HT202285: Use Profile Manager or Wiki service with Active Directory or third-party LDAP services
Learn about Use Profile Manager or Wiki service with Active Directory or third-party LDAP services
-
All replies
-
Helpful answers
-
Dec 24, 2014 11:03 AM in response to madoserby datasmith,I setup a mail server (Kerio Connect) to authenticate with LDAP server in 10.9 server, so I can tell you what works for Kerio
The host name is the fully qualified name of the 10.9 server
The user name is
uid=diradmin,cn=users,dc={servername},dc={domain},dc=com
note that I use diradmin for the master admin for Open Directory. To duplicate my efforts, replace the {} brackets and the data inside with your data
The search suffix is parsing of the fully qualified name.
If the FQN is server.domain.com the search suffix would be
dc=server,dc=domain,dc=com
-
Jan 2, 2015 8:48 AM in response to madoserby John Lockwood,Profile Manager requires that the Mac server running Profile Manager also be an Open Directory server. However it is still possible to bind the Mac running Profile Manager to other directory servers as well. It will then search for user accounts to authenticate in the search order you define in Directory Utility.
By the way you cannot 'get' a password from Open Directory. Literally the password is not stored anywhere. When a user is authenticating against an Open Directory account the user types in their password, their Mac then encodes the password and the encoded version is compared against the stored encoded version in the Open Directory server. This encoding however is a one-way process you can encode a password and compare the encoded version but you cannot decode the encoded version back to the password. To 'crack' a password you would have to try encoding every possible password and compare each until you get a match and clearly this would take so long as to be impractical.