How-to: Understanding Mac OS X Open Directory

Computerworld - Directory services are a critical component of any enterprise environment. These services provide a database for central account management for both user and computer, as well as a framework for sharing that information among workstations and servers. Mac OS X's native directory service is called Open Directory.

Every Mac OS X computer includes a local Open Directory database -- referred to as a domain -- that stores information about local user accounts. This local domain allows each user to have a computing experience and home directory, and the local domain works with the file system to manage permissions on files and folders. Mac OS X Server relies on shared Open Directory domains to provide network user accounts that can be used to log into computers that are bound to a shared domain. The shared domain can also allow users to access resources on other servers that are bound to the domain. Shared domains also allow systems administrators to define custom user environments.

Open Directory is a multipart architecture that performs the basic functions of any directory service in addition to providing mechanisms for accessing non-native directory services platforms such as Microsoft Corp.'s Active Directory and Unix Network Information Service servers. It also has components that manage Mac OS X's access to self-discovering network protocols including Apple Computer Inc.'s Bonjour, Microsoft Corp.'s Server Message Block/Common Internet File System and the open standard Service Location Protocol. When discussing Open Directory, however, the phrase typically refers to its function as Mac OS X's native directory service.

NetInfo -- The local Open Directory domain

Each Mac OS X computer, including Mac OS X Server, has a local Open Directory domain. This domain stores all information about local users as well as information about the machine itself. The local domain for Mac OS X is a NetInfo domain. NetInfo is a proprietary directory service originally developed by NeXT Computer Inc. that originally served as Mac OS X's native directory service. As Mac OS X Server evolved, Apple replaced NetInfo with a service based on the Lightweight Directory Access Protocol (LDAP) that is often referred to as simply Open Directory.

There is little administration that needs to be done with the local NetInfo domain on Mac OS X computers. However, it is important to understand that the local domain is always the first source in which a Mac OS X computer will look for user information. It is also important to know that the local domain is visible in Mac OS X Server's Workgroup Manager; this