I've been using 389-ds for about 6 months and have successfully
configured various linux systems as LDAP clients (CentOS, Ubuntu,
I'm now trying to connect a Mac system (OS X 10.10) into the LDAP server
and I'm getting a strange error.
From Users & Groups, when I "Join" a "Network Account Server" and
the FQDN of my 389-ds server, I'm given the message:
"This server does not provide a secure (SSL) connection. Do you want
I've selected "yes" and moved forward with LDAPv3 with LDAP Mappings set
Using the mac dscl command, I can query users from the command line using:
dscl /LDAPv3/FQDN_of_server -read Users/testuser
In the 389 Management Console, under "Encryption", I have "Enable SSL
for this server" and set "Allow client authentication".
The postfix groups I created resolve properly, and changing a test file
to a specific uid / gid will resolve properly to the name/group of
a user in the 389-ds database.
However, when a user tries to change their password, it fails with a
generic "general failure" message. The access log
on the 389-ds ldap server shows the following for the connection:
CONNECT fd=113 slot=113 connection from xxx.xx.xx.218 to xxx.xx.xx.4
EXT oid='18.104.22.168.4.1.l466.20037" name = "startTLS"
RESULT err=0 tag=120 nentries=0 etime=0
DISCONNECT fd=113 closed - Encountered end of file
I believe the inability to change a user's password is link to the fact
that the mac isn't speaking to the LDAP server using SSL,
but I'm not sure what I'm missing in the server configuration to allow
the Mac to connect via SSL.
Any hints would be appreciated.