Configuring Access to an LDAP Directory


You can use Directory Access to create a configuration that specifies how Mac OS X accesses a particular LDAPv3 or LDAPv2 directory.

  1. In Directory Access, click Services.
  2. If the lock icon is locked, click it and type the name and password of an administrator.
  3. Select LDAPv3 in the list of services, then click Configure.
  4. If the list of LDAP directory configurations is hidden, click Show Options.
  5. Click New and enter a name for the configuration.
  6. Press Tab and enter the DNS name or IP address of the server that hosts the LDAP directory you want to access.
  7. Click the pop-up menu next to the DNS name or IP address and choose a mapping template or choose From Server.
  8. Enter the search base suffix for the LDAP directory and click OK.

    If you chose a template in step 7, you must enter a search base suffix, or the computer will not be able to find information in the LDAP directory. Typically, the search base suffix is derived from the server's DNS name. For example, the search base suffix could be "dc=example, dc=com" for a server whose DNS name is server.example.com.

    If you chose From Server in step 7, you don't need to enter a search base. In this case, Open Directory assumes the search base is the first level of the LDAP directory.

  9. Select the SSL checkbox if you want Open Directory to use Secure Sockets Layer (SSL) for connections with the LDAP directory.

If you want the computer to access the LDAP directory for which you just created a configuration, you must add the directory to a custom search policy in the Authentication or Contacts pane of Directory Access. You must also make sure LDAPv3 is enabled in the Services pane. Other help topics have instructions for these tasks.

Note: Before you can use Workgroup Manager to create users on a non-Apple LDAP server that uses RFC 2307 (UNIX) mappings, you must edit the mapping of the Users record type. Another help topic has instructions for doing this.