Hi,
I'm a long-time Unix user but new to Mac OS X. Nonetheless, I'm tasked
with helping integrate some OS X 10.3 and 10.4 clients into an LDAP
environment. The LDAP server is Sun's iPlanet (later, Sun ONE)
Directory Server 5.1, as bundled with the Solaris 9 OS.

Some things are working well. Users can log into the Macs and get their
NFS-mounted home directory. However, the Mac seems to refuse to use
LDAP for hostname lookups. We've tried to make this work by doing the
following:

* In the "Directory Access" app., define the proper mappings from Mac
to standard iPlanet host objects and attributes.
* Configure "lookupd" by editing /etc/lookupd/hosts to include "DS",
which I think causes any defined directory services to be used.

So far, I know something's wrong because the Mac doesn't even query the
LDAP server when doing host lookups; it skips this completely. What's
the trick to getting OS X to use LDAP for hostname lookups?

TIA,
Jonathan

In article <4ICdnbfRnvHSbI_eRVn-gQ@speakeasy.net>,
Jonathan <jonathan@somewhere.net> wrote:

> Hi,
> I'm a long-time Unix user but new to Mac OS X. Nonetheless, I'm tasked
> with helping integrate some OS X 10.3 and 10.4 clients into an LDAP
> environment. The LDAP server is Sun's iPlanet (later, Sun ONE)
> Directory Server 5.1, as bundled with the Solaris 9 OS.
>
> Some things are working well. Users can log into the Macs and get their
> NFS-mounted home directory. However, the Mac seems to refuse to use
> LDAP for hostname lookups. We've tried to make this work by doing the
> following:
>
> * In the "Directory Access" app., define the proper mappings from Mac
> to standard iPlanet host objects and attributes.
> * Configure "lookupd" by editing /etc/lookupd/hosts to include "DS",
> which I think causes any defined directory services to be used.
>
> So far, I know something's wrong because the Mac doesn't even query the
> LDAP server when doing host lookups; it skips this completely. What's
> the trick to getting OS X to use LDAP for hostname lookups?
>
> TIA,
> Jonathan

AFAIK, MacOS X uses DNS, not LDAP for hostname look. It can use LDAP
for authentication and user information, but not hosts. It uses NetInfo
(from NeXT), NIS, or DNS.

You might want to contact AppleCare support and log a support call on
this. At least one of those systems is on support, right?

--
DeeDee, don't press that button! DeeDee! NO! Dee...

In article <4ICdnbfRnvHSbI_eRVn-gQ@speakeasy.net>,
Jonathan <jonathan@somewhere.net> wrote:

> Hi,
> I'm a long-time Unix user but new to Mac OS X. Nonetheless, I'm tasked
> with helping integrate some OS X 10.3 and 10.4 clients into an LDAP
> environment. The LDAP server is Sun's iPlanet (later, Sun ONE)
> Directory Server 5.1, as bundled with the Solaris 9 OS.
>
> Some things are working well. Users can log into the Macs and get their
> NFS-mounted home directory. However, the Mac seems to refuse to use
> LDAP for hostname lookups. We've tried to make this work by doing the
> following:
>
> * In the "Directory Access" app., define the proper mappings from Mac
> to standard iPlanet host objects and attributes.
> * Configure "lookupd" by editing /etc/lookupd/hosts to include "DS",
> which I think causes any defined directory services to be used.
>
> So far, I know something's wrong because the Mac doesn't even query the
> LDAP server when doing host lookups; it skips this completely. What's
> the trick to getting OS X to use LDAP for hostname lookups?
>
> TIA,
> Jonathan

AFAIK, MacOS X uses DNS, not LDAP for hostname look. It can use LDAP
for authentication and user information, but not hosts. It uses NetInfo
(from NeXT), NIS, or DNS.

You might want to contact AppleCare support and log a support call on
this. At least one of those systems is on support, right?

--
DeeDee, don't press that button! DeeDee! NO! Dee...

