Mac OS X v10.7: Unable to connect to a Mac OS X v10.6 Open Directory Server

Products Affected

Lion Server

Symptoms

A Mac OS X v10.7 Lion client may be unable to connect to a Mac OS X v10.6 Open Directory Server. This can happen if Lion uses Authenticated Binding to a Mac OS X v10.6 Open Directory Server that is also bound to Active Directory by means of a magic triangle.

Resolution

To allow the Mac OS X v10.7 clients to connect, either don't use authenticated binding, or use the following Terminal commands.

Execute these commands on the Mac OS X v10.6 Open Directory Master Server and Replicas:

Note: These commands will turn off GSSAPI authentication for the LDAP Server on the Mac OS X v10.6 Open Directory Master Server and Replicas. The servers will then use CRAM-MD5 authentication.

sudo rm /usr/lib/sasl2/openldap/libgssapiv2.2.so
sudo rm /usr/lib/sasl2/openldap/libgssapiv2.la

Restart the server after making this change.
 

If you want to restore the original settings, execute these commands:

cd /usr/lib/sasl2/openldap
sudo ln -s ../libgssapiv2.2.so 
sudo ln -s ../libgssapiv2.la

Restart the server after making this change.

Not helpful Somewhat helpful Helpful Very helpful Solved my problem
Ask other users about this article
in Apple Support Communities
See all questions on this article See all questions I have asked