Currently Being ModeratedSep 13, 2011 8:34 PM (in response to David Grant Kochi)
I made things sound cryptic in my initial post, hence no answers.
I set up a clean install of Lion Server and followed the instructions from Axiole since my last post, but I have the same problem, I cannot import any users.
The ldap directory shows up fine in directory utility, but I cannot add any users in the Server app or in System Prefs>Users.
If anyone can point out something I am missing, please post. I'm getting desperate.
If anyone knows how to add users from an ldap server using the command line, please chime in and clue me in to where I might find that information.
Currently Being ModeratedDec 19, 2011 11:43 AM (in response to David Grant Kochi)
I have this same issue in my test lab. Everything worked perfectly on 10.6 Server and now have this same issue.
In Directory Uitility i can browse the LDAP but from the Server.app cannot import anything from the listed LDAP server.
Currently Being ModeratedFeb 14, 2012 1:02 PM (in response to David Grant Kochi)
Me too unfortunately. I've captured the traffic from Lion Server to my directory and the queries are fine, and are returning results. Just nothing is being displayed in the App. My guess is that it's looking for a particular attribute or something, but unfortuantely, it's not specifiying that in the queries so I can only guess.
Currently Being ModeratedApr 9, 2012 4:18 PM (in response to David Grant Kochi)
Having the exact same issues myself. Like slacker775, I've confirmed that the queries are correct and are indeed returning the correct users, just not showing up in the Server.app UI. Extremely frustrating!
Currently Being ModeratedMay 5, 2012 6:01 PM (in response to David Grant Kochi)
Same problem. I'm running Lion Server 10.7.3. My LDAP users show up in Directory Utility just fine, but they will not show up in Server.app. Is there any other way to import users, with the command line?
Currently Being ModeratedMay 6, 2012 1:40 AM (in response to spookybathtub)
I made some progress in the command-line, but it still doesn't work right. Using Workgroup Manager, I found a user account in the LDAP directory called testuser and exported it to a file. I made a preset in Workgroup Manager for login shell, default group, etc and called it presetLDAP. Then
dsimport [path/to/file...] /LDAPv3/127.0.0.1 I --startid 1025 --groupid 20 --outputfile ./Server_Import_Log.plist --userpreset presetLDAP --username diradmin
Now testuser appears in Server.app, and I can give it permission to various services, but it can't actually login. I've tried AFP, SSH, and wiki, and I always get an invalid password error. My goal is for the password to come from LDAP of course. Apple documentation says imported directory users should have the symbol, while local directory users have the symbol . My freshly-imported testuser has the latter symbol, which is a bad sign. Also, according to this great book, when exporting users from Workgroup Manager,
"User passwords are never exported, so anytime you export and then later import users from a file, you will need to set their passwords after you import the users. "
This seems to be correct, because if I reset testuser's password, it can login correctly. But this defeats the purpose of using LDAP, which is for users to use a global password for all servers. There's something different about dsimport and the Server.app import process. I do notice the following in Console, when trying to import a user through Server.app. It's very strange how similar those arguments are to those of dsimport, but they're not quite the same. I still want to find the command-line version of whatever Server.app is doing.
5/5/12 8:53:36.919 PM Server: about to launch import tool. theArgs is: (
By the way, it seems like my preset was ignored completely by dsimport; I probably don't know the right format for this option.