I made things sound cryptic in my initial post, hence no answers.
I set up a clean install of Lion Server and followed the instructions from Axiole since my last post, but I have the same problem, I cannot import any users.
The ldap directory shows up fine in directory utility, but I cannot add any users in the Server app or in System Prefs>Users.
If anyone can point out something I am missing, please post. I'm getting desperate.
If anyone knows how to add users from an ldap server using the command line, please chime in and clue me in to where I might find that information.
Me too unfortunately. I've captured the traffic from Lion Server to my directory and the queries are fine, and are returning results. Just nothing is being displayed in the App. My guess is that it's looking for a particular attribute or something, but unfortuantely, it's not specifiying that in the queries so I can only guess.
I made some progress in the command-line, but it still doesn't work right. Using Workgroup Manager, I found a user account in the LDAP directory called testuser and exported it to a file. I made a preset in Workgroup Manager for login shell, default group, etc and called it presetLDAP. Then
dsimport [path/to/file...] /LDAPv3/127.0.0.1 I --startid 1025 --groupid 20 --outputfile ./Server_Import_Log.plist --userpreset presetLDAP --username diradmin
Now testuser appears in Server.app, and I can give it permission to various services, but it can't actually login. I've tried AFP, SSH, and wiki, and I always get an invalid password error. My goal is for the password to come from LDAP of course. Apple documentation says imported directory users should have the symbol, while local directory users have the symbol . My freshly-imported testuser has the latter symbol, which is a bad sign. Also, according to this great book, when exporting users from Workgroup Manager,
"User passwords are never exported, so anytime you export and then later import users from a file, you will need to set their passwords after you import the users. "
This seems to be correct, because if I reset testuser's password, it can login correctly. But this defeats the purpose of using LDAP, which is for users to use a global password for all servers. There's something different about dsimport and the Server.app import process. I do notice the following in Console, when trying to import a user through Server.app. It's very strange how similar those arguments are to those of dsimport, but they're not quite the same. I still want to find the command-line version of whatever Server.app is doing.
5/5/12 8:53:36.919 PM Server: about to launch import tool. theArgs is: (
By the way, it seems like my preset was ignored completely by dsimport; I probably don't know the right format for this option.