Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: CryptoHerb
CryptoHerb Author
User level: Level 1
9 points

app contacts does not provide password to LDAP server

Hello,


I am using a new Macbook Pro (15-inch, 2017) with macOS Sierra 10.12.6


I set up an LDAP account in the system preferences for using in contacts.

I did the same on my iPhone and iPad where searches work very well.


But on the Mac I do not get it managed.


I tried it by using ldapsearch and it works:

Herberts-MBP:Contents herbertgruben$ ldapsearch -H ldaps://fam-gruben-01 -LLL -b "dc=familie-gruben,dc=de" -D "uid=Herbert Gruben,ou=Benutzer,dc=familie-gruben,dc=de" -W "(&(|(givenName=pin49*)(sn=pin49*)(mail=pin49*)(cn=pin49*)))"

Enter LDAP Password:

dn: cn=pin49,ou=Anmeldungsbuch,dc=familie-gruben,dc=de

cn: pin49

objectClass: inetOrgPerson

sn: xxxx

street: xxxx

The log of the LDAP Server:

5999ca4b conn=1058 fd=4 ACCEPT from IP=192.168.100.233:56859 (IP=0.0.0.0:636)

5999ca4b conn=1058 fd=4 TLS established tls_ssf=256 ssf=256

5999ca4b conn=1058 op=0 BIND dn="uid=Herbert Gruben,ou=Benutzer,dc=familie-gruben,dc=de" method=128

5999ca4b conn=1058 op=0 BIND dn="uid=Herbert Gruben,ou=Benutzer,dc=familie-gruben,dc=de" mech=SIMPLE ssf=0

5999ca4b conn=1058 op=0 RESULT tag=97 err=0 text=

5999ca4b conn=1058 op=1 SRCH base="dc=familie-gruben,dc=de" scope=2 deref=0 filter="(&(|(givenName=pin49*)(sn=pin49*)(mail=pin49*)(cn=pin49*)))"

5999ca4b <= bdb_equality_candidates: (objectClass) not indexed

5999ca4b <= bdb_substring_candidates: (givenName) not indexed

5999ca4b <= bdb_substring_candidates: (mail) not indexed

5999ca4b <= bdb_substring_candidates: (cn) not indexed

5999ca4b conn=1058 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=

5999ca4b conn=1058 op=2 UNBIND

5999ca4b conn=1058 fd=4 closed


Doing the same but without enter a password (just return) the server log looks like this:

5999cd16 conn=1059 fd=4 ACCEPT from IP=192.168.100.233:56869 (IP=0.0.0.0:636)

5999cd16 conn=1059 fd=4 TLS established tls_ssf=256 ssf=256

5999cd16 conn=1059 op=0 BIND dn="uid=Herbert Gruben,ou=Benutzer,dc=familie-gruben,dc=de" method=128

5999cd16 conn=1059 op=0 RESULT tag=97 err=53 text=unauthenticated bind (DN with no password) disallowed

5999cd16 conn=1059 op=1 UNBIND

5999cd16 conn=1059 fd=4 closed


and if I try a search in contacts towards the LDAP:

5999cd40 conn=1060 fd=4 ACCEPT from IP=192.168.100.233:56870 (IP=0.0.0.0:636)

5999cd40 conn=1060 fd=4 TLS established tls_ssf=256 ssf=256

5999cd40 conn=1060 op=0 BIND dn="uid=Herbert Gruben,ou=Benutzer,dc=familie-gruben,dc=de" method=128

5999cd40 conn=1060 op=0 RESULT tag=97 err=53 text=unauthenticated bind (DN with no password) disallowed

5999cd40 conn=1060 op=1 UNBIND

5999cd40 conn=1060 fd=4 closed


It is the exact outcome. Does the contacts app not send the password ?

Any help appreciated, thanks!

MacBook Pro, macOS Sierra (10.12.6), 15-inch, 2017

Posted on Aug 20, 2017 11:28 AM

Reply
5 replies
User profile for user: CryptoHerb
CryptoHerb Author
User level: Level 1
9 points

Sep 11, 2017 2:44 PM in response to John Lockwood

Dear John,


in contacts (Version 10.0 (1756.20)) there is a possibility to enter a password under contacts -> preferences:

Passwort = German(Password)

User uploaded file

but as you already mentioned, it seems that this is not used or there is a problem or conflict with the key storage system. Who knows... may be Apple :-).

I think I have to wait for the next version, may be it will work then. I found a way to fetch the LDAP data (see also my other answer)

Thanks for your reply.

Best Regards

Herb

Reply
User profile for user: Leanne_68
Leanne_68
User level: Community Specialist

Aug 21, 2017 10:23 AM in response to CryptoHerb

Hello CryptoHerb,


Thanks for reaching out to the Apple Support Community. I understand you’re experiencing some trouble with passwords on your LDAP account contacts, and I have some information that may help.

Have a look at the article below for some helpful information on making sure the server is properly setup by the administrator.

macOS and Active Directory - macOS Deployment Reference



If you run into any trouble, please reach out again.
​Best Regards.
Reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,685 points

Aug 23, 2017 7:59 AM in response to CryptoHerb

I have not looked at this issue recently but I did find some version of OS X ago that trying to define an LDAP account in Contacts which needed a password was not possible as there was no longer the option to define the password. (It used to be possible even longer ago.) There is an option for 'simple' authentication as opposed to 'none' but idiotically no box then appears to let you type in the password!


Note to others - LDAP in this context is not the same thing as Active Directory or Open Directory although both are based partially on using LDAP. You can for example use plain vanilla LDAP to access Open Directory or Open LDAP or Novell eDirectory and so on.


As it seems this is still therefore what I would consider a bug, I suggest you register for the public beta of High Sierra here Apple Beta Software Program then install it on a separate test drive, then try adding the LDAP account in contacts and see if it allows entering a password.


If it does not then you can via the beta program report it to Apple as a bug and they might fix it before High Sierra is released. (I did report this as a bug several years ago for an older version of OS X.)

Reply
User profile for user: CryptoHerb
CryptoHerb Author
User level: Level 1
9 points

Sep 11, 2017 2:16 PM in response to Leanne_68

Dear Starr.C,

thank you for your reply! I checked your links.

The LDAP server are working very well with windows (8.1 + 10) , iPhone, iPad and Linux and different software tools. Only contact on Mac OS X (10.12.6 (16G29)) I have the problem.

The servers are strictly set up according the outlines from the book OpenLDAP-2.4 by Oliver Liebel, John Martin Ungar. They also used as geo-redundant pairs using replicants.

I do not think there is a problem with the servers.

Meanwhile I tested the LDAP with the software "LDAP Admin Tool Professional" (6.10) on my Mac book and it works directly after setup fine (using TSL/SSL port 636, LDAP v3, simple authentication).

I think the problem lies somewhere in or around the contacts app (meaning may be there is a problem with the password and its administration in the key ring/panel, who knows... at least Apple). Anyhow thanks

Best Regards

Herb

Reply

app contacts does not provide password to LDAP server

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up