Mac OS X Server v10.5, 10.6: How to require authenticated binding between server and clients

Summary

Learn how to require authenticated binding between Mac OS X clients and a Mac OS X Server. This setting is no longer available as a checkbox after installing Mac OS X Server v10.6.3 or later, or Security Update 2010-002 for Mac OS X Server v10.5.8.

This setting only affects Mac OS X clients binding to a Mac OS X Server. If it is enabled, clients will be prompted for a directory administrator password when binding to the server.

Important: This setting does not control or limit any other access the LDAP database on the server.

Products Affected

Mac OS X Server 10.5, Mac OS X Server 10.6

You can set this by using the slapconfig Terminal command on the server.

  • To require authentication when a client binds to the server, use this Terminal command:

sudo slapconfig -setmacosxodpolicy -binding required
 

Note: The following two settings can also be controlled by the checkbox "Enable authenticated directory binding" in Server Admin > Open Directory > Policies > Binding.

  • To allow authenticated binding, but make it optional, use this Terminal command:

sudo slapconfig -setmacosxodpolicy -binding enabled
 

  • To disable authenticated binding, use this Terminal command:

sudo slapconfig -setmacosxodpolicy -binding disabled

Additional Information

To determine the state of this setting, use this command:

sudo slapconfig -getmacosxodpolicy

Look for the value (true or false) of the key named "Binding Required".

Not helpful Somewhat helpful Helpful Very helpful Solved my problem
Ask other users about this article
in Apple Support Communities
See all questions on this article See all questions I have asked