandard:RecordName = Dict {
                        native = automountMapName
                    dsAttrTypeStandard:CreationTimestamp = Dict {
                        native = createTimestamp
                    dsAttrTypeStandard:ModificationTimestamp = Dict {
                        native = modifyTimestamp
                    dsAttrTypeStandard:Comment = Dict {
                        native = description
                info = Dict {
                    Group Object Classes = OR
                    Object Classes = Array {
                    Search Base = dc=XXXXXXXXXXXX
    trusttype = anonymous
    module options = Dict {
        AppleODClient = Dict {
            Server Mappings = false
        ldap = Dict {
            Use DNS replicas = false
            Denied SASL Methods = Array {
            Template Search Base Suffix = dc=XXXXXXXXXXXXXXXXXX
    node name = /LDAPv3/
    description = CSIM
    options = Dict {
        man-in-the-middle = false
        connection setup timeout = 15
        destination = Dict {
            other = ldaps
            host =
            port = 636
        packet encryption = 3
        no cleartext authentication = true
        packet signing = 1
        query timeout = 120
        connection idle disconnect = 120
    template = LDAPv3

Reply via email to