Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Enable a pre-installed LDAP interface to NetInfo' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Enable a pre-installed LDAP interface to NetInfo
Authored by: jurg on Jun 14, '03 04:54:44PM

I had some problems trying to use this hint.

The first was that the startupfile /System/Library/StartupItems/LDAP/LDAP had to include the full path to slapd instead of just executing slapd, i.e. /usr/libexec/slapd

The second was that it just didn't work on my jaguar client machine, i.e. slapd started, but gave null response to every ldap request.

I found out that if by default the netinfo db under '/' has a property 'trusted_networks' that has no value. This means only requests from the machine itself will be answered. I inserted a value '10.0.1', being the subnet my machine is on and now the ldap server would answer all requests from within this subnet (only 255.255.255.0 is supported I guess, somewhat primitive).

The last problem was that it now gave null response not only to requests from the machine itself, but alll machines in the subnet. The solution to this problem was to go to the directory /machines/localhost in netinfo (using netinfo manager) and add a property called 'suffix' with an empty value (meaning the ldap basedn for the host localhost is ""). You should search with that basedn when using an ldap client. If you use basedn: cn=users you restrict yourself to the /users directory in netinfo.

Knowing not a thing about netinfo it took me a couple of hours web surfing to find out I had to do this. I think on Jaguar server this hint works sort of 'out of thee box', but on the client I had to add these things.

I also added a directory /people in netinfo under which I now store my contacts. The file /private/etc/openldap/schema/netinfo.schema indicates that for info stored in /users there is special mapping between some netinfo properties and ldap attribute names. However, under /people you can use attribute names as in the inetorgperson objectclass (as in /private/etc/openldap/schema/inetorgperson.schema).



[ Reply to This | # ]