Linux to Mac
Automount OS X Home Directories Using OpenLDAP and Linux
- 2009.09.28 - Tip Jar
Popularity: 
Short link: http://bit.ly/DYEii
Mac OS X comes with built-in integration to work seamlessly on a Mac Open Directory network or Microsoft Active Directory network. It is a fairly easy task to set it up to authenticate to a Unix/Linux OpenLDAP server. However, it is another matter to get it to read the home directory from OpenLDAP and mount it over NFS on a Linux server automatically.
The goal was to allow any valid network user to login to any Mac and have their home directory mounted from a Linux NFS file server. Getting to that goal required a series of baby steps and missteps. This article will take you through it as clearly as I can describe it. I found plenty of information on the Internet that covered bits and pieces - hopefully this will pull it all together for posterity.
Background Information
Before getting into the details of OpenLDAP, it is helpful to know how the Mac talks to Linux NFS servers and something about OS X AutoFS. For background information on connecting to Linux NFS servers, see Playing Nice with Linux NFS. And for additional background information on AutoFS, see Introduction to AutoFS in Mac OS X.
With the background stuff out of the way, we can focus on setting up OpenLDAP for Mac OS X clients. It turns out there is a little bit of work to do on both the OS X client and the Linux server.
Configuring OS X to Use OpenLDAP for Authentication
Open the Directory Utility in the Utilities folder, and add either the name or IP address of the OpenLDAP server.
Then, on the Services tab, enable LDAPv3 for the service type. Edit it and select "RFC 2307 Unix" under LDAP Mappings. This should be the default setting.
You should not have make any fine grained changes to the LDAP Mappings, but it is nice to be able to drill down and change some of the settings if you want to customize things later.
Configuring OpenLDAP for OS X clients
OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol (LDAP) used to centralize authentication and authorization in a network. In the Unix world, it serves the same role as Open Directory (based on OpenLDAP) in a pure Mac network.
In Red Hat Enterprise Linux, OpenLDAP runs as a service and is configured with files in the /etc/openldap directory.
To support OS X clients, the OpenLDAP schema needs to be extended by adding two lines to the /etc/openldap/slapd.conf file. The lines are added near the top of the file after the other include directives.
include /etc/openldap/schema/samba.schema
include /etc/openldap/schema/apple.schema
The samba.schema file is part of the Samba project and
can be downloaded as part of the Samba source code. You can get the
apple.schema directly from your Mac after installing the
system tools. On my system, the Mac file was found in
/private/etc/openldap/schema/apple.schema.
Copy each plain text file to the the /etc/openldap/schema directory
on the Linux server. There were one or two attributes in the
apple.schema file I had to uncomment. After installing the
new schemas, restart OpenLDAP.
Adding Automap Records to OpenLDAP
With the Apple schema installed, automount map records can be added to the OpenLDAP directory that OS X will use to mount remote home directories for network users.
The version of OpenLDAP I used on Red Hat Enterprise Linux 5 did not have any automountMap objects defined. So I firstcreated two automountMap objects, one for auto_master and one for auto_home. These names will make sense if you read the background information on AutoFS. Here are the LDIF definitions for those objects:
dn: automountMapName=auto_master,dc=example,dc=com
objectClass: top
objectClass: automountMap
automountMapName: auto_master
dn: automountMapName=auto_home,dc=example,dc=com
objectClass: top
objectClass: automountMap
automountMapName: auto_home
Next, I created an auto_master record that tells OS X to look at the auto_home map to find out where the home directories live:
dn: automountKey=/home,automountMapName=auto_master,dc=example,dc=com
objectClass: top
objectClass: automount
automountKey: /home
automountInformation: auto_home
Finally, I created the auto_home record with the NFS server name and a wildcard entry for the home directory:
dn: automountKey=*,automountMapName=auto_home,dc=example,dc=com
objectClass: top
objectClass: automount
automountKey: *
automountInformation: -fstype=nfs myserver.example.com:/home/&
With the automount records in LDAP, OS X clients that are configured with the OpenLDAP server will try to mount the home directories of network users on myserver.example.com.
When the home directory is successfully mounted, it is fully
integrated with the OS X desktop. The home directory gets mounted
locally at /home instead of /Users, and files in the remote
/home/user/Desktop directory appear on the Mac desktop..
Join us on Facebook, follow us on Twitter, use our Google+ page, or read our RSS news feed
Keith Winston is a recent Mac convert after five years of Linux on the desktop. He also writes for Linux.com and created CommandLineMac to focus on the Unix-y power of the Mac. If you find Keith's articles helpful, please consider making a donation to his tip jar.
Recent Linux to Mac Columns
- Apple's launchd Is Anti-Unix, 2010.07.13. Unix prefers programs that do one thing very well, but Apple's launchd takes the opposite approach.
- Introduction to Autofs in Mac OS X, 2009.07.01. "Autofs is often used in enterprise environments to set up network-based home directories and other network mounts for users at login."
- Automating FTP on the Mac, 2009.03.04. There's no shortage of GUI FTP programs, but using the Terminal gives you tools to automate file transfer sessions.
- More in the Linux to Mac index.
Links for the Day
- Mac of the Day: Color Classic, introduced 1993.02.01. A cult classic, this was the compact Mac with color that everyone had been waiting for.
- May 23 in LEM history: 00: A computer I understood - 01: Mac: A dream fulfilled - 02: PowerKey - 03: 12" PowerBook better than 15" TiBook - 05: The First Macs - 06: What's in your workspace? - Picking the right laptop - Sun has set on the G4 - 06: Running your notebook using flash memory - 08: MacBook holds its own against Dell and HP
- Support Low End Mac
Recent Content on Low End Mac
- World Book Encyclopedia 2012 DVD, Tommy Thomas, Reviews, 2013.03.05. "You may be asking yourself, in an age of Wikipedia and instant information, is World Book still relevant?"
- Vintage Computer Festival SouthEast, April 20-21, 2013, Simon Royal, Mac Spectrum, 2013.02.25. Old Apple gear and old PCs.
- iMessage: The Ultimate Messaging Service?, Simon Royal, Mac Spectrum, 2013.02.21. In most ways, Apple's iMessage is far superior to BlackBerry Messenger.
- More links in our archive.
Recent Deals
- Best Mac mini Deals
- Best 13" MacBook Pro Deals
- Best Intel iMac Deals
- Best iPod touch Deals
- Best iPhone Deals
- Best iPod nano Deals
- Best iPod classic Deals
- Best Apple TV Prices
- More deals in our archive.
About LEM Support Usage Privacy Contact
FollowLow End Mac on Twitter
Join Low End Macon Facebook
Low End Mac Reader Specials
Favorite Sites
MacSurfer
Cult of Mac
Shrine of Apple
MacInTouch
MyAppleMenu
InfoMac
The Mac Observer
Accelerate Your Mac
RetroMacCast
PB Central
MacWindows
The Vintage Mac Museum
Deal Brothers
DealMac
Mac2Sell
Mac Driver Museum
JAG's House
System 6 Heaven
System 7 Today
the pickle's Low-End Mac FAQ
Affiliates
Amazon.com
The iTunes Store
PC Connection Express
Macgo Blu-ray Player
Parallels Desktop for Mac
eBay
