Computerworld - Open Directory, Mac OS X's native directory service, allows users to both manage local accounts and to create shared directory domains hosted by Mac OS X Server. With shared directory domains, administrators can create network accounts that can be used to log into computers and to access server-based resources throughout an organization's network.
Open Directory leverages several powerful technologies, including OpenLDAP and Kerberos, to provide a secure and scalable environment. It provides single-sign on to services within a network, supplies powerful home directory options and sports an extremely comprehensive client management architecture. (For more details about the technologies that constitute Open Directory, see my earlier article: "Understanding Mac OS X Open Directory -- An Introduction to Directory Services in the Mac Environment.")
Despite the complex technologies that make up Open Directory, Apple has made an incredible effort to make the platform easy to set up and manage. While this article isn't a comprehensive manual for designing an Open Directory infrastructure, it is a guide to the basic configuration process.
Creating an Open Directory Master
An Open Directory Master is an organization's primary Open Directory server. It hosts the shared LDAP domain that stores network account information, a Kerberos realm and Open Directory password server for securely authenticating users. Any Mac OS X Server installation can serve as an Open Directory Master, though you will want to use a machine that is sufficiently powered to handle directory service requests. Ideally, for optimum performance and security, an Open Directory Master should not be used to provide other network services. You will also need to ensure that your DNS infrastructure is configured properly and successfully supports forward and reverse lookups.
To create an Open Directory domain and to configure domainwide settings, you will use Mac OS X Server's Server Admin utility. Launch Server Admin, connect to the appropriate server and select "Open Directory" in the "Computers and Services" list (see Figure 1).
Then click the "Settings" button at the lower right of the window to display the "Settings" pane. Choose "Open Directory Master" from the "Roles" dropdown menu. You will be asked to specify a domain administrator account -- this is the first account in the domain that will be given full administrative access to manage the domain and to create additional user accounts. This will be a separate account from the server administrator account, which is a local nonshared account for managing other aspects of the server.
You will also be asked to specify a search base for the domain and a Kerberos realm name.
Figure 1 – Selecting the Open Directory Settings in Server Admin (Click image for larger view)
- Considerations For Effective Software License Management For many reasons, software license management has become a critical issue for many IT organizations and enterprise's alike. With many licensing options, hurdles...
- The Business Value of Continuous Delivery Download this whitepaper to learn more about the business value of Continuous Delivery and see why it could be a game changer for...
- Ten Factors Shaping the Future of Application Delivery Download this research report conducted by Enterprise Management Associates (EMA) to learn how those that are seeking to accelerate application delivery are leveraging...
- Software Asset Management: Ensuring Today's Assets Today's trends like BYOD and SaaS are new and exciting in terms of how they will help make our jobs more productive but...
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success!
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt. All NOSes and Server Software White Papers | Webcasts