I have 2 Mac Servers, each of them set to be an OD Master, but are looking to a Sun LDAP server as well. The same user has a different value for the NFSHomeDirectory value when doing a dscl read on the user with LDAPv3/My.LDAP.Server . I assume this means that some of the info provided is coming from a local OD DB or a cache or something, otherwise it would be exactly the same on both servers when querying the same datasource (my LDAP server).
Question: Where is the NFSHomeDirectory value stored? OS X Lion (on one server and 10.5.8 on the other)
Best Answer
You need to check the mappings being used on the various servers. The program for looking at/configuring this used to be in /Applications/Utilities and named "Directory Access", then at some point it got renamed to "Directory Utility", and then (I think later) got moved from Utilities to /System/Library/CoreServices.. but I don't remember where it was & what name it went by in version 10.5. You'll have to look for it in both places.
Anyway, run Directory Whatever, click the padlock and authenticate, double-click the LDAPv3 service, select the config for the Sun LDAP service (there should be two configs listed, one for the local OD master, and one for the Sun service) and click Edit, then select the "Search & Mappings" tab.
There should be a pop-up menu near the top labelled something like "Access this LDAPv3 server using". If "From Server" is chosen, it's getting its settings from a config record on the Sun LDAP server. Everything bound with this option should be getting consistent mappings & therefore the attributes should match on all Macs.
If it's not in "From Server" mode (which it probably isn't, given it's a Sun server): find Users in the left column ("Record Types and Attributes" if the name hasn't changed since 10.5), click the disclose triangle next to Users, select NFSHomeDirectory under that, and see what's mapped to it (listed in the right column).
Compare what you find on the various OS X servers; if I understand your setup at all correctly, this should tell you where the difference is coming from.
EDIT: Having the OS X NFSHomeDirectory attribute mapped to the LDAP homedirectory attr is entirely normal. The naming conventions here are hopelessly confusing: the OS X HomeDirectory (note caps) attribute contains XML-wrapped instructions on how to mount the home directory, and the OS X NFSHomeDirectory attr contains the local path it should have (after being mounted), which matches exactly with the standard (RFC 2307) LDAP homedirectory (note lowercase) attribute. If the home directories are mounted via NFS, it's generally ok to have the OS X HomeDirectory attribute blank.
I'm not sure what happens if there are multiple home paths; my guess would be that it'll use the first and ignore the rest, but I don't really know.
To see what server is queried first, check in Directory Whatever, in the Search Policy section under Authentication. I'll search the various data sources in the order that they're listed here. Note that OS X does not handle identity conflicts at all well, so having users with the same account and/or full name, or the same user ID number, in multiple domains is a really really bad idea. If you have multiple accounts with any matching identifiers, OS X tends to merge all of their attributes in unpredictable and confusing ways. In a situation like yours, I'd tend to keep all users in just one of the LDAP services (probably the Sun server), with only the per-domain "diradmin" account in each of the OD master's domains.