Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Kenwrick Chan
Kenwrick Chan Author
User level: Level 1
10 points

Authenticating a workstation via central ldap

Folks,
We have a ldap server which serves as a central authentication system for our enterprise. When user accounts are created they get added automatically to this central authentication system. Is it possible to have OS X workstations use this central ldap authentication system to allow access to a workstation (assuming that the user doesn't have an account on that workstation, but just in the core enterprise ldap)?


Is the approach to solve this have a OS X server using that core ldap as it's authentication source? Then in turn workstations would point to this OS X server for authentication?


Thanks,

Ken

Posted on Aug 3, 2015 11:05 AM

Reply
Question marked as Best reply
User profile for user: Grant Bennet-Alder
Grant Bennet-Alder
User level: Level 10
127,141 points

Posted on Aug 3, 2015 7:10 PM

yes, that stuff is already present in Mac OS X in the WorkStations. It also supports having the account records on an Active Directory Server if you like that better.


You make the connection from the WorkStation to the Server with this:


OS X Yosemite: Join your Mac to a network account server


Whether you can support Mac OS X Workstations with exactly what you have now is something I don't know, but others may know what the minimum requirements are.

View in context
2 replies
Question marked as Best reply
User profile for user: Grant Bennet-Alder
Grant Bennet-Alder
User level: Level 10
127,141 points

Aug 3, 2015 7:10 PM in response to Kenwrick Chan

yes, that stuff is already present in Mac OS X in the WorkStations. It also supports having the account records on an Active Directory Server if you like that better.


You make the connection from the WorkStation to the Server with this:


OS X Yosemite: Join your Mac to a network account server


Whether you can support Mac OS X Workstations with exactly what you have now is something I don't know, but others may know what the minimum requirements are.

Reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,685 points

Aug 5, 2015 3:57 AM in response to Kenwrick Chan

You don't specify which enterprise LDAP system you are using. However in general the answer is yes.


This is the way Apple's own Open Directory works - which is based on LDAP, and so does Active Directory from Microsoft which is again based on LDAP but far more mutated. You would have the client Macs normally 'bound' i.e. pointing to the directory system.


Doing this with Apple's own Open Directory as the central system is fully supported of course as is using Microsoft's Active Directory. Not officially supported but I have seen done successfully is using OpenLDAP on a Linux server. I believe some people may have successfully used Novell's eDirectory, see https://www.novell.com/coolsolutions/tip/15098.html and https://www.novell.com/coolsolutions/assets/eDirectoryandOSX.pdf


In theory most LDAP systems could be used but you may find some functions do not work or you may find you need to modify the LDAP schema to cope. Depending on the system this may or may not be feasible.

Reply

Authenticating a workstation via central ldap

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up