Authenticating OS X Tiger to AD

[macotec]

I am trying to correcting an ailing implementation of Tiger to authenticate user credentials against Active Directory.

Question 1: Should I have the slapd service running?
Question 2: Do I need both AD and LDAPv3 plugins?

Question 3: Are the mappings below correct for LDAPv3?
Default Attribute Types
RecordName = cn

Users
organizationalPerson
user
cn=Users, DC-star, DC=lcc, DC=edu, 'all subtrees'

RecordName
sAMAccountName

UniqueID
uSNCreated

RealName
displayName

Password

PrimaryGroupID
#20


Question 4: Do I need the authentication Distinguished Name: under LDAPv3, Configure, Edit entry, Security to be just the name of the user authentication into the directory or cn=, ou=, dc=, dc=, dc= form.

Question 5: Do I need the Open Directory -> Protocols -> LDAP Settings , Search Base and Database settings assigned or is that only if the machine is supplying it's own LDAP services. NOTE: this servers role is "connected to a Directory System".


Thanks for help.

[Go3iverson]

Questions 1 & 2 - depends on what you're trying to do. If you're trying to vend MCX settings from an OD supplementing the AD schema, then you should have slapd running and both plugins. If you are just trying to authenticate your server against AD or your client machines against OD, you don't need to run the Open Directory service on Mac OS X Server, just bind directly against the AD

Question 3 - Looks OK, but that's dependent on your environment

Question 4 & 5 - You usually want to leave these as the default settings supplied from the AD when you bind the Mac OS X Server to the AD domain itself.

Do you have any other specifics on what you are trying to accomplish with this setup, besides just authentication? Are you trying to allow certain services on OS X use AD authentication?

Michael