LDAP authentication for MacOS clients and NFS mounts
A little exercise that might not apply to your problem
- Set TLS_REQCERT to never in /etc/openldap/ldap.conf (unless you know what you're doing - that seems to be the stopper for plaintext passwords)
- Go to Applications -> Utilities -> Directory Utility
- Toggle the lock at the bottom to "unlocked"
- Switch on Advanced mode
- Select Services-tab -> LDAPv3
- Click on pen-symbol at the bottom, then "Show options"
- Add entry for RFC 2307-style server
- Edit /etc/auto_home to contain only the line
* -resvport,bg nfsserver:/path/to/home/&
See 'man mount_nfs' for those two options.
'sudo automount -c' to make the automounter pick up the changed file
Things that should work now:
- id someNetworkUser should print UID/GID from LDAP
- ssh xxx@localhost should use network password and find home directory
- sudo su xxx should work
- dirt -u xxx
- ls /home