rlm_opendirectory

Synopsis

This module is used only when the server is running on the same system as OpenDirectory. The configuration of the module is hard-coded by Apple and cannot be changed.

Default configuration

Processing Sections

authorize

When listed in the authorize section, the opendirectory module enforces Access Control Lists (ACLs) as given in OpenDirectory.

Return Codes: noop The request did not contain a User-Name attribute.
: fail The module failed to find information about the user.
: userlock The user is not authorized to log in.
: ok The user is authorized to log in.

authenticate

When listed in the authenticate section, the opendirectory module checks the User-Password against the system password database in Mac OS X.

Return Codes: invalid The request did not contain a User-Name or a User-Password attribute.
: userlock The user is not authorized to log in.
: ok The user has been successfully authenticated.
: reject The user’s credentials were rejected.

Expansions

None.

Directives

None.