
Enable LDAP bind authentication for a user in Directory Utility on Mac
You can enable the use of LDAP bind authentication for a user account stored in an LDAP directory domain. When you use this password validation technique, you rely on the LDAP server that contains the user account to authenticate the user’s password.
Important: If your computer name contains a hyphen, you might not be able to bind to a directory domain such as LDAP or Active Directory. To establish binding, use a computer name that does not contain a hyphen.
- Make sure the Mac that needs to authenticate the user account has a connection to the LDAP directory where the user account resides and that the computer’s search policy includes the LDAP directory connection. - For information about configuring LDAP server connections and the search policy, see Configure LDAP directory access. - If you configure an LDAP connection that doesn’t map the password and authentication authority attributes, bind authentication occurs automatically. See Configure LDAP Searches & Mappings. 
- If you configure the connection to permit clear-text passwords, also configure it to use SSL to protect the clear-text password while it is in transit.