Today I’m hacking together some things I’ve learned during administrating a bunch of Macs that had to use a centralized OpenLDAP-cluster as “OpenDirectory”-backend.
To get authentication as well as authorization to work we had to tweak the mapping of Apples DirectoryService-fields to the LDAP-Attributes of our OPenLDAP.
Luckily it’s not rocket science as Apples own OpenDirectory is based on OpenLDAP as well, so there are some parallels.
NOTE: ALL the things described here apply to MacOS 10.8 clients and an OpenLDAP-backend. They worked out for our settings. If you change any of your settings you are doing so on your own risk!