Michael Vilain wrote:
> In article <4ICdnbfRnvHSbI_eRVn-gQ@speakeasy.net>,
> Jonathan <jonathan@somewhere.net> wrote:
>
>
>>Hi,
>>I'm a long-time Unix user but new to Mac OS X. Nonetheless, I'm tasked
>>with helping integrate some OS X 10.3 and 10.4 clients into an LDAP
>>environment. The LDAP server is Sun's iPlanet (later, Sun ONE)
>>Directory Server 5.1, as bundled with the Solaris 9 OS.
>>
>>Some things are working well. Users can log into the Macs and get their
>>NFS-mounted home directory. However, the Mac seems to refuse to use
>>LDAP for hostname lookups. We've tried to make this work by doing the
>>following:
>>
>>* In the "Directory Access" app., define the proper mappings from Mac
>>to standard iPlanet host objects and attributes.
>>* Configure "lookupd" by editing /etc/lookupd/hosts to include "DS",
>>which I think causes any defined directory services to be used.
>>
>>So far, I know something's wrong because the Mac doesn't even query the
>>LDAP server when doing host lookups; it skips this completely. What's
>>the trick to getting OS X to use LDAP for hostname lookups?
>>
>>TIA,
>>Jonathan
>
>
> AFAIK, MacOS X uses DNS, not LDAP for hostname look. It can use LDAP
> for authentication and user information, but not hosts. It uses NetInfo
> (from NeXT), NIS, or DNS.
>
> You might want to contact AppleCare support and log a support call on
> this. At least one of those systems is on support, right?
>

Typically, you aren't limited to a single protocol for hostname
resolution. In Solaris, for example, you can specify which name
services to try, and in which order. So in an LDAP environment, you
might specify "files ldap dns" in the "hosts" line of your
/etc/nsswitch.conf, which says, "for hostname lookups, check the local
flat-files first, then the LDAP directory, and then go to DNS if you
still haven't found it yet." It is this behavior I want from OS X, but
cannot make work.

thanks,
Jonathan

Michael Vilain wrote:
> In article <4ICdnbfRnvHSbI_eRVn-gQ@speakeasy.net>,
> Jonathan <jonathan@somewhere.net> wrote:
>
>
>>Hi,
>>I'm a long-time Unix user but new to Mac OS X. Nonetheless, I'm tasked
>>with helping integrate some OS X 10.3 and 10.4 clients into an LDAP
>>environment. The LDAP server is Sun's iPlanet (later, Sun ONE)
>>Directory Server 5.1, as bundled with the Solaris 9 OS.
>>
>>Some things are working well. Users can log into the Macs and get their
>>NFS-mounted home directory. However, the Mac seems to refuse to use
>>LDAP for hostname lookups. We've tried to make this work by doing the
>>following:
>>
>>* In the "Directory Access" app., define the proper mappings from Mac
>>to standard iPlanet host objects and attributes.
>>* Configure "lookupd" by editing /etc/lookupd/hosts to include "DS",
>>which I think causes any defined directory services to be used.
>>
>>So far, I know something's wrong because the Mac doesn't even query the
>>LDAP server when doing host lookups; it skips this completely. What's
>>the trick to getting OS X to use LDAP for hostname lookups?
>>
>>TIA,
>>Jonathan
>
>
> AFAIK, MacOS X uses DNS, not LDAP for hostname look. It can use LDAP
> for authentication and user information, but not hosts. It uses NetInfo
> (from NeXT), NIS, or DNS.
>
> You might want to contact AppleCare support and log a support call on
> this. At least one of those systems is on support, right?
>

Typically, you aren't limited to a single protocol for hostname
resolution. In Solaris, for example, you can specify which name
services to try, and in which order. So in an LDAP environment, you
might specify "files ldap dns" in the "hosts" line of your
/etc/nsswitch.conf, which says, "for hostname lookups, check the local
flat-files first, then the LDAP directory, and then go to DNS if you
still haven't found it yet." It is this behavior I want from OS X, but
cannot make work.

thanks,
Jonathan

In article <HqKdnXL5z8OTSY7eRVn-2w@speakeasy.net>,
Jonathan <jonathan@somewhere.net> wrote:

