Enable LDAP bind authentication for a user
You can enable the use of LDAP bind authentication for a user account stored in an LDAP directory domain. When you use this password validation technique, you rely on the LDAP server that contains the user account to authenticate the user’s password.
Important: If your computer name contains a hyphen, you might not be able to bind to a directory domain such as LDAP or Active Directory. To establish binding, use a computer name that does not contain a hyphen.
Make sure the Mac that needs to authenticate the user account has a connection to the LDAP directory where the user account resides and that the computer’s search policy includes the LDAP directory connection.
For information about configuring LDAP server connections and the search policy, see Configure LDAP directory access.
If you configure an LDAP connection that doesn’t map the password and authentication authority attributes, bind authentication occurs automatically. For more information, see Configure LDAP Searches & Mappings.
If you configure the connection to permit clear-text passwords, also configure it to use SSL to protect the clear-text password while it is in transit.
For more information, see Change the LDAP connection security policy and Change the connection settings for an LDAP or Open Directory server.