I’m trying to add on my MAC OSX a Nethserver as Server account network for permit authentication with the users configurated on the server.
According to this article http://goo.gl/svuilV I’ve add the IP of my Nethserver test and it result active.
I’ve just added the ip address of the server, no other params are me asked and neither other I’ve set. The server seems be active and using dscl tool also queryable, but the users directory is empty.
Entering interactive mode... (type "help" for commands)
> cd LDAPv3/
/LDAPv3 > ls
/LDAPv3 > cd 192.168.1.12/
/LDAPv3/192.168.1.12 > ls
/LDAPv3/192.168.1.12 > ls Use
/LDAPv3/192.168.1.12 > ls Users
In the post, using this tool, the Users folders isn’t empty.
Does someone already made a similar configuration with success or have some ideas to use?
Thank you in advance.
I’m not sure… If I recall correctly the LDAP requires STARTTLS and user authentication to browse People and Groups subtrees…
…we could relax this requirement at least for clients in the green and trusted networks. What do you think?
Probably I give up… for now.
I’ve achived the goal to read ldap directory from MAC OsX Directory Utiliy, viewing the Users present on the server.
According to this http://goo.gl/Fx1yD0, its necessary to make some personalization that go head the simple GUI wizard.
Knowing not much Ldap, for me this task is very expensive at this moment. Waiting future development, or on some more explicative how-to, I stay to watch.
However I remain available for testing potentials ideas that come from the community.
What about keeping default like this and allow to change this option? I don’t like to release security policies.
Is it possible to specify an username/address to query LDAP with? If it is, you can use existing libuser account to retrieve data (if you are lazy) with this command:
# perl -e 'use NethServer::Directory; my $password = NethServer::Directory::getUserPassword("libuser", 0) ; printf $password;'
or create another ldap account to read account list (you can copy /etc/e-smith/events/actions/nethserver-ejabberd-conf action from nethserver-ejabberd package)
Never ever bind to LDAP as
libuser: it’s almost root-equivalent. If you’re lazy use your personal credentials!
Mind you, i’m not so much a linux man as i am Apple.
If memory serves correctly you need to use certain .schema files, (the OSX Server handles ldap a bit different) they are found on an OSX server, and i believe that makes an OSX Client work with a Linux server… i shall return later to this topic and see if i can provide you with some links
This is the most recent link i could find, i hope it helps a bit?
Taking up this theme I want to use client authentication against the NS-LDAP on my Macs (High Sierra, Mojave and Catalina)
Start TLS: Disabled
Bind password: ########
Base DN: dc=directory,dc=nh
Bind DN: cn=ldapservice,dc=directory,dc=nh
LDAP URI: ldap://127.0.0.1
User DN: ou=People,dc=directory,dc=nh
Group DN: ou=Groups,dc=directory,dc=nh
two defined users (‘admin’ and ‘marko’)
empty user directory:
If I try to authenticate me:
Whats I do wrong?
Maybe your OSX would like to use TLS?
Do you mean LDAP will not work and I should use AD as Account Provider?
Or what else do you want to say me?
Sorry, I didnt read the whole… But this (AD) could be a solution?
I’m not really familiar with LDAP an AD but AD seems more complex. Thats why I want to use the LDAP-Server and hope it provides enough functionality, because I don’t need to integrate Windows Systems, only Linux Servers and macOS-Clients.
I did all my tests, Windows 10, Linux, MacOS, with AD and it was very easy to implement
I switched to AD and got immediate access.