Lion LDAP Authentication Problem

Are you using EBS 2008 as your directory server for LDAP?

You are aware that MSFT does not support that anymore and expects all users fo EBS2008 to upgrade to standalone servers.

Sonny, great links. 🙂

We are seeing the same problem as original post. The client is trying to use the LDAP server as a Password Server even though it is not an Open Directory environment or configuration. Workgroup Manager recognizes that the user *should* authenticate via crypt passwords. A packet dump of uncrypted LDAP doesn't show the password being transmitted to the LDAP server.

Please confirm the following:

OS version and type of the server which is hosting the LDAP Server.

Version of LDAP running? (LDAPv3, Ldap v*, etc.)

Thanks.

We're running Ubuntu 8.04 on the amd64 server and its using OpenLDAP 2.4.9. Nearly everything else supplied by LDAP works: mount points, uid, homedir, etc. Running "dscl /LDAPv3/our.ldap.server -read /Users/user1" shows the user attributes as well as "Password: ********" (literally). A 10.5 client shows "PasswordPlus" instead of "Password". The 10.5 client also lists more dsAttrTypeNative attributes. I tried to authenticate with dscl but it returns "Data source (/LDAPv3/our.ldap.server) is not valid."

I have the same exact issue. I'm currently in line at an apple store. I will post my results later. hopefully they will be positive.

Funny how any password used to work and now none do :-(

Unfortunately no solution yet. We have a case open with Apple and they said the problem would be fixed with the next OS update. 10.7.2 came out and it didn't solve the problem. Client machines are ignoring password authentication and are trying to use SASL instead.

So they weren't able to tell me why the problem occurred, but I was able to log in again by removing my LDAP server setting. I was able to do this as a root user. I will try to readd my server when I get home tonight and see if it works again.

We followed up with Apple and they didn't have our previous case on file. We stepped through the problem with another Apple engineer and he was at a loss so it was escalated to the next level. At that point, the new engineer said that since we didn't have any of the $5k, $10k, or $15k annual service offerings, it would cost $695 for Apple to look at the problem. There would be no guarantee that they would fix it though. He wasn't able to say whether Apple was already working on this or not.

What server is LION connecting to? What server is hosting your LDAP? Please provide versions, it helps.

Are you a complete MAC house with Mac Lion Clients connecting to Mac Lion Servers? Is the OS a LINUX flavor? Which one?

Thanks

Our Lion client is connecting to a Linux LDAP server running OpenLDAP. We've tried connecting to both Ubuntu 8.04 (slapd 2.4.9) and 10.04 (slapd 2.4.21).

Hello,

same problem here. We are using an OpenLDAP server to authenticate our users to different desktop machines (Windows, Linux & for some months i introduced some Mac). Using SL everything worked just perfect. Now, I upgraded to 10.7 and the login of the LDAP users does not work anymore. For us, no ldap working for auth means no use. I wanted to buy more Mac, i will wait. BTW, why upgrading, for xcode new version, macs are used for developpment.

Since 10.7.2 logins have not worked for us. Until I found this workaround:

http://itsabicycle.com/2011/10/14/ldap-authentication-simple-binds-os-x-lion-107 2/

With this workaround Lion clients are again able to authenticate from our Linux LDAP servers. This is kind of dirty and clearly shows that there still are bugs in the Lion authenticating system, but this is better than nothing.

Minor issues:

- Passwords can't be changed from GUI

- Network logins cannot be restricted to certain groups or users (SSH can be, luckily)

I am having a similar issue.. We are trying to get Lion Server to authenticate to an Active Directory server, but we can't use the Active Directory plugin, because the computer is going to sit in our DMZ. We are trying to have Lion Server look at our AD servers using the LDAPv3 plugin, but I don't know what mappings and attributes to use to have it authenticate. We started playing around with it, and we can see users in AD, but we can't import them into Lion Server or login to the Lion server. It just acts like it can't find the user accounts. We did a packet capture, and we can see that it is querying the AD server and its returning results, but the Lion Server app is not displaying them.