Mac OS X v10.7: Unable to connect to a Mac OS X v10.6 Open Directory Server

A Mac OS X v10.7 Lion client may be unable to connect to a Mac OS X v10.6 Open Directory Server.

This can happen if Lion uses Authenticated Binding to a Mac OS X v10.6 Open Directory Server that is also bound to Active Directory by means of a magic triangle.

To allow the Mac OS X v10.7 clients to connect, either don't use authenticated binding, or use the following Terminal commands.

Execute these commands on the Mac OS X v10.6 Open Directory Master Server and Replicas:

Note: These commands will turn off GSSAPI authentication for the LDAP Server on the Mac OS X v10.6 Open Directory Master Server and Replicas. The servers will then use CRAM-MD5 authentication.

sudo rm /usr/lib/sasl2/openldap/libgssapiv2.2.so sudo rm /usr/lib/sasl2/openldap/libgssapiv2.la

Restart the server after making this change.
 

If you want to restore the original settings, execute these commands:

cd /usr/lib/sasl2/openldap sudo ln -s ../libgssapiv2.2.so  sudo ln -s ../libgssapiv2.la

Restart the server after making this change.

Last Modified:
Helpful?

Additional Product Support Information

Start a Discussion

in Apple Support Communities
See all questions on this article See all questions I have asked
United States (English)