Search policies for directory domain hierarchies – Apple Mac OS X Server (Administrator’s Guide) User Manual

82

Chapter 2

You can affect an entire network or just a group of computers by choosing which domain to
publish administrative data in. The higher the administrative data resides in a directory
domain hierarchy, the fewer places it needs to be changed as users and system resources
change. Probably the most important aspect of directory services for administrators is
planning directory domains and hierarchies. These should reflect the resources you want to
share, the users you want to share them among, and even the way you want to manage your
directory data.

Search Policies for Directory Domain Hierarchies

In a hierarchy of directory domains, each Mac OS X computer has a search policy that
specifies the order in which Open Directory searches the domains. A search policy, also
known as a search path, is simply a list of directory domains. On a Mac OS X computer, Open
Directory goes down this list of directory domains whenever an application or system
software running on the computer needs administrative data. The list of directory domains
defines the computer’s search policy. The search policy effectively establishes the
computer’s place in the hierarchy.

A computer’s local directory domain is always first on the list. It may be followed by shared
Open Directory domains on Mac OS X Servers and LDAP domains on other servers. It may
also include a set of BSD configuration files that are on the computer.

For example, when someone tries to log in to a Mac OS X computer, Open Directory
searches the computer’s local domain for the user’s record. The local directory domain is
always first on a computer’s search policy.

Graduates

domain

Local domain

Is the user

defined here?