Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment,  Unix

TLS + eDirectory

In order to bind a Mac OS X Server to eDirectory it’s more than likely going to give you fits if you don’t first augment the /etc/openldap/ldap.conf file. This is going to disable the TLS requirement. Before you do, if you can get TLS working with eDirectory then there’s likely no need to do the following but given that it is problematic if you’re having trouble, try this.

To disable TLS, simply open it up and change the last line, for TLS_REQCERT to never and then killall DirectoryServices. You should then be able to bind to eDirectory (or another LDAP service) effectively. For further information on eDirectory integration, check out the resources listed here.