Skip to main content
Question

Open Directory Binding Issue

  • February 18, 2015
  • 4 replies
  • 0 views

gskibum
Forum|alt.badge.img+13
  • Valued Contributor
  • 288 replies

Using a policy and a directory binding I am trying to enable authenticated directory bindings to Open Directory servers. On a test Mac I receive the following errors:

Using SSL:

Error: The binding was not successful:
dsconfigldap verbose mode
Using suggested computer ID 
Options selected by user:
Force authenticated (un)binding option selected
SSL was chosen
Add server option selected
Server name provided as 
LDAP Configuration name provided as 
Computer ID provided as 
Network username provided as 
No Local username determined
Adding new node to search policies

Please enter network user password: 
Certificates will be automatically added to your system keychain in order to talk to this server.
Would you like to continue (y/n)? 
Operation cancelled.

Not using SSL:

Error: The binding was not successful:
dsconfigldap verbose mode
Using suggested computer ID 
Options selected by user:
Force authenticated (un)binding option selected
Add server option selected
Server name provided as 
LDAP Configuration name provided as 
Computer ID provided as 
Network username provided as 
No Local username determined
Adding new node to search policies

Please enter network user password: 
Certificates are available for this server.
Would you like to add them to system keychain automatically (y/n)? Error: Authentication server refused operation because the current credentials are not authorized for the requested operation. (5101)

I can bind manually using Directory Utility with and without SSL.

In this case I am using a Mavericks client binding to a Yosemite server.

Any insight?

4 replies

davidacland
Forum|alt.badge.img+18
  • Valued Contributor
  • 1811 replies
  • February 18, 2015

It sounds like there are a few things at play. Excluding SSL, do you mean you can do an authenticated bind using the GUI?

We're not really using Open Directory any more but when we did we regularly had to fight authenticated binds. Normally we'd only be using OD for MCX so would do untrusted / unauthenticated binds.


gskibum
Forum|alt.badge.img+13
  • Author
  • Valued Contributor
  • 288 replies
  • February 18, 2015

Hi David. Yes I a can bind with the GUI & Directory Utility. It's just with the policy and the directory binding


Forum|alt.badge.img+16
  • Honored Contributor
  • 1054 replies
  • February 18, 2015

You can see the Jamf binary commands if you prevent the 1st reboot. I usually just boot the machine to target disk mode.

/Library/Application Support/JAMF

I forget the exact file, maybe first run?

C


gskibum
Forum|alt.badge.img+13
  • Author
  • Valued Contributor
  • 288 replies
  • February 19, 2015

This did the trick.
https://jamfnation.jamfsoftware.com/discussion.html?id=4115

Which makes me wonder if the JSS built-in Directory Binding tool for Open Directory works at all.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings