8 Replies Latest reply: May 6, 2012 1:40 AM by spookybathtub
David Grant Kochi Level 1 Level 1 (70 points)

We have a third party custom Axiole RFC2307 (unix) ldap server . I was never able to bind it with OS X Server 10.6 as there was never any documentation in any language for 10.6 until recently, but now I really need to bind it with Lion server and there is only 10.6 documentation in Japanese, which I fully understand. I've followed all instructions from Axiole, I am connected to it, but no users or groups appear in the users pane of the Server app. I have full support from the admin and I have decoded all of the Japanese documentation and followed it with a Japanese admin to know avail. After many hours of messing around, I cannot find what I am doing wrong. If anyone has any wisdom that would help me get this working, please share it with me. Thank you.

  • David Grant Kochi Level 1 Level 1 (70 points)

    I made things sound cryptic in my initial post, hence no answers.

     

    I set up a clean install of Lion Server and followed the instructions from Axiole since my last post, but I have the same problem, I cannot import any users.

     

    The ldap directory shows up fine in directory utility, but I cannot add any users in the Server app or in System Prefs>Users.

     

    If anyone can point out something I am missing, please post. I'm getting desperate.

     

    If anyone knows how to add users from an ldap server using the command line, please chime in and clue me in to where I might find that information.

     

    Thank you.

  • jason.schaefer Level 1 Level 1 (0 points)

    I have this same issue in my test lab. Everything worked perfectly on 10.6 Server and now have this same issue.

     

    In Directory Uitility i can browse the LDAP but from the Server.app cannot import anything from the listed LDAP server.

  • JollyRoger_UD Level 1 Level 1 (0 points)

    Unfortunately I have the same issue...

  • slacker775 Level 1 Level 1 (0 points)

    Me too unfortunately.  I've captured the traffic from Lion Server to my directory and the queries are fine, and are returning results.  Just nothing is being displayed in the App.  My guess is that it's looking for a particular attribute or something, but unfortuantely, it's not specifiying that in the queries so I can only guess.

  • rodrigoNR Level 1 Level 1 (0 points)

    Having the exact same issues myself.  Like slacker775, I've confirmed that the queries are correct and are indeed returning the correct users, just not showing up in the Server.app UI.  Extremely frustrating!

  • spookybathtub Level 1 Level 1 (70 points)

    Same problem.  I'm running Lion Server 10.7.3.  My LDAP users show up in Directory Utility just fine, but they will not show up in Server.app.  Is there any other way to import users, with the command line?

  • spookybathtub Level 1 Level 1 (70 points)

    I filed a bug report; I suggest you all do the same so Apple will fix this!

    https://developer.apple.com/bugreporter/

  • spookybathtub Level 1 Level 1 (70 points)

    I made some progress in the command-line, but it still doesn't work right.  Using Workgroup Manager, I found a user account in the LDAP directory called testuser and exported it to a file.  I made a preset in Workgroup Manager for login shell, default group, etc and called it presetLDAP.  Then

    dsimport [path/to/file...] /LDAPv3/127.0.0.1 I --startid 1025 --groupid 20 --outputfile ./Server_Import_Log.plist --userpreset presetLDAP --username diradmin

    Now testuser appears in Server.app, and I can give it permission to various services, but it can't actually login.  I've tried AFP, SSH, and wiki, and I always get an invalid password error.  My goal is for the password to come from LDAP of course.  Apple documentation says imported directory users should have the symbol/___sbsstatic___/migration-images/183/18312444-1.png, while local directory users have the symbol /___sbsstatic___/migration-images/183/18312444-2.png.  My freshly-imported testuser has the latter symbol, which is a bad sign.  Also, according to this great book, when exporting users from Workgroup Manager,

    "User passwords are never exported, so anytime you export and then later import users from a file, you will need to set their passwords after you import the users. "

    This seems to be correct, because if I reset testuser's password, it can login correctly.  But this defeats the purpose of using LDAP, which is for users to use a global password for all servers.  There's something different about dsimport and the Server.app import process.  I do notice the following in Console, when trying to import a user through Server.app.  It's very strange how similar those arguments are to those of dsimport, but they're not quite the same.  I still want to find the command-line version of whatever Server.app is doing.

    5/5/12 8:53:36.919 PM Server: about to launch import tool.  theArgs is: (

        "/Users/Shared/testuserexportfile",

        "/LDAPv3/127.0.0.1",

        I,

        "-s",

        1025,

        "-r",

        20,

        "-v",

        "--outputfile",

        "/tmp/Server_Import_Log.plist"

    )


     

     

    By the way, it seems like my preset was ignored completely by dsimport; I probably don't know the right format for this option.