Topic: Mac OS X 10.5.3 -> Novell eDirectory

I'm trying to solve a problem at work. We're preparing to migrate to Leopard and currently have a few isolated systems. The department has it's own open directory (tiger) server and afp. This works fine (aside from ACL issues).

However, we are also required to allow students to login via a Novell eDir server which we do not control. The extras in the schema have not been loaded that many people suggest. Another individual previously determined a mapping in Directory Access for 10.4 clients to work.

Something like this:

Config name: novell

search and mappings:

Default Attribute Types
RecordName cn

Users ( search base ou=users,o=emu )
(before the drop down on the right)
posixAccount
inetOrgPerson
shadowAccount

(then on the drop down for attributes)
RecordName cn
RealName cn
UniqueId #5001
PrimaryGroupId #5000
NfsHomeDirectory #/Users/student
Password userPassword
UserShell #/bin/bash
AuthenticationAuthority authAuthority

Then the student directory was used for anyone logging in and we have a separate scratch partition they can modify. A login hook handles setting up the directory and cleaning it up.

The problem is that this no longer works in leopard. Authentication fails. We can't see the logs on the novell end.  The login screen just hangs.

We also had problems with the dscl utility reading accounts until we changed the ldap.conf to never validate certs.

Re: Mac OS X 10.5.3 -> Novell eDirectory

I've learned that Leopard uses UUID instead of UID as they've gotten rid of netinfo.  Some people suggest the first part of UUID should contain the UID.

Re: Mac OS X 10.5.3 -> Novell eDirectory

laffer1 wrote:

I've learned that Leopard uses UUID instead of UID as they've gotten rid of netinfo.  Some people suggest the first part of UUID should contain the UID.

right? 

Last edited by exchanger (2012-04-02 01:46:11)