Set up authenticated binding for an LDAP directory
You can use Directory Utility to set up authenticated binding between a computer and an LDAP directory that supports authenticated binding. The binding is mutually authenticated by an authenticated computer record that’s created in the directory when you set up authenticated binding.
You can’t configure a computer to use trusted LDAP binding with a DHCP-supplied LDAP directory. Authenticated LDAP binding is inherently static, and DHCP-supplied LDAP is dynamic.
Click the lock icon.
Enter an administrator’s user name and password, then click Modify Configuration (or use Touch ID).
Select LDAPv3, then click the Edit button (looks like a pencil).
If the list of server configurations is hidden, click Show Options.
Select a server configuration, then click Edit.
Several options appear, including the Bind button (only if the LDAP directory supports trusted binding).
Click Bind, enter the following credentials, then click OK.
Enter the name of the computer and the name and password of an LDAP directory domain administrator. The computer name can’t be in use by another computer for authenticated binding or other network services.
Verify the computer name.
If you see an alert saying that a computer record already exists, click Cancel to go back and change the computer name, or click Overwrite to replace the existing computer record.
The existing computer record might be abandoned or belong to another computer. Before you replace an existing computer record, notify the LDAP directory administrator to make sure that replacing the record doesn’t disable another computer.
In such a situation, the LDAP directory administrator must give the disabled computer another name and add it to the computer group it belonged to, using a different name for that computer.