You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Lion LDAP Authentication Problem

Hi helpers,


we are using an OpenLDAP server to authenticate our users to different desktop machines. Using SL everything worked just perfect. Now, I upgraded to 10.7 and the login of the LDAP users does not work anymore. I can see all users of the LDAP server listed in the directory service. Furthermore, using dscacheutil, I can get the uid and so on from the LDAP server. Just the password authentification does not work. Using "su", I get "su: Sorry" all the time.


Thanks for your help


J

Mac Pro, Mac OS X (10.7)

Posted on Aug 9, 2011 8:35 AM

Reply
35 replies

Sep 7, 2011 9:39 PM in response to JKasten83

We are seeing the same problem as original post. The client is trying to use the LDAP server as a Password Server even though it is not an Open Directory environment or configuration. Workgroup Manager recognizes that the user *should* authenticate via crypt passwords. A packet dump of uncrypted LDAP doesn't show the password being transmitted to the LDAP server.

Sep 9, 2011 10:54 AM in response to drStrangeP0rk

We're running Ubuntu 8.04 on the amd64 server and its using OpenLDAP 2.4.9. Nearly everything else supplied by LDAP works: mount points, uid, homedir, etc. Running "dscl /LDAPv3/our.ldap.server -read /Users/user1" shows the user attributes as well as "Password: ********" (literally). A 10.5 client shows "PasswordPlus" instead of "Password". The 10.5 client also lists more dsAttrTypeNative attributes. I tried to authenticate with dscl but it returns "Data source (/LDAPv3/our.ldap.server) is not valid."

Oct 13, 2011 4:29 PM in response to Ryan Lovett

We followed up with Apple and they didn't have our previous case on file. We stepped through the problem with another Apple engineer and he was at a loss so it was escalated to the next level. At that point, the new engineer said that since we didn't have any of the $5k, $10k, or $15k annual service offerings, it would cost $695 for Apple to look at the problem. There would be no guarantee that they would fix it though. He wasn't able to say whether Apple was already working on this or not.

Oct 23, 2011 4:39 AM in response to Ryan Lovett

Hello,


same problem here. We are using an OpenLDAP server to authenticate our users to different desktop machines (Windows, Linux & for some months i introduced some Mac). Using SL everything worked just perfect. Now, I upgraded to 10.7 and the login of the LDAP users does not work anymore. For us, no ldap working for auth means no use. I wanted to buy more Mac, i will wait. BTW, why upgrading, for xcode new version, macs are used for developpment.

Nov 1, 2011 6:34 AM in response to JKasten83

Since 10.7.2 logins have not worked for us. Until I found this workaround:

http://itsabicycle.com/2011/10/14/ldap-authentication-simple-binds-os-x-lion-107 2/


With this workaround Lion clients are again able to authenticate from our Linux LDAP servers. This is kind of dirty and clearly shows that there still are bugs in the Lion authenticating system, but this is better than nothing.


Minor issues:

- Passwords can't be changed from GUI

- Network logins cannot be restricted to certain groups or users (SSH can be, luckily)

Nov 17, 2011 1:01 PM in response to JKasten83

I am having a similar issue.. We are trying to get Lion Server to authenticate to an Active Directory server, but we can't use the Active Directory plugin, because the computer is going to sit in our DMZ. We are trying to have Lion Server look at our AD servers using the LDAPv3 plugin, but I don't know what mappings and attributes to use to have it authenticate. We started playing around with it, and we can see users in AD, but we can't import them into Lion Server or login to the Lion server. It just acts like it can't find the user accounts. We did a packet capture, and we can see that it is querying the AD server and its returning results, but the Lion Server app is not displaying them.

Lion LDAP Authentication Problem

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.