Previous 1 2 3 Next 35 Replies Latest reply: Apr 19, 2012 11:58 PM by lfar Go to original post
  • sonnyleung1 Level 1 Level 1 (0 points)

    OpenLDAP website (—learn about the open source software that

    Open Directory uses to provide LDAP directory service.


    RFC3377, “Lightweight Directory Access Protocol (v3): Technical Specification”

    (—lists a set of eight other Request for Comment

    (RFC) documents with overview information and detailed specifications for the

    LDAPv3 protocol.

  • drStrangeP0rk Level 1 Level 1 (0 points)

    Are you using EBS 2008 as your directory server for LDAP?


    You are aware that MSFT does not support that anymore and expects all users fo EBS2008 to upgrade to standalone servers.

  • drStrangeP0rk Level 1 Level 1 (0 points)

    Sonny, great links.

  • Ryan Lovett Level 1 Level 1 (10 points)

    We are seeing the same problem as original post. The client is trying to use the LDAP server as a Password Server even though it is not an Open Directory environment or configuration. Workgroup Manager recognizes that the user *should* authenticate via crypt passwords. A packet dump of uncrypted LDAP doesn't show the password being transmitted to the LDAP server.

  • drStrangeP0rk Level 1 Level 1 (0 points)

    Please confirm the following:

    OS version and type of the server which is hosting the LDAP Server.

    Version of LDAP running? (LDAPv3, Ldap v*, etc.)



  • Ryan Lovett Level 1 Level 1 (10 points)

    We're running Ubuntu 8.04 on the amd64 server and its using OpenLDAP 2.4.9. Nearly everything else supplied by LDAP works: mount points, uid, homedir, etc. Running "dscl /LDAPv3/our.ldap.server -read /Users/user1" shows the user attributes as well as "Password: ********" (literally). A 10.5 client shows "PasswordPlus" instead of "Password". The 10.5 client also lists more dsAttrTypeNative attributes. I tried to authenticate with dscl but it returns "Data source (/LDAPv3/our.ldap.server) is not valid."

  • JKasten83 Level 1 Level 1 (0 points)

    I installed OSX 10.7.2. The behavior is still the same: No LDAP user can login. Everytime, I get "su: Sorry.".


    Does anyone have a solution?

  • joshhanson314 Level 1 Level 1 (0 points)

    I have the same exact issue. I'm currently in line at an apple store. I will post my results later. hopefully they will be positive.


    Funny how any password used to work and now none do :-(

  • Ryan Lovett Level 1 Level 1 (10 points)

    Unfortunately no solution yet. We have a case open with Apple and they said the problem would be fixed with the next OS update. 10.7.2 came out and it didn't solve the problem. Client machines are ignoring password authentication and are trying to use SASL instead.

  • joshhanson314 Level 1 Level 1 (0 points)

    So they weren't able to tell me why the problem occurred, but I was able to log in again by removing my LDAP server setting. I was able to do this as a root user. I will try to readd my server when I get home tonight and see if it works again.

  • Ryan Lovett Level 1 Level 1 (10 points)

    We followed up with Apple and they didn't have our previous case on file. We stepped through the problem with another Apple engineer and he was at a loss so it was escalated to the next level. At that point, the new engineer said that since we didn't have any of the $5k, $10k, or $15k annual service offerings, it would cost $695 for Apple to look at the problem. There would be no guarantee that they would fix it though. He wasn't able to say whether Apple was already working on this or not.

  • drStrangeP0rk Level 1 Level 1 (0 points)

    What server is LION connecting to? What server is hosting your LDAP? Please provide versions, it helps.



    Are you a complete MAC house with Mac Lion Clients connecting to Mac Lion Servers? Is the OS a LINUX flavor? Which one?



  • Ryan Lovett Level 1 Level 1 (10 points)

    Our Lion client is connecting to a Linux LDAP server running OpenLDAP. We've tried connecting to both Ubuntu 8.04 (slapd 2.4.9) and 10.04 (slapd 2.4.21).

  • traj Level 1 Level 1 (0 points)



    same problem here. We are using an OpenLDAP server to authenticate our users to different desktop machines (Windows, Linux & for some months i introduced some Mac). Using SL everything worked just perfect. Now, I upgraded to 10.7 and the login of the LDAP users does not work anymore. For us, no ldap working for auth means no use. I wanted to buy more Mac, i will wait. BTW, why upgrading, for xcode new version, macs are used for developpment.

  • samvais Level 1 Level 1 (0 points)

    Since 10.7.2 logins have not worked for us. Until I found this workaround: 2/


    With this workaround Lion clients are again able to authenticate from our Linux LDAP servers. This is kind of dirty and clearly shows that there still are bugs in the Lion authenticating system, but this is better than nothing.


    Minor issues:

    - Passwords can't be changed from GUI

    - Network logins cannot be restricted to certain groups or users (SSH can be, luckily)