Mac won't get LDAP users

Question

I have a bit of a problem. I set up an ldap server, that my mac client needs to get users from, but something is blocking it to get the users, when i try to add the server in the users & groups settings. I tried running an ldap search:

ldapsearch -h fredericia -x -b "ou=People,dc=mosek,dc=intranet" 'uid=tomas'
# extended LDIF
#
# LDAPv3
# base <ou=People,dc=mosek,dc=intranet> with scope subtree
# filter: uid=tomas
# requesting: ALL
#

# Tomas Nielsen, People, mosek.intranet
dn: cn=Tomas Nielsen,ou=People,dc=mosek,dc=intranet
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
sambaDomainName: MOSEK.INTRANET
displayName: Tomas Nielsen
sambaPrimaryGroupSID: S-1-5-21-3478201071-2449328918-32663390-21005
sambaSID: S-1-5-21-3478201071-2449328918-32663390-21000
homeDirectory: /home/tomas
loginShell: /bin/bash
uid: tomas
cn: Tomas Nielsen
gidNumber: 10002
sn: Nielsen
givenName: Tomas
sambaNTPassword: xxxxxxxxxxxxxxxxxx (redacted)
sambaPasswordHistory:  00000000000000000000000000000000000000000000000000000000
 00000000
sambaPwdLastSet: 1469779096
sambaAcctFlags: [XU         ]
sambaHomePath: \\fredericia\tomas
uidNumber: 10005
sambaHomeDrive: Z:
sambaLogonScript: logon.bat

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

but when I try to do ldapwhoami:

ldapwhoami -v -h fredericia -U tomas 
ldap_initialize( ldap://fredericia )
SASL/DIGEST-MD5 authentication started
Please enter your password: 
ldap_sasl_interactive_bind_s: Invalid credentials (49)
    additional info: SASL(-13): user not found: no secret in database

why can it find the users in the ldap three, but can't do a ldapwhoami? and I am sure about putting in the right password. somehow the mac can see and comminicate with the ldap server just find, it just won't use the users.

Try adding an -x to the ldapwhoami. That should switch the authentication mechanism to simple instead of sasl. — Jan, Sep 09 '16 at 12:00
ldapwhoami does its own manual bind to the LDAP server, ignoring the system binding(s). What you really want is something that goes through the OS X's built-in directory services (i.e. through its binding, attribute mappings, etc). Either use standard commands like `id`, or use the Directory Editor in /System/Library/CoreServices/Applications/Directory Utility.app. — Gordon Davisson, Sep 10 '16 at 06:20
What exactly happens when you add `yourldapserv.hostname.net` (fredericia?) to the "Remote Login" section of the Users & Groups pane? OSX has some real specifics about what type of hostnames work for the ldap implimentation, that may be the problem, see for example ["Server hostname must match fqdn..."](https://discussions.apple.com/thread/6494202?tstart=0). — bourneN5years, Sep 11 '16 at 23:13

score 1 · Accepted Answer · answered Sep 12 '16 at 04:24

1

I found the error

When i adder the server through the build in directory service, all i needed to do was change the ldap mappen from 'from server' to 'RFC2307' and then it worked perfectly

answered Sep 12 '16 at 04:24

Tomas

259
3
7
16

Mac won't get LDAP users

1 Answers1