# Binding Gentoo openLDAP server w/ OSX (10.7) client

## bertaboy

Hi all,

I'm trying to set up a local server at home to consolidate a bunch of the information that we're gathering on our various computers by building a network using openLDAP+kerberos, where the server (hostname:microserver) is running Gentoo and the client I'm starting with is OS X 10.7.5.  I've been able to acquire (MIT) kerberos tickets on the OSX client (hostname:mini), however now I'm stuck at binding the OSX client to the openLDAP server.  openLDAP queries report back with no errors when pinged from the server, so I'm inclined to think that the issues are stemming from Apple.

Attempt to query openLDAP from client:

```
mini: $ ldapsearch -x -D "cn=Manager,dc=hulljensen,dc=net" -W

Enter LDAP Password: 

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
```

Proper query from server:

```
microserver :$ ldapsearch -x -D "cn=Manager,dc=hulljensen,dc=net" -W

...

# search result

search: 2

result: 0 Success

# numResponses: 15

# numEntries: 14
```

Confirming that server's LDAP port is accessible from the client

```
mini: $ nmap microserver.hulljensen.net

Starting Nmap 6.25 ( http://nmap.org ) at 2013-02-18 09:33 EST

Nmap scan report for microserver.hulljensen.net (192.168.1.90)

Host is up (0.00036s latency).

Not shown: 993 closed ports

PORT     STATE SERVICE

22/tcp   open  ssh

389/tcp  open  ldap

464/tcp  open  kpasswd5

636/tcp  open  ldapssl

749/tcp  open  kerberos-adm

3306/tcp open  mysql

6543/tcp open  mythtv

Nmap done: 1 IP address (1 host up) scanned in 1.31 seconds

```

slapd.conf

```
microserver: # cat /etc/openldap/slapd.conf

#

# See slapd.conf(5) for details on configuration options.

# This file should NOT be world readable.

#

include      /etc/openldap/schema/core.schema

include      /etc/openldap/schema/cosine.schema

include       /etc/openldap/schema/inetorgperson.schema

include       /etc/openldap/schema/nis.schema

include      /etc/openldap/schema/misc.schema

pidfile      /var/run/openldap/slapd.pid

argsfile   /var/run/openldap/slapd.args

serverID 0

loglevel 0

 access to dn.base="" by * read

 access to dn.base="cn=Subschema" by * read

 access to *

   by dn="uid=root,ou=People,dc=hulljensen,dc=net" write

   by users read

   by anonymous auth

access to attrs=userPassword,gecos,description,loginShell

   by self write

#######################################################################

# BDB database definitions

#######################################################################

database   hdb

suffix      "dc=hulljensen,dc=net"

checkpoint   32   30 

rootdn      "cn=Manager,dc=hulljensen,dc=net"

rootpw   <redacted>

directory   /var/lib/openldap-ldbm

index   objectClass   eq
```

ldap.conf (identical on both machines)

```
$ cat /etc/openldap/ldap.conf

BASE   dc=hulljensen,dc=net

URI   ldap://ldap.hulljensen.net:389/ ldap://ldap1.hulljensen.net:389/

TLS_REQCERT   allow

TIMELIMIT   2
```

Server FQDN:

```
microserver: $ hostname -f

microserver.hulljensen.net
```

Client FQDN:

```
mini: $ hostname -f

mini.hulljensen.net
```

----------

