I've been using 389-ds for about 6 months and have successfully
configured various linux systems as LDAP clients (CentOS, Ubuntu,
I'm now trying to connect a Mac system (OS X 10.10) into the LDAP
server and I'm getting a strange error.
From Users & Groups, when I "Join" a "Network Account Server"
and enter the FQDN of my 389-ds server, I'm given the message:
"This server does not provide a
secure (SSL) connection. Do you want to continue?"
I've selected "yes" and moved forward with LDAPv3 with LDAP Mappings
set to RFC2307.
Using the mac dscl command, I can query users from the command line
dscl /LDAPv3/FQDN_of_server -read
In the 389 Management Console, under "Encryption", I have "Enable
SSL for this server" and set "Allow client authentication".
The postfix groups I created resolve properly, and changing a test
file to a specific uid / gid will resolve properly to the
a user in the 389-ds database.
However, when a user tries to change their password, it fails with a
generic "general failure" message. The access log
on the 389-ds ldap server shows the following for the connection:
CONNECT fd=113 slot=113 connection from xxx.xx.xx.218 to xxx.xx.xx.4
EXT oid='184.108.40.206.4.1.l466.20037" name = "startTLS"
RESULT err=0 tag=120 nentries=0 etime=0
DISCONNECT fd=113 closed - Encountered end of file
I believe the inability to change a user's password is link to the
fact that the mac isn't speaking to the LDAP server using SSL,
but I'm not sure what I'm missing in the server configuration to
allow the Mac to connect via SSL.
Any hints would be appreciated.