ldap users cannot log in
-
22-04-2021 - |
Question
I have created an ldap server (hosted externally with a domain name) on a ubuntu 18.04 machine with openLDAP. I configured linux machines to allow my users to connect using ldap and it works as expected (the user can log-in on the machine, and it creates a new home directory).
However on mac, I can list my users in the Directory Utility :
And I can get my user information (with his group declared in ldap)
bash$ id -p hlarget
uid hlarget
groups sysadmin everyone netaccounts com.apple.sharepoint.group.1
But when I try to login as the admin user to edit my directory, I have a 2100 error. And when I try to log using ssh hlarget@localhost
, or even in session manager, I cannot :
failed CRAM-MD5 authentication for authzid - 'dn:cn=hlarget+o=example+ou=users,ou=users,dc=example,dc=com' authcid - 'hlarget' error 49
I'm pretty sure it's an encryption error (I use ssha
encryption for my UserPassword). How can i figure out what the problem is? And how to fix it?
Solution
I solved my problem using this script
for m in CRAM-MD5 DIGEST-MD5 LOGIN NTLM PLAIN; do
/usr/libexec/PlistBuddy -c "add ':module options:ldap:Denied SASL Methods:' string $m" /Library/Preferences/OpenDirectory/Configurations/LDAPv3/ldap.foo.fr.plist
done
I'm pretty sure it's not the best answer but still, it do the trick and now I can log in.