This article has been archived and is no longer updated by Apple.

Mac OS X v10.7: Unable to connect to a Mac OS X v10.6 Open Directory Server

A Mac OS X v10.7 Lion client may be unable to connect to a Mac OS X v10.6 Open Directory Server.

This can happen if Lion uses Authenticated Binding to a Mac OS X v10.6 Open Directory Server that is also bound to Active Directory by means of a magic triangle.

To allow the Mac OS X v10.7 clients to connect, either don't use authenticated binding, or use the following Terminal commands.

Execute these commands on the Mac OS X v10.6 Open Directory Master Server and Replicas:

Note: These commands will turn off GSSAPI authentication for the LDAP Server on the Mac OS X v10.6 Open Directory Master Server and Replicas. The servers will then use CRAM-MD5 authentication.

sudo rm /usr/lib/sasl2/openldap/libgssapiv2.2.so sudo rm /usr/lib/sasl2/openldap/libgssapiv2.la

Restart the server after making this change.

If you want to restore the original settings, execute these commands:

cd /usr/lib/sasl2/openldap sudo ln -s ../libgssapiv2.2.so sudo ln -s ../libgssapiv2.la

Restart the server after making this change.

Published Date: July 26, 2023

Mac OS X v10.7: Unable to connect to a Mac OS X v10.6 Open Directory Server

Contact Apple Support