In further attempts at reverse engineering OpenDirectory, here is the latest status report.
I’ve managed to get just about as far as I really want to go right now. I still cannot BIND to the directory without deleting my user in the local netinfo db. I suppose I could login as one user at home (LDAP) and another on the road, and give them both the same home dir.
I’ve even tried deleting the AuthAuthority setting in my local nidb, no dice. Again, what does work is to rename your nidb user entry to something else. Once you do that - Then BIND authentication works. I think there must be a flag in netinfo that says not to rely on the nidb, and to always validate the user with LDAP, if possible, otherwise fallback to the nidb cache.
You can turn on the Workgroup manager client in OS X by creating an object of objectclass apple-computer and giving it the apple-mcxflags with a value of ‘*has_mcx_settings*’ and creating attribute attribute ‘apple-mcxsettings’ with an empty string as the value. This will cause Workgroup Manager client interface to be displayed on login.
I’m still working on what is contained inside the applemcxsettings attribute, to get stuff to appear insode the workgroup dialog.
Later.