Terminal Command to set LDAP server

Hi Nick,
I'm out of my league here. Camelot is an authority over on the Mac OS X Server Discussions. However, it wasn't my impression that the software that configures open LDAP on Mac OS X Server is part of the client version of OS X. Everything you need for the server itself is there, namely openldap. However, I would think that you'd have to configure it "by hand". Apple's schema is included with the client so at least you don't have to worry about that. I think that all you'd have to do is to edit the /etc/openldap/slapd.conf. My "/etc/openldap/slapd.conf.default" file is titled: "slapd.conf file for NetInfo bridge". Who would have guessed that you could list "netinfo" as the ldap database. Of course I have no idea what that does. Maybe all you would have to do is to arrange for slapd to be launched at boot. It would certainly help if you don't have to populate the database by hand. I've done that and it ain't fun.
--
Gary
~~~~
<Overfiend> we're calling 2.2 POTATO??

Nick, I'm not sure what your original post was asking, but if you're just trying to figure out how to set up a LDAP server, you might want to search the forum and see if you can find a thread I started (and Gary contributed to) on LDAP several months ago.

The bottom line was that you can more or less follow the recipe in the first few chapters in O'Reilly's LDAP book (Amazon or Barnes & Noble will have it). It's not Mac-specific (so doesn't tell you about using NetInfo) -- but the book explains how to install Berkeley DB to set up the database. Pretty much any free articles I found about LDAP were of no help (and in fact served to confuse me rather badly -- that's not hard to do in general, however).

There are some utilities out there for exporting from Mac's address book for easy importing to LDAP. And there are also a few GUI apps for manually entering data. And there's phpLDAPadmin. You'll have to use google to track those down.

And the REAL bottom line was that LDAP disappointed me. I wanted a universally-accessible editable universal address book for myself (I use Outlook, Thunderbird, Mail.app, SquirrelMail, Address Book, etc etc) -- LDAP provides something kind of half-baked and uneditable from any of those programs, so it didn't serve my purposes. (Though yours may be different!)

(And I suppose I shouldn't blame LDAP alone. Those clients could include LDAP editing if the developers wanted it, I suppose. LDAP, however, is designed as a read-often write-infrequently system -- so maybe my expectations were ill placed to begin with.)

Hi LittleSaint, Camelot,
Yes, I knew that dscl is on the client versions of OS X and if you're masochistic, it's technically enough to populate the database. However, what I was talking about is the "magic" that takes place when you promote a server to be an OD master or replica. It's the initial configuration of OpenLDAP that didn't think that dscl could do. How is the daemon launched? Does it run continuously or is it invoked by launchd when a request is received via the network?
--
Gary
~~~~
Experience, n.:
Something you don't get until just after you need it.
-- Olivier

Hi andfarm,
The files in the directory that you posted configure the client side of LDAP. I'm not at all experience with the server version of OS X but I administer an OpenLDAP database and the file I have to configure to set up the server is the /etc/openldap/slapd.conf file. I assume that this gets configured "automatically" on the server. In other words, I would guess that changes are made to that file when the server is promoted to be an OD master or replica because a server that hasn't been promoted has the same slapd.conf file as the client.

The other issue of course is the invocation of the daemon. It should be possible for the slapd.conf file on a server to be shipped configured as a server. Promotion would then simply arrange for the "launch-at-boot" of the daemon. Of course I don't know that that's not what was done so it's possible that a client machine will function as an OD server if you simply start the daemon.

Camelot,
I have clients and a server at work. However, the server is new and hasn't been promoted yet. I think it's interesting that they all have the same slapd.conf file. Surely all of your servers haven't been promoted to be OD masters or replicas. Do the slapd.conf files differ between promoted and unpromoted machines?
--
Gary
~~~~
To be sure of hitting the target, shoot first and,
whatever you hit, call it the target.

dscl is the Directory Server Command Line utility. I don't have the specific set of commands you'll need, but the man page gives you a breakdown of the options. Hopefully that'll get you started.

Oh, good point, Gary. I didn't consider whether dscl was available on Client - All my systems (including the PowerBook I'm on now) run Server.

dscl is in the client as well. I use it all the time with Active Directory.

Could you not just configure it on one client find out which files are involved (.plist and or .conf file) and drop them in to all the others using ARD?

The LDAP server is set and configured in the .plist files located at /Library/Preferences/DirectoryService.

Right, that's just for the client side.