By Greg Keller Posted June 4, 2015
Have a fleet of Macs? Been trying to connect them to OpenLDAP? Frustrated?
We thought so.
The folks at Penn State put out a how to guide to connect Macs to LDAP. The instructions are 30 steps long. While there may be steps that you can automate through scripts, it still will be a long and tedious process – and that’s just for one device. Connecting a fleet of Macs to LDAP is a daunting task.
Take a step back
Why would you even want to connect your Macs to LDAP?
There are two things that most every IT admin would love to have more of: security and control.
They would also like to have more automation and efficiency built into the environment. This becomes more and more true as the organization grows. There is an exponential increase in the number of connections between users and IT resources that IT admins need. That’s a tremendous amount of work for IT admins.
There has to be a better way
There is. Directory services were introduced a while back and have solved a lot of IT’s problems with Mac LDAP authentication. Effectively, directory services creates a matrix of connections between users and the IT resources which could be applications, devices, or networks.
OpenLDAP™ is the leading open source directory service and has become a common option for IT admins. OpenLDAP’s strength is managing user authentication and authorization for Unix and Linux devices and more technical applications.
But because OpenLDAP is open source, it requires more technical knowledge to set up, configure, and maintain. LDAP also requires more expertise when connecting devices and applications to it – which is precisely what IT admins were trying to avoid when connecting Macs to OpenLDAP in the first place.
How about a Simple Mac to LDAP Solution?
There is a better way than connecting Macs to LDAP. This option still provides for deep control of the device’s user management, but also gives IT admins full control over the device itself, which is not possible with LDAP.
Directory-as-a-Service® is a cloud-based directory service built for heterogeneous environments. The DaaS setup grants complete, seamless control over user authentication and authorization for Macs.
It also gives IT admins the ability to set policies and execute tasks on those Macs remotely. By installing a lightweight agent on each Mac, users are now controlled from a central cloud-based directory service. At will, IT admins can easily add, terminate, or change access to the Macs and other IT resources.
Installation and management is simple and easy. No 30 step guide to follow! Installation can be done with a simple command or distributed out via a software distribution system. Management is done through a web-based console, rather than at the command line as done with LDAP.
Directory-as-a-Service for Better Mac LDAP Authentication
With Directory-as-a-Service, IT admins can manage their Mac fleet, but also leverage LDAP, SAML, RADIUS, and other authentication protocols all in one cloud-based solution. If you were interested in connecting your Macs via LDAP to your directory services, check out Directory-as-a-Service. It might be a better fit for your Mac fleet. You can even sign up for a free account of the cloud-directory. Your first 10 users are free forever, so there’s no reason not to try it. If you have any questions, feel free to reach out to us. We would be happy to talk about how you can have better Mac LDAP authentication.