Edit RFC 2307 mapping to enable creating users in Directory Utility on Mac
Before you can use the Directory Editor to create users on a non-Apple LDAP directory server that uses RFC 2307 (UNIX) mappings, you must edit the mapping of the Users record type. You do this with Directory Utility.
In the Directory Utility app on your Mac, click Services.
Click the lock icon.
Enter an administrator’s username and password, then click Modify Configuration (or use Touch ID).
Select LDAPv3, then click the “Edit settings for the selected service” button .
If the list of server configurations is hidden, click the disclosure triangle next to Show Options.
Select the directory configuration with RFC 2307 mappings, then click Edit.
Click Search & Mappings.
In the list on the left, select Users.
By default, “Map to __ items in list” is set to Any and the list on the right includes posixAccount, inetOrgPerson and shadowAccount.
Change “Map to __ items in list” to All, then change the list on the right to include the set of LDAP object classes you want the Users record type mapped to.
For example, you could delete shadowAccount from the list so that users map to only posixAccount and inetOrgPerson. Alternatively, you could map Users to account, posixAccount and shadowAccount:
To change an item in the list, double-click it.
To add an item to the list, click the Add button .
To delete the selected item from the list, click the Delete button .
To change the order of listed items, drag items up or down in the list.
You can find the object classes of user records in the LDAP directory by using the
ldapsearch
UNIX tool in Terminal. For example, the following code finds object classes for a user record whose cn attribute is “Leonardo da Vinci:”$ ldapsearch -x -h ldapserver.example.com -b "dc=example, dc=com" 'cn=Leonardo da Vinci' objectClass
The output displayed for this example would be:
# Leonardo da Vinci, example.com
dn: cn=Leonardo da Vinci, dc=example, dc=com
objectClass: inetOrgPerson
objectClass: posixAccount