> Michael Vilain wrote:
> > In article <4ICdnbfRnvHSbI_eRVn-gQ@speakeasy.net>,
> > Jonathan <jonathan@somewhere.net> wrote:
> >
> >
> >>Hi,
> >>I'm a long-time Unix user but new to Mac OS X. Nonetheless, I'm tasked
> >>with helping integrate some OS X 10.3 and 10.4 clients into an LDAP
> >>environment. The LDAP server is Sun's iPlanet (later, Sun ONE)
> >>Directory Server 5.1, as bundled with the Solaris 9 OS.
> >>
> >>Some things are working well. Users can log into the Macs and get their
> >>NFS-mounted home directory. However, the Mac seems to refuse to use
> >>LDAP for hostname lookups. We've tried to make this work by doing the
> >>following:
> >>
> >>* In the "Directory Access" app., define the proper mappings from Mac
> >>to standard iPlanet host objects and attributes.
> >>* Configure "lookupd" by editing /etc/lookupd/hosts to include "DS",
> >>which I think causes any defined directory services to be used.
> >>
> >>So far, I know something's wrong because the Mac doesn't even query the
> >>LDAP server when doing host lookups; it skips this completely. What's
> >>the trick to getting OS X to use LDAP for hostname lookups?
> >>
> >>TIA,
> >>Jonathan
> >
> >
> > AFAIK, MacOS X uses DNS, not LDAP for hostname look. It can use LDAP
> > for authentication and user information, but not hosts. It uses NetInfo
> > (from NeXT), NIS, or DNS.
> >
> > You might want to contact AppleCare support and log a support call on
> > this. At least one of those systems is on support, right?
> >
>
> Typically, you aren't limited to a single protocol for hostname
> resolution. In Solaris, for example, you can specify which name
> services to try, and in which order. So in an LDAP environment, you
> might specify "files ldap dns" in the "hosts" line of your
> /etc/nsswitch.conf, which says, "for hostname lookups, check the local
> flat-files first, then the LDAP directory, and then go to DNS if you
> still haven't found it yet." It is this behavior I want from OS X, but
> cannot make work.
>
> thanks,
> Jonathan

There's no nsswitch.conf file on MacOS X (leastways it's not on my
machine). MacOS X came from NeXTian BSD roots rather than Solaris' SVR4
roots. NeXT used something called NetInfo. NIS is more or less
universal on UNIX boxes. I'm not sure but isn't the nsswitch feature an
SVR4ism (it wasn't on SunOS 4.x)?

I suspect you're out of luck.

--
DeeDee, don't press that button! DeeDee! NO! Dee...

In article <HqKdnXL5z8OTSY7eRVn-2w@speakeasy.net>,
Jonathan <jonathan@somewhere.net> wrote:

> Michael Vilain wrote:
> > In article <4ICdnbfRnvHSbI_eRVn-gQ@speakeasy.net>,
> > Jonathan <jonathan@somewhere.net> wrote:
> >
> >
> >>Hi,
> >>I'm a long-time Unix user but new to Mac OS X. Nonetheless, I'm tasked
> >>with helping integrate some OS X 10.3 and 10.4 clients into an LDAP
> >>environment. The LDAP server is Sun's iPlanet (later, Sun ONE)
> >>Directory Server 5.1, as bundled with the Solaris 9 OS.
> >>
> >>Some things are working well. Users can log into the Macs and get their
> >>NFS-mounted home directory. However, the Mac seems to refuse to use
> >>LDAP for hostname lookups. We've tried to make this work by doing the
> >>following:
> >>
> >>* In the "Directory Access" app., define the proper mappings from Mac
> >>to standard iPlanet host objects and attributes.
> >>* Configure "lookupd" by editing /etc/lookupd/hosts to include "DS",
> >>which I think causes any defined directory services to be used.
> >>
> >>So far, I know something's wrong because the Mac doesn't even query the
> >>LDAP server when doing host lookups; it skips this completely. What's
> >>the trick to getting OS X to use LDAP for hostname lookups?
> >>
> >>TIA,
> >>Jonathan
> >
> >
> > AFAIK, MacOS X uses DNS, not LDAP for hostname look. It can use LDAP
> > for authentication and user information, but not hosts. It uses NetInfo
> > (from NeXT), NIS, or DNS.
> >
> > You might want to contact AppleCare support and log a support call on
> > this. At least one of those systems is on support, right?
> >
>
> Typically, you aren't limited to a single protocol for hostname
> resolution. In Solaris, for example, you can specify which name
> services to try, and in which order. So in an LDAP environment, you
> might specify "files ldap dns" in the "hosts" line of your
> /etc/nsswitch.conf, which says, "for hostname lookups, check the local
> flat-files first, then the LDAP directory, and then go to DNS if you
> still haven't found it yet." It is this behavior I want from OS X, but
> cannot make work.
>
> thanks,
> Jonathan

