Currently Being ModeratedAug 29, 2011 11:46 PM (in response to JKasten83)
OpenLDAP website (www.openldap.org)—learn about the open source software that
Open Directory uses to provide LDAP directory service.
RFC3377, “Lightweight Directory Access Protocol (v3): Technical Specification”
(www.rfc-editor.org/rfc/rfc3377.txt)—lists a set of eight other Request for Comment
(RFC) documents with overview information and detailed specifications for the
Currently Being ModeratedSep 7, 2011 9:39 PM (in response to JKasten83)
We are seeing the same problem as original post. The client is trying to use the LDAP server as a Password Server even though it is not an Open Directory environment or configuration. Workgroup Manager recognizes that the user *should* authenticate via crypt passwords. A packet dump of uncrypted LDAP doesn't show the password being transmitted to the LDAP server.
Currently Being ModeratedSep 9, 2011 10:54 AM (in response to drStrangeP0rk)
We're running Ubuntu 8.04 on the amd64 server and its using OpenLDAP 2.4.9. Nearly everything else supplied by LDAP works: mount points, uid, homedir, etc. Running "dscl /LDAPv3/our.ldap.server -read /Users/user1" shows the user attributes as well as "Password: ********" (literally). A 10.5 client shows "PasswordPlus" instead of "Password". The 10.5 client also lists more dsAttrTypeNative attributes. I tried to authenticate with dscl but it returns "Data source (/LDAPv3/our.ldap.server) is not valid."
Currently Being ModeratedOct 13, 2011 7:36 AM (in response to JKasten83)
I have the same exact issue. I'm currently in line at an apple store. I will post my results later. hopefully they will be positive.
Funny how any password used to work and now none do :-(
Currently Being ModeratedOct 13, 2011 9:43 AM (in response to JKasten83)
Unfortunately no solution yet. We have a case open with Apple and they said the problem would be fixed with the next OS update. 10.7.2 came out and it didn't solve the problem. Client machines are ignoring password authentication and are trying to use SASL instead.
Currently Being ModeratedOct 13, 2011 10:57 AM (in response to joshhanson314)
So they weren't able to tell me why the problem occurred, but I was able to log in again by removing my LDAP server setting. I was able to do this as a root user. I will try to readd my server when I get home tonight and see if it works again.
Currently Being ModeratedOct 13, 2011 4:29 PM (in response to Ryan Lovett)
We followed up with Apple and they didn't have our previous case on file. We stepped through the problem with another Apple engineer and he was at a loss so it was escalated to the next level. At that point, the new engineer said that since we didn't have any of the $5k, $10k, or $15k annual service offerings, it would cost $695 for Apple to look at the problem. There would be no guarantee that they would fix it though. He wasn't able to say whether Apple was already working on this or not.
Currently Being ModeratedOct 19, 2011 8:47 PM (in response to JKasten83)
What server is LION connecting to? What server is hosting your LDAP? Please provide versions, it helps.
Are you a complete MAC house with Mac Lion Clients connecting to Mac Lion Servers? Is the OS a LINUX flavor? Which one?
Currently Being ModeratedOct 23, 2011 4:39 AM (in response to Ryan Lovett)
same problem here. We are using an OpenLDAP server to authenticate our users to different desktop machines (Windows, Linux & for some months i introduced some Mac). Using SL everything worked just perfect. Now, I upgraded to 10.7 and the login of the LDAP users does not work anymore. For us, no ldap working for auth means no use. I wanted to buy more Mac, i will wait. BTW, why upgrading, for xcode new version, macs are used for developpment.
Currently Being ModeratedNov 1, 2011 6:34 AM (in response to JKasten83)
Since 10.7.2 logins have not worked for us. Until I found this workaround:
With this workaround Lion clients are again able to authenticate from our Linux LDAP servers. This is kind of dirty and clearly shows that there still are bugs in the Lion authenticating system, but this is better than nothing.
- Passwords can't be changed from GUI
- Network logins cannot be restricted to certain groups or users (SSH can be, luckily)