Enable a pre-installed LDAP interface to NetInfo

Sep 02, '02 10:59:36AM

Contributed by: sharumpe

OK, I'm perhaps too excited about this, but I've just discovered that what appears to be Apple's OpenDirectory (sans GUI, of course) exists in the non-Server version. While poking around, I came across /etc/openldap, which has configs and schema files for, among other things, NetInfo!

WARNING: if you don't have the firewall turned on, others could connect to your LDAP server and view your NetInfo information.

With two simple tweaks, I had LDAP running, and access to it with an LDAP browser:

  1. Modify /etc/openldap/slapd.conf; on line 19, you'll see the line:
     /var/db/netinfo/network.nidb
    change it to:
     /var/db/netinfo/local.nidb
  2. Modify /etc/hostconfig by adding the line:
     LDAPSERVER=-YES-
Now run:
 % sudo /System/Library/StartupItems/LDAP/LDAP start
It will start the LDAP server, and you can access it, with a blank base DN and anonymous bind (ie. no User DN/password) This is a flaw, IMO, but if you have the firewall turned on, you're good. I'm looking into how to require authentication, and hopefully will be able to enable SSL, as well. If you're looking for a decent Java-based LDAP browser, check out this one, from Jarek Gawor.

I'm really jazzed about this, because finally I have an easy way to authenticate Tomcat app users against my local user database!

[Editor's note: As this is well beyond what I do with my machine, I'm not 100% certain as to how this hint compares to this one, although they clearly have some similarities. So I thought I'd err on the side of 'too much information' and publish this one as well, just in case.]

Comments (14)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20020902075936558