Computerworld - Open Directory, Mac OS X's native directory service, allows users to both manage local accounts and to create shared directory domains hosted by Mac OS X Server. With shared directory domains, administrators can create network accounts that can be used to log into computers and to access server-based resources throughout an organization's network.
Open Directory leverages several powerful technologies, including OpenLDAP and Kerberos, to provide a secure and scalable environment. It provides single-sign on to services within a network, supplies powerful home directory options and sports an extremely comprehensive client management architecture. (For more details about the technologies that constitute Open Directory, see my earlier article: "Understanding Mac OS X Open Directory -- An Introduction to Directory Services in the Mac Environment.")
Despite the complex technologies that make up Open Directory, Apple has made an incredible effort to make the platform easy to set up and manage. While this article isn't a comprehensive manual for designing an Open Directory infrastructure, it is a guide to the basic configuration process.
Creating an Open Directory Master
An Open Directory Master is an organization's primary Open Directory server. It hosts the shared LDAP domain that stores network account information, a Kerberos realm and Open Directory password server for securely authenticating users. Any Mac OS X Server installation can serve as an Open Directory Master, though you will want to use a machine that is sufficiently powered to handle directory service requests. Ideally, for optimum performance and security, an Open Directory Master should not be used to provide other network services. You will also need to ensure that your DNS infrastructure is configured properly and successfully supports forward and reverse lookups.
To create an Open Directory domain and to configure domainwide settings, you will use Mac OS X Server's Server Admin utility. Launch Server Admin, connect to the appropriate server and select "Open Directory" in the "Computers and Services" list (see Figure 1).
Then click the "Settings" button at the lower right of the window to display the "Settings" pane. Choose "Open Directory Master" from the "Roles" dropdown menu. You will be asked to specify a domain administrator account -- this is the first account in the domain that will be given full administrative access to manage the domain and to create additional user accounts. This will be a separate account from the server administrator account, which is a local nonshared account for managing other aspects of the server.
You will also be asked to specify a search base for the domain and a Kerberos realm name.
Figure 1 – Selecting the Open Directory Settings in Server Admin (Click image for larger view)
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- How WAN Optimization Helps Enterprises Reduce Costs If you wanted to break down innovation into a tidy equation, it might go something like this: Technology + Connectivity = Productivity. Productivity...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All NOSes and Server Software White Papers | Webcasts