I have a Mac High Sierra (10.13.2) connected to Open Directory. The server is a OpenLDAP Linux Server
With Apple Configurator I created a Email Profile to config email account.
In local users I don't have any problem to install the profile, but with network users "Profile installation failed: No user identifier found in record":
The message in Console is:
error 15:38:54.023485 +0100
com.apple.preferences.configurationprofiles.remoteservice [ERROR]
Profile installation (Mail_Profile
(Mail_Profile.98A029D9-5514-4A3B-A938-9CB338D4DC43:2C9546DD-2002-4486-9D55-395AEAD8555E))
(Error Domain=CPProfileManager Code=-202 "No user identifier found in
record." UserInfo={NSLocalizedDescription=No user identifier found in
record.})
How I can fix this error?
Thanks!
Best Answer
I see it's been a while since the question was raised, but I came across the same recently and fortunately found help on the MacAdmins Slack: the cause is that a GUID attribute is missing from the OpenLDAP user record.
In Apple directory services, the attribute is called
GeneratedUID.The slight difficulty is that the RFC2307 mapping in the LDAP configuration does not map any LDAP attribute onto this one.
The Open Directory mapping does, but it doesn't work with my LDAP user database - probably because it is not structured/designed accordingly, but according to RFC2307.
As a workaround, I created a custom mapping starting with RFC2307, and mapped the LDAP attribute
apple-generateduidontoGeneratedUID.Server-side, I added
apple-generateduidto all users. This should be a UUID and I simply copiedentryUUID. (My first thought was to mapentryUUIDdirectly, but it doesn't work - probably because it's a special attribute and not fetched, or not available for mapping.)To be able to add the
apple-generateduidyou will also need to add the object classapple-user.And if these attributes/object classes are not known to your OpenLDAP, you probably have to import the Apple schema files first.