#StackBounty: #ubuntu #mac-osx #openldap macOS Big Sur Directory Utility not able to connect to LDAP Server

Bounty: 50

I am trying to get Mac OS X to authenticate with LDAP. I set up a Ubuntu 20.04 server with Open LDAP (slapd). I did an elaborate setup with TLS, SSL, No anonymous auth, etc.

I was able to use this server to log in to Linux clients. Also, I was able to connect, browse and Modify directory entries from Apache Directory Studio.

But when I tried to connect to this LDAP server with macOS Big Sur Directory Utility, it was not able to bind to the directory server. In the connection dialog, when I click on the "Bind…" button I got the error: "Directory binding is not supported". After trying many possible combinations, it would still not work. Also tried to search a lot on the internet but couldn’t get any lead.

In the end, I set up a fresh Open LDAP server and tried to add that server to Directory Utility before making any config changes. It was able to connect to the server when Anonymus bind is allowed in the directory server.

Then I disabled the Anonymus bind with the following LDIF:

dn: cn=config
changetype: modify
add: olcDisallows
olcDisallows: bind_anon

dn: cn=config
changetype: modify
add: olcRequires
olcRequires: authc

dn: olcDatabase={-1}frontend,cn=config
changetype: modify
add: olcRequires
olcRequires: authc
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f ~/ldap_disable_bind_anon.ldif

After disabling the Anonymus bind on the server, Directory Utility stopped working again. I tried giving the authentication parameters in the Security tab, but it still doesn’t work. Just to note, I am able to bind to the directory server using the same credentials using Apache Directory Studio. So I am sure those are correct.

Does any of you have any idea why macOS Directory Utility is not able to connect to the server when the Anonymus bind is disabled?


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.