I'm looking for an automated way to set up LDAPv3 on OSx Catalina.
There is an additional level of complexity as we need to set a custom search base for the Automount, Groups, and Users.
Prior to catalina:
/Library/Preferences/OpenDirectory/Configurations/Search.plist
/Library/Preferences/OpenDirectory/Configurations/LDAPv3/my_ldap_server.plist
These files are now write-protected, yet the OS is still capable of writing to them it seems(or rather the /System/Volumes/Data/Library/… variant)
I can't understand why sudo/root can't write to these files as I can't find a firm link that would limit this in /usr/share/firmlinks
I'm also open to other automated ways of setting up LDAP connections by the way 🙂
EDIT: Please note that I'm not looking to edit the files mentioned above. I'm trying to automate LDAP setup! It can be done in the system preferences, and I'm just looking for a terminal way to do the same.
Best Answer
The easy way is to make a configuration profile and push it via MDM once you reach the break even point where you’re spending more time touching machines vs scripting solutions.
You don’t need an MDM to make these or could use server app as your MDM if you just want to manage a couple items past this, but most teams that have staff to run LDAP would want MDM as well.
You could script downloading your profile from any file share using
curlbut it’s also possible to just script your MDM enrollment and push the profile to the Macs that need it using APNS.