Edit RFC 2307 mapping to enable creating users in Directory Utility on Mac
Before you can use macOS Server or Directory Editor to create users on a non-Apple LDAP directory server that uses RFC 2307 (UNIX) mappings, you must edit the mapping of the Users record type. You do this with Directory Utility.
In the Directory Utility app
on your Mac, click Services.Click the lock icon.
Enter an administrator’s user name and password, then click Modify Configuration (or use Touch ID).
Select LDAPv3, then click the Edit button (looks like a pencil).
If the list of server configurations is hidden, click Show Options.
Select the directory configuration with RFC 2307 mappings, then click Edit.
Click Search & Mappings.
In the list on the left, select Users.
By default, “Map to __ items in list” is set to Any and the list on the right includes posixAccount, inetOrgPerson, and shadowAccount.
Change “Map to __ items in list” to All, then change the list on the right to include the set of LDAP object classes you want the Users record type mapped to.
For example, you could delete shadowAccount from the list so that users map to only posixAccount and inetOrgPerson. Alternatively, you could map Users to account, posixAccount, and shadowAccount:
To change an item in the list, double-click it.
To add an item to the list, click Add.
To delete the selected item from the list, click Delete.
To change the order of listed items, drag items up or down in the list.
You can find the object classes of user records in the LDAP directory by using the
ldapsearchUNIX tool in Terminal. For example, the following code finds object classes for a user record whose cn attribute is “Leonardo da Vinci:”$ ldapsearch -x -h ldapserver.example.com -b "dc=example, dc=com" 'cn=Leonardo da Vinci' objectClassThe output displayed for this example would be:
# Leonardo da Vinci, example.comdn: cn=Leonardo da Vinci, dc=example, dc=comobjectClass: inetOrgPersonobjectClass: posixAccount