Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cannot access User information using Address Book via VPN or through named LDAP directory

Posted on 2008-10-16
1
Medium Priority
?
649 Views
Last Modified: 2013-12-24
I have an Open Directory Server set up at LDAPServer.company.private.   on a Mac OS X 10.5.3 Server.   I am using simple authentication because this directory is only accessbile locally (and to reduce the number of variables in the problem).

I can access User data via Address Book locally, on the server, via Group- Directories, Directories - Directory Services.

I cannot access User data via Address Book locally, on the server, via a named directory which I set up through Address Book - Preferences - LDAP to point to LDAPServer.company.private with seach base:  cn=users,dc=ldapserver,dc=company,dc=private

I can access User data via Address Book on the local subnet on my LAN from a Mac OS X 10.4 client workstation via Group-Directories Directories- Directory.

I cannot access User data via Address Book on the local subnet on my LAN from a Mac OS X 10.4 client workstation via a named directory which I set up through Address Book - Preferences - LDAP to point to LDAPServer.company.private with seach base:  cn=users,dc=ldapserver,dc=company,dc=private

I cannot access User data via Address Book over a PPTP VPN connection (the LDAP Server is also DNS and VPN server neither through Group-Directories Directories-Directory nor through a named directory which I set up through Address Book - Preferences - LDAP to point to LDAPServer.company.private with seach base:  cn=users,dc=ldapserver,dc=company,dc=private.

Over the VPN I can ping the LDAPServer.company.private server by name.  I do have GRE protocol, PPTP port 1723, LDAP port 389 and ALLOW rule 65534 on the firewall of the server, which is directly connected to the Internet.

I would appreciate guidance on why I cannot access User data via Address Book using a specified LDAP directory, even on the local server itself, even though the data resides in something called "Directory" whose configuration parameters are completely unknown.

It is maddening to attempt to search words like "Address Book", "LDAP",  and "Directory" as these are practically stopwords.

It seems like the search base must be the problem preventing local subnet access using a specified LDAP directory.  If I can get that working, I have have some hope of getting the VPN working.
0
Comment
Question by:boydo2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 

Accepted Solution

by:
boydo2 earned 0 total points
ID: 22742512
I have solved this problem and am posting the results to get them into the knowledge base.
In the Server Admin, enable the Open Directory service.
Click on the Open Directory service under the server name.
Click on the LDAP tab.
Note that the database setting should be:  dc=ldapserver,dc=company,dc=private
On the server, in the Utility - Directory Utility, enable the LDAPv3 service.
Select the LDAPv3 service
Click on the pencil icon to edit the LDAPv3 service.
Unlock the page.
Click on the Plus symbol.  Add type Open Directory.  Name ldapserver.company.private.
Click OK.
Click on the Services icon.
Click on the checkbox to enable the LDAPv3 service, if necessary.
Double-click on the LDAPv3 service entry to edit.
Click on New.
Enter Server Name:  ldapserver.company.private
Click on Continue. Then OK.
Select the server name and click Edit.
Click the Search and Mappings tab.
Under Record Types and Attributes, click on Users.
Note the searchbase:  cn=users,dc=ldapserver,dc=jenike,dc=private.
You may "Write to Server", if desired.  In which case you must enter the name of the Open Directory administration account (mistakenly labeled "Distinguished Name") and the password.  DO NOT change the searchbase shown here.  It is WRITING to cn=config and that is correct.  Click on OK to start the writing process.  This can take up to a minute.
Click on OK to exit Search & Mappings.  Click on OK to exit Directory Utility - LDAP configurations page.  You wil have to enter a password to complete the process.
Set up client Address Book:
Open the Address Book.
Click on "Address Book" in the menu bar.
Click on Preferences.
Click on the LDAP icon.
Click on the Plus sign to add an LDAP server.
Enter arbitrary Name:  "My LDAP server"
Enter the LDAP server's FQDN:  ldapserver.company.private
Enter the search base:  cn=users,dc=ldapserver,dc=company,dc=private
I use Auth Type:  Simple    
Enter required User name and Password.
Click on Save.
Close the Address Book Preferences window.
Under Group, select Directories.
Under Directories, select My LDAP Server.
NOTE WELL:  there is no immediate display.  This is not a browsing utility; it is a search utility.
Start typing a user name in the search box in the upper right.  Shortly after you have begun typing, the Name column will begin displaying user names beginning with those characters.
------------------------------------------
An Address Book with these settings also works transparently over PPTP VPN.
It is very handy to be able to enter basic information during new User entry in Workgroup Manager, especially additional fields in the Info tab and then be able to access it from client Address Books.
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Access is a place to store data within tables and represent this stored data using multiple database objects such as in form of macros, forms, reports, etc. After a MS Access database is created there is need to improve the performance and…
Backups and Disaster RecoveryIn this post, we’ll look at strategies for backups and disaster recovery.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question