Mac Authentication to eDirectory
Novell Cool Solutions: Tip
By Andy Knoke
Digg This -
Posted: 8 Jun 2005
A reader asked:
I need to understand what to do at the Mac end, to configure authentication to eDirectory. At this point, I can't even get the DSCL utility to connect to my LDAP server.
Here are some of my notes for a solution that has worked for us. I hope this helps.
As you set up the Macintosh workstation and user to authenticate via eDirectory, substitute your IP address and servername where appropriate.
The first step is to extend the schema for the user.
- In ConsoleOne, right-click on the user and select Extensions of this object | Add Extensions.
- Select apple-user and name it apple-user.
- Enter the user properties.
- Select Other | Add.
- Specify apple-user-homeDirectory /Network/Servers/ipaddress/Users/username
- Specify apple-user-homeurl <home_dir><url>afp://ipaddress/Users</url><path>username</path></home_dir>
Mac Workstation Setup
Note that you must have admin rights and must not have a local account with the same name.
- Click Applications | Utilities | Directory Access | LdapV3 | Configure | Show Options | New | Add.
- Specify the Configuration name as "eDirectory".
- Specify the Server name as "servername".
- For LDAP mappings, choose Custom.
- Select the default attribute type.
- Click Add | Select attribute.
- Choose the type as button.
- Select Add RecordName | Map to CN.
- Click Add.
- Click the Record Type button and Select Users.
- Highlight Users and click Add | Select Attribute Type button.
- Using the Apple Key, select the following and map them accordingly:
- HomeDirectory: apple-user-homeurl
- NFSHomeDirecrtory: apple-user-homeDirectory
- PrimaryGroupID: #20
- RealName: fullName
- RecordName: cn
- UniqueID: #550
Using the Apple Key, select the following and map them accordingly:
- RecordName: cn
- VFSLinkDir: #/Network/Servers
- VFSOpts: apple-mount-options
- VFSType: apple-mount-vfstype
For more information, look in the NFAP forum. There is a fair amount of discussion on this topic there. Here's the best place to get started:
I just set this up and found that I needed to do some reading between the lines - I have quite a bit of tweaking to do. Right now I am using a very simple setup with home directories being mounted via NFS. Other people are getting home directories mounted via AFP. Some are taking things a few steps further by applying login hooks to customize what parts of the home directory are local and what parts are on the server. (For example, some people redirect the movies folder inside the home folder locally.)
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com