PDA

View Full Version : authenticating 10.4 off LDAP - almost...


wooferboomus
11-24-2009, 12:01 PM
I've set up various Macs to authenticate off LDAP, so I get the general idea, but I've hit a problem I've never seen before, and I'm hoping someone else can offer suggestions.

The client is running OS 10.4.11, and the connection is set up through Directory Access. I can authenticate OK using the usual command line tools - dscl, dirt, lookupd - but when I try at the actual login window, I fail with the shaking login box. Even /usr/bin/login works to authenticate an LDAP user and gives a command shell.

It's a secure LDAP connection, which I haven't done before, but I think I have the certificate authority set up right, since I can login at the command line, get the record with dscl, etc. The connection also uses an authentication login, but I assume that works for the same reason.

Could it be my attribute mappings? Looks like /usr/bin/login and the login window request a slightly different list, according to DirectoryService.debug.log. I wasn't sure if I need AuthenticationAuthority and what to put for a value. Also, it requests two that I don't even see available in the Directory Access mapping list: CopyTimestamp and OriginalNodeName

If the problem is attributes, which ones does 10.4 even need? I don't need any on the client, I just want to know if the username/password is right and log a user in.

Thanks for any insights.