There's no nsswitch.conf file on MacOS X (leastways it's not on my
machine). MacOS X came from NeXTian BSD roots rather than Solaris' SVR4
roots. NeXT used something called NetInfo. NIS is more or less
universal on UNIX boxes. I'm not sure but isn't the nsswitch feature an
SVR4ism (it wasn't on SunOS 4.x)?

I suspect you're out of luck.

--
DeeDee, don't press that button! DeeDee! NO! Dee...

On 8/29/05 10:14 PM, in article
vilain-C85C5E.13140629082005@comcast.dca.giganews.com, "Michael Vilain"
<vilain@spamcop.net> wrote:

>
> --
> DeeDee, don't press that button! DeeDee! NO! Dee...
"I'm doomed."
Dexter

ej

On 8/29/05 10:14 PM, in article
vilain-C85C5E.13140629082005@comcast.dca.giganews.com, "Michael Vilain"
<vilain@spamcop.net> wrote:

>
> --
> DeeDee, don't press that button! DeeDee! NO! Dee...
"I'm doomed."
Dexter

ej

Jonathan <jonathan@somewhere.net> writes:
[...]
> Some things are working well. Users can log into the Macs and get
> their NFS-mounted home directory. However, the Mac seems to refuse
> to use LDAP for hostname lookups. We've tried to make this work by
> doing the following:
[...]

Have a question of my own and might as well use this opportunity. :)

Where I work we are about to do the same with OS X (LDAP logins). How
are you doing the NFS mounting? Is it static mounts, or are you using
automount(8) or amd(8)? Right now all our OS X users have their home
directories on the local machine (they don't hop machines so they
haven't need access everywhere), and I'm wondering whether it would be
easier to continue with that or some how bringing NFS (or SMB/CIFS)
into the equation.

I'm curious to know how well NFS mounted home directories are working
(especially with things like resource forks and case sensitivity).

Thanks for any info.

--
David Magda <dmagda at ee.ryerson.ca>
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI

Jonathan <jonathan@somewhere.net> writes:
[...]
> Some things are working well. Users can log into the Macs and get
> their NFS-mounted home directory. However, the Mac seems to refuse
> to use LDAP for hostname lookups. We've tried to make this work by
> doing the following:
[...]

Have a question of my own and might as well use this opportunity. :)

Where I work we are about to do the same with OS X (LDAP logins). How
are you doing the NFS mounting? Is it static mounts, or are you using
automount(8) or amd(8)? Right now all our OS X users have their home
directories on the local machine (they don't hop machines so they
haven't need access everywhere), and I'm wondering whether it would be
easier to continue with that or some how bringing NFS (or SMB/CIFS)
into the equation.

I'm curious to know how well NFS mounted home directories are working
(especially with things like resource forks and case sensitivity).

Thanks for any info.

--
David Magda <dmagda at ee.ryerson.ca>
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI

In article <m2d5nvjz6k.fsf@gandalf.local>,
David Magda <dmagda+trace050401@ee.ryerson.ca> wrote:

> > Some things are working well. Users can log into the Macs and get
> > their NFS-mounted home directory. However, the Mac seems to refuse
> > to use LDAP for hostname lookups. We've tried to make this work by
> > doing the following:
> [...]
>
> Have a question of my own and might as well use this opportunity. :)
>
> Where I work we are about to do the same with OS X (LDAP logins). How
> are you doing the NFS mounting? Is it static mounts, or are you using
> automount(8) or amd(8)?

