for now... i did get a swift script working, but you need to bundle the script and the resources into an application.  if you want to run the script outright you'd need to download and install the xcode command line tools.  using @flebec 's suggestion of macadmin's python is probably the way to go.  we package their python into our deployments for a number of other things, such as outset.

It doesn't work at all. 

My configuration can't access to ldap server 😕 

We've been using the ldap connection successfully for almost a year now on different mass deployments, it works well.  I would double and triple check that your following Google's instructions to a T.  

Google Ldap works with Monterey up to the Deployable phase. When you try to use the python script using managed_python3 we end up with

"line 17, in <module>
request.appendData_(NSData.dataWithBytes_length_(CONFIG, len(CONFIG)))
TypeError: Expecting byte-buffer, got str"

Even trying "sudo python3 -m pip install pyobjc-framework-opendirectory" still same issue. Any thoughts? 

Here is the script that we are trying to run. Any ideas or help would be greatly appreciated.

#!/usr/bin/managed_python3
from OpenDirectory import ODNode, ODSession, kODNodeTypeConfigure
from Foundation import NSMutableData, NSData

import os
import sys

# Reading plist
GOOGLELDAPCONFIGFILE = open(sys.argv[1], "r")
CONFIG = GOOGLELDAPCONFIGFILE.read()
GOOGLELDAPCONFIGFILE.close()

# Write the plist
od_session = ODSession.defaultSession()
od_conf_node, err = ODNode.nodeWithSession_type_error_(od_session, kODNodeTypeConfigure, None)
request = NSMutableData.dataWithBytes_length_(b'\x00'*32, 32)
request.appendData_(NSData.dataWithBytes_length_(CONFIG, len(CONFIG)))
response, err = od_conf_node.customCall_sendData_error_(99991, request, None)

# Edit the default search path and append the new node to allow for login
os.system("dscl -q localhost -append /Search CSPSearchPath /LDAPv3/ldap.google.com")
os.system("bash -c 'echo -e \"TLS_IDENTITY\tLDAP Client\" >> /etc/openldap/ldap.conf' ")

Was able to fix it by using this:

request.appendData_(NSData.dataWithBytes_length_(str.encode(CONFIG), len(CONFIG)))

Hey @jhaff 

Glad to know that you've been able to made Google Secure LDAP connection successfully on your deployments. 
Here's my situation: I was able to connect our Mac devices with Google's Secure LDAP and able to login to network account (Google credential at the Mac login) but when I created a mobile user account for the same network user I cannot login at the Mac login screen at all. Is there anything you can guide? 

I followed the same instructions in this page 

Working for Monterey as of 10/03/2022:
Working on Ventura as of 04/23/2023
Working on Sonoma 14.2.1 01/25/2024

Step 1: From OSX Terminal type in Python3 (it should ask to install xcode, agree and install)
Step 2: after x code finished visit: https://github.com/macadmins/python and install the latest macadamin python (have to use since apple broke their version around Monterey)
Step 3: from terminal run sudo pip3 install --upgrade pip 
Step 4: from terminal run sudo pip3 install pyobjc-framework-SystemConfiguration
Step 5: from terminal run sudo pip3 install --upgrade pyobjc-framework-SystemConfiguration
Step 6: copy the files you got from google the certificate and what not should be 3 files (ldap.google.com.plist, Ldap_pythong_config.py, and your cert somename.mobileconfig) to the desktop or location you want.
Step 7: from terminal navigate to the directory you put them in.
Step 8: run this from terminal in the folder they are in sudo managed_python3 Ldap_pythong_config.py ldap.google.com.plist
*May need to use: /usr/local/bin/managed_python3 Ldap_python_config.py ldap.google.com.plist
Step 9: from finder go to the Deployable folder and double click on WCOSXLDAP (name.mobileconfig)
Step 10: open System preferences and go to Profiles (Lower Right Corner)
Step 11: install and authenticate certificate
Step 12: go to Users & Groups(lock screen) and click on Login Options, push unlock and change Display login window to Name and password:
Step 12:  reboot (should now be able to login with Google Credentials)

*setup a lock screen message to help inform users how to logon as well as setup startup and shutdown schedule. Use the message below:

Login using your email address (without “@domain.org”) & password. Example: bob@domain.org you would use only bob as the username.

*Make sure there are no spaces before your username.

Here is what our .py file looks like with the modified line 17:

#!/usr/bin/managed_python3
from OpenDirectory import ODNode, ODSession, kODNodeTypeConfigure
from Foundation import NSMutableData, NSData

import os
import sys

# Reading plist
GOOGLELDAPCONFIGFILE = open(sys.argv[1], "r")
CONFIG = GOOGLELDAPCONFIGFILE.read()
GOOGLELDAPCONFIGFILE.close()

# Write the plist
od_session = ODSession.defaultSession()
od_conf_node, err = ODNode.nodeWithSession_type_error_(od_session, kODNodeTypeConfigure, None)
request = NSMutableData.dataWithBytes_length_(b'\x00'*32, 32)
request.appendData_(NSData.dataWithBytes_length_(str.encode(CONFIG), len(CONFIG)))
response, err = od_conf_node.customCall_sendData_error_(99991, request, None)

# Edit the default search path and append the new node to allow for login
os.system("dscl -q localhost -append /Search CSPSearchPath /LDAPv3/ldap.google.com")
os.system("bash -c 'echo -e \"TLS_IDENTITY\tLDAP Client\" >> /etc/openldap/ldap.conf' ")

Hi FluxSine,

Work find the problem I have is when a LDAP user locks the screen he can't unlock it.

Thanks

Are you using Sonoma? if so its a apple bug and annoying. The user needs to press the Command, Option, and Return keys simultaneously

Then they can login as normal. Alternatively we have setup autologoff after 15 minutes so instead of letting them have a lock screen to avoid this issue on Sonoma. If you find an alternate solution let me know. Really wish Apple would address the bug.