Authenticate an LDAP connection
Using Directory Utility, you can set up an authenticated connection to an LDAP directory. This authentication is one-way. The computer proves its identity to an LDAP directory but the LDAP directory doesn’t prove its authenticity to the computer. For mutual authentication, see Set up authenticated binding for an LDAP directory.
Click Services.
Click the lock icon.
Enter an administrator’s user name and password, then click Modify Configuration (or use Touch ID).
Select LDAPv3, then click the Edit button (looks like a pencil).
If the list of server configurations is hidden, click Show Options.
Select a server configuration, then click Edit.
Click Security.
Select “Use authentication when connecting,” then enter a user’s distinguished name and password.
The distinguished name can specify any user account that has permission to see data in the directory. For example, a user account whose short name is “authenticator” on an LDAP server and whose address is ods.example.com has the distinguished name uid=authenticator,cn=users,dc=ods,dc=example,dc=com.
Important: If the distinguished name or password is incorrect, no one can log in to the computer using user accounts from the LDAP directory.