Im trying to connect my mac mini to Active Directory via ldap..
But im just getting the error: Connection failed to node '/LDAPv3/10.x.x.x' (2100)...
And in the LDAP logs: Module ldap - failed to retrieve LDAP server schema - LDAP error....
I used LDAPExplorer Tool and successfully connected to the AD server.... any ideas?
Mac mini, OS X Yosemite (10.10.5)
When you say via LDAP, do you mean using the LDAP plugin in Directory Utility or are you using the Active Directory plugin? You should be using the AD plugin. DNS is critical to success. Your AD server must be configured with the proper SRV records and your Mac should be using the DNS from the AD box as primary DNS. Next to DNS is time. The Mac and the AD box must be within a narrow delta of time variance.
Try this. Open System Preferences. Select Users & Groups. Click on Login Options. Unlock the pref panel. Press the Join button next to Network Account Server. Press the Open Directory Utility button. Unlock that tool. Select Active Directory and try binding from there. Once again, DNS and time must be in line.
Reid
Apple Consultants Network
"El Capitan Server – Foundation Services"
"El Capitan Server – Control & Collaboration"
"El Capitan Server – Advanced Services"
Im using the LDAP plugin in the Directory Utility..
The MAC is using the AD server as primary DNS-server...
I can with out any problem bind the MAC to Active Directory with the Active Directory plugin, but i don't wan't to use it since it does not have a search base..
Our Active Directory is quite large, with 15k+ users and a 1000+ groups, and i only need a specific Organization Unit, so therefor i want to use the LDAP plugin...
Are you organized into logical domains? If so, you can restrict auth to specific domains. Open Directory Utility, edit the active directory config and select the Administrative tab. Uncheck Allow authentication from any domain in the forest. Then choose the Search Policy tab. On the Authentication tab, choose custom path and then press the + button. If you are using logical domains within your forest, you should be able to see each of them here. Select the one(s) that contain your users. This will limit auth to a specific container of your domain.
Reid
Apple Consultants Network
"El Capitan Server – Foundation Services"
"El Capitan Server – Control & Collaboration"
"El Capitan Server – Advanced Services"
No, only one domain in the forest, and a lot of OUs.
After a lot of testing i succeeded to connect to the domain with LDAP plugin.
But when im trying to browse it im getting a username and password request, and im only getting invalid password error...
If i entering an username that does not exist im getting an error that this user does not exist..
Active directory ldapv3 not working
