Currently Being ModeratedAug 10, 2011 4:15 AM (in response to JKasten83)
Just to add a bit more information:
The opendirectoryd.log states: "AppleODClient - unable to open OD connection to Password Server"
Does anybody have the same problems? Is there anybody, who can successfully connect to an LDAP server and use the authentication?
Currently Being ModeratedAug 15, 2011 5:53 AM (in response to JKasten83)
I found a post here with the solution :
Just : after delete AuthenticationAuthority, think to Save at bottom
It's OK !
Currently Being ModeratedAug 19, 2011 5:19 AM (in response to JKasten83)
I am having the same issues now! Before, it was not possible to login any user. Now, every user can be logged in with any password (restricted to LDAP users). This is a really serious problem.
Currently Being ModeratedAug 22, 2011 1:10 AM (in response to JKasten83)
By removing and readding the LDAP server, the strange behavior that NO password is needed was fixed. Now, no LDAP user can be authenticated by password anymore -- this was the initial behavior.
As far as I can see, there are only two options:
1. No LDAP user can login.
2. Every LDAP user can be logged in with any password.
Thus, the problem is still not solved.
Currently Being ModeratedAug 23, 2011 6:46 AM (in response to JKasten83)
I have now reported the problem to Apple via http://www.apple.com/feedback/macosx.html
I'm going to double check if this is related to mobile accounts which we use with the LDAP configuration to allow offline logins. I doubt that's the reason, but I'll try one more time from scratch, just to be sure.
Currently Being ModeratedAug 23, 2011 7:29 AM (in response to samvais)
No change. I did as plain and simple configuration as possible.
1. Edited /etc/openldap/ldap.conf with the path to certificate
2. created simple ldap configuration with directory utility (RFC2307 with SSL): dc=domain,dc=tld
3. booted and noticed there's a minor bug which changes the configuration NOT to use SSL, fixed the configuration and booted again.
4. Logged in with real username and wrong password. Uids and gids of users are correct and dscacheutil -configuration shows the correct servers, but the password is not verified.
Currently Being ModeratedAug 23, 2011 11:51 AM (in response to JKasten83)
noticed a little difference using ldap accounts at the login screen and shell. The shell denies ldap accounts authentication (su - ldap_user) if no password is given. The login screen allows ldap accounts with a blank password.
Currently Being ModeratedAug 29, 2011 4:56 PM (in response to JKasten83)
I just spoke to an Apple representative... whose advice is to NOT upgrade to Lion until a fix is found. They have committed to emailing info through once it is available. Let's hope
Currently Being ModeratedAug 29, 2011 6:14 PM (in response to DarrenAus)
Are you working with ROOT enabled or selected in Directory Utility?
Your LDAP server, what is it? OS etc. Lion?
What happens when you use ldapsearch? From Lion terminal? From other Client Terminal? Using Directory Utility?
Does the Lion Client find the users DN but does not drop and then reconnect using the DN?
Can the loged in user access any other services on the network?
Do they access
Are you using mixed authentication methods?
What is the relationship LDAP has with these if any? (Kerberos authentication of LDAP clients, LDAP Auth supporting kerberos, etc.?)
I think we have a very simple fix but need to know more...
Currently Being ModeratedAug 29, 2011 11:01 PM (in response to JKasten83)