I’m trying to add on my MAC OSX a Nethserver as Server account network for permit authentication with the users configurated on the server.
According to this article http://goo.gl/svuilV I’ve add the IP of my Nethserver test and it result active.
I’ve just added the ip address of the server, no other params are me asked and neither other I’ve set. The server seems be active and using dscl tool also queryable, but the users directory is empty.
stefano@iMac:~$ dscl
Entering interactive mode... (type "help" for commands)
> ls
LDAPv3
Local
Contact
Search
> cd LDAPv3/
/LDAPv3 > ls
192.168.1.12
/LDAPv3 > cd 192.168.1.12/
/LDAPv3/192.168.1.12 > ls
AccessControls
Augments
Automount
AutomountMap
CertificateAuthorities
ComputerGroups
ComputerLists
Computers
Config
FileMakerServers
Groups
Locations
Machines
Maps
Mounts
OLCBDBConfig
OLCFrontEndConfig
OLCGlobalConfig
OLCLDIFConfig
OLCOverlayDynamicID
OLCSchemaConfig
OrganizationalUnit
People
Places
PresetComputerGroups
PresetComputerLists
PresetComputers
PresetGroups
PresetUsers
Printers
Resources
UserAuthenticationData
Users
/LDAPv3/192.168.1.12 > ls Use
UserAuthenticationData Users
/LDAPv3/192.168.1.12 > ls Users
/LDAPv3/192.168.1.12 >
In the post, using this tool, the Users folders isn’t empty.
Does someone already made a similar configuration with success or have some ideas to use?
I’ve achived the goal to read ldap directory from MAC OsX Directory Utiliy, viewing the Users present on the server.
According to this http://goo.gl/Fx1yD0, its necessary to make some personalization that go head the simple GUI wizard.
Knowing not much Ldap, for me this task is very expensive at this moment. Waiting future development, or on some more explicative how-to, I stay to watch.
However I remain available for testing potentials ideas that come from the community.
What about keeping default like this and allow to change this option? I don’t like to release security policies.
Is it possible to specify an username/address to query LDAP with? If it is, you can use existing libuser account to retrieve data (if you are lazy) with this command:
or create another ldap account to read account list (you can copy /etc/e-smith/events/actions/nethserver-ejabberd-conf action from nethserver-ejabberd package)
Mind you, i’m not so much a linux man as i am Apple.
If memory serves correctly you need to use certain .schema files, (the OSX Server handles ldap a bit different) they are found on an OSX server, and i believe that makes an OSX Client work with a Linux server… i shall return later to this topic and see if i can provide you with some links
Taking up this theme I want to use client authentication against the NS-LDAP on my Macs (High Sierra, Mojave and Catalina)
My NS-Setup:
Start TLS: Disabled
users_groups.ShellOverride:true
Bind password: ########
Base DN: dc=directory,dc=nh
Bind DN: cn=ldapservice,dc=directory,dc=nh
LDAP URI: ldap://127.0.0.1
User DN: ou=People,dc=directory,dc=nh
Group DN: ou=Groups,dc=directory,dc=nh
two defined users (‘admin’ and ‘marko’)
I’m not really familiar with LDAP an AD but AD seems more complex. Thats why I want to use the LDAP-Server and hope it provides enough functionality, because I don’t need to integrate Windows Systems, only Linux Servers and macOS-Clients.