Sigh. No! Macs are currently using *PPC* chips, and WILL be using *Intel*. Not
AMD!

--
Sandman[.net] - Yeah, this was a JOKE! Even a bad joke! But a joke! :-D

In article <m2d5nvjz6k.fsf@gandalf.local>,
David Magda <dmagda+trace050401@ee.ryerson.ca> wrote:

> > Some things are working well. Users can log into the Macs and get
> > their NFS-mounted home directory. However, the Mac seems to refuse
> > to use LDAP for hostname lookups. We've tried to make this work by
> > doing the following:
> [...]
>
> Have a question of my own and might as well use this opportunity. :)
>
> Where I work we are about to do the same with OS X (LDAP logins). How
> are you doing the NFS mounting? Is it static mounts, or are you using
> automount(8) or amd(8)?

Sigh. No! Macs are currently using *PPC* chips, and WILL be using *Intel*. Not
AMD!

--
Sandman[.net] - Yeah, this was a JOKE! Even a bad joke! But a joke! :-D

David Magda wrote:
> Jonathan <jonathan@somewhere.net> writes:
> [...]
>
>>Some things are working well. Users can log into the Macs and get
>>their NFS-mounted home directory. However, the Mac seems to refuse
>>to use LDAP for hostname lookups. We've tried to make this work by
>>doing the following:
>
> [...]
>
> Have a question of my own and might as well use this opportunity. :)
>
> Where I work we are about to do the same with OS X (LDAP logins). How
> are you doing the NFS mounting? Is it static mounts, or are you using
> automount(8) or amd(8)? Right now all our OS X users have their home
> directories on the local machine (they don't hop machines so they
> haven't need access everywhere), and I'm wondering whether it would be
> easier to continue with that or some how bringing NFS (or SMB/CIFS)
> into the equation.
>
> I'm curious to know how well NFS mounted home directories are working
> (especially with things like resource forks and case sensitivity).
>
> Thanks for any info.
>

Well I'll admit to not knowing all the details of the Mac environment...
but I'll tell you what I know.
While the LDAP server is a Sparc server, the home directory box is a
Mac. Home directories are served via NFS, and are automounted. The Mac
clients are using whatever their default automounter is (would that be
amd? I'm not sure) and read the auto_home map from LDAP.
Resource forks could be an interesting issue; I don't know enough to
answer that question, as I only have some vague, 10-yr-old recolection
of what a resource fork is. :-)
However case sensitivity is not an issue, all Unixes are case-sensitive
and the Mac NFS server meshes nicely with our Solaris boxes.

That's about it...

David Magda wrote:
> Jonathan <jonathan@somewhere.net> writes:
> [...]
>
>>Some things are working well. Users can log into the Macs and get
>>their NFS-mounted home directory. However, the Mac seems to refuse
>>to use LDAP for hostname lookups. We've tried to make this work by
>>doing the following:
>
> [...]
>
> Have a question of my own and might as well use this opportunity. :)
>
> Where I work we are about to do the same with OS X (LDAP logins). How
> are you doing the NFS mounting? Is it static mounts, or are you using
> automount(8) or amd(8)? Right now all our OS X users have their home
> directories on the local machine (they don't hop machines so they
> haven't need access everywhere), and I'm wondering whether it would be
> easier to continue with that or some how bringing NFS (or SMB/CIFS)
> into the equation.
>
> I'm curious to know how well NFS mounted home directories are working
> (especially with things like resource forks and case sensitivity).
>
> Thanks for any info.
>

Well I'll admit to not knowing all the details of the Mac environment...
but I'll tell you what I know.
While the LDAP server is a Sparc server, the home directory box is a
Mac. Home directories are served via NFS, and are automounted. The Mac
clients are using whatever their default automounter is (would that be
amd? I'm not sure) and read the auto_home map from LDAP.
Resource forks could be an interesting issue; I don't know enough to
answer that question, as I only have some vague, 10-yr-old recolection
of what a resource fork is. :-)
However case sensitivity is not an issue, all Unixes are case-sensitive
and the Mac NFS server meshes nicely with our Solaris boxes.

That's about it...