Skip navigation

Importing users from third party ldap server

959 Views 8 Replies Latest reply: May 6, 2012 1:40 AM by spookybathtub RSS
David Grant Kochi Level 1 Level 1 (70 points)
Currently Being Moderated
Aug 3, 2011 4:19 AM

We have a third party custom Axiole RFC2307 (unix) ldap server . I was never able to bind it with OS X Server 10.6 as there was never any documentation in any language for 10.6 until recently, but now I really need to bind it with Lion server and there is only 10.6 documentation in Japanese, which I fully understand. I've followed all instructions from Axiole, I am connected to it, but no users or groups appear in the users pane of the Server app. I have full support from the admin and I have decoded all of the Japanese documentation and followed it with a Japanese admin to know avail. After many hours of messing around, I cannot find what I am doing wrong. If anyone has any wisdom that would help me get this working, please share it with me. Thank you.

  • jason.schaefer Calculating status...

    I have this same issue in my test lab. Everything worked perfectly on 10.6 Server and now have this same issue.

     

    In Directory Uitility i can browse the LDAP but from the Server.app cannot import anything from the listed LDAP server.

  • JollyRoger_UD Calculating status...

    Unfortunately I have the same issue...

  • slacker775 Calculating status...

    Me too unfortunately.  I've captured the traffic from Lion Server to my directory and the queries are fine, and are returning results.  Just nothing is being displayed in the App.  My guess is that it's looking for a particular attribute or something, but unfortuantely, it's not specifiying that in the queries so I can only guess.

  • rodrigoNR Calculating status...

    Having the exact same issues myself.  Like slacker775, I've confirmed that the queries are correct and are indeed returning the correct users, just not showing up in the Server.app UI.  Extremely frustrating!

  • spookybathtub Level 1 Level 1 (70 points)

    Same problem.  I'm running Lion Server 10.7.3.  My LDAP users show up in Directory Utility just fine, but they will not show up in Server.app.  Is there any other way to import users, with the command line?

  • spookybathtub Level 1 Level 1 (70 points)
    Currently Being Moderated
    May 5, 2012 6:35 PM (in response to spookybathtub)

    I filed a bug report; I suggest you all do the same so Apple will fix this!

    https://developer.apple.com/bugreporter/

  • spookybathtub Level 1 Level 1 (70 points)
    Currently Being Moderated
    May 6, 2012 1:40 AM (in response to spookybathtub)

    I made some progress in the command-line, but it still doesn't work right.  Using Workgroup Manager, I found a user account in the LDAP directory called testuser and exported it to a file.  I made a preset in Workgroup Manager for login shell, default group, etc and called it presetLDAP.  Then

    dsimport [path/to/file...] /LDAPv3/127.0.0.1 I --startid 1025 --groupid 20 --outputfile ./Server_Import_Log.plist --userpreset presetLDAP --username diradmin

    Now testuser appears in Server.app, and I can give it permission to various services, but it can't actually login.  I've tried AFP, SSH, and wiki, and I always get an invalid password error.  My goal is for the password to come from LDAP of course.  Apple documentation says imported directory users should have the symbol/___sbsstatic___/migration-images/183/18312444-1.png, while local directory users have the symbol /___sbsstatic___/migration-images/183/18312444-2.png.  My freshly-imported testuser has the latter symbol, which is a bad sign.  Also, according to this great book, when exporting users from Workgroup Manager,

    "User passwords are never exported, so anytime you export and then later import users from a file, you will need to set their passwords after you import the users. "

    This seems to be correct, because if I reset testuser's password, it can login correctly.  But this defeats the purpose of using LDAP, which is for users to use a global password for all servers.  There's something different about dsimport and the Server.app import process.  I do notice the following in Console, when trying to import a user through Server.app.  It's very strange how similar those arguments are to those of dsimport, but they're not quite the same.  I still want to find the command-line version of whatever Server.app is doing.

    5/5/12 8:53:36.919 PM Server: about to launch import tool.  theArgs is: (

        "/Users/Shared/testuserexportfile",

        "/LDAPv3/127.0.0.1",

        I,

        "-s",

        1025,

        "-r",

        20,

        "-v",

        "--outputfile",

        "/tmp/Server_Import_Log.plist"

    )


     

     

    By the way, it seems like my preset was ignored completely by dsimport; I probably don't know the right format for this option.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.