Prepare a read-only LDAP directory for macOS
If you want a Mac to get administrative data from a read-only LDAP directory, the data must exist in the format required by macOS. You might need to add, change, or reorganize data in the read-only LDAP directory.
Because macOS can’t write data to a read-only directory, you must use other tools to make the changes. The tools must reside on the server that hosts the read-only LDAP directory.
Go to the server that hosts the read-only LDAP directory and configure it to support LDAP-based authentication and password checking.
Change the LDAP directory’s object classes and attributes as necessary to provide the data needed by macOS.