[OT] OS X Open Directory with linux clients

[Kurt Wall]

On Thu, Sep 23, 2004 at 03:52:57PM -0500, Shawn L Johnston took 31 lines to write:
> Ok, another stupid mac question for any LDAP experts out there. I gave
> up trying to use another LDAP directory for my Xserve to authenticate
> against and went with Apple's Open Directory (which is actually OpenLDAP
> with their own schema extensions).

Hmm.

> My problem is I now want to authenticate my linux machines against Open
> Directory,which was easy to set up. Unfortunatly Apple has seen in its
> ultimate wisdom to include the OS X root user in Open Directory (OD)
> which means any linux box I have using OD for authentication sees two
> root users which I don't want.

Can you create a different domain for the Linux boxen so that root on the
Linux boxen won't be the same as root on OS X? The idea is that root
on each will have their own DNs because they're in "sub-domains" that
are part of the same One True DIT.

> I think my options are:
> 1) Forget having 1 ldap service with one set of logins/passwords 

Which rather defeats the purpose of using LDAP at all, at least for
authentication. Or so it seemeth to my little mind.

> 2) Perhaps there is some sort of filter I can do in my linux ldap.conf
> file that will "hide" undesirable users such as root?

Yep. But I'm definitely not an LDAP wonk, either.

> 3) Since the root user on OS X exists both in flat file and in OD. I
> could delete the root user from OD. and everything will still be "ok" -
> but thats probably a bad idea... ;)
> 
> Anyone else have experience or ideas on this one?

Just the one I made.

Kurt
-- 
Reporter, n.:
	A writer who guesses his way to the truth and dispels it with a
tempest of words.
	-- Ambrose Bierce, "The Devil's Dictionary"