Binding a Mac to LDAP Server

Question

Hi allExperiencing this weird issue where I have bound a Mac to an LDAP server to allow network users to log in to the Mac.I went to System Preferences>Users and Groups>Login Options>Allow Users to login at login window then Options...If I select All Network Users and then login with a network username / password it logs in fine.If I select Allow specific users (which is what I need) and try to login with the same username / password as above, it will not login.Has anyone seen this issue before?

AJPinto · Answer

The entire function of it is to allow anyone in the forest to log in to the Mac. I am not aware of a way where you can restrict to only allow certain users to log on and have it actually work.

We are actually working away from AD binding, I recommend not attempting to bind at all. It's not something Apple supports or recommends and Apple is actively developing macOS in ways that cause problems with domain binding. You can effetely consider anything in macOS related to domain binding in macOS as deprecated technological debt.

That is the strange thing. When allowing all users, I can log in fine. If I select Allow Only these users and login with the allowed user, I can no longer login:

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded