beautypg.com

Directory services – Apple Mac OS X Server (Administrator’s Guide) User Manual

Page 47

background image

Administering Your Server

47

Directory Services

Directory services let you use a central data repository for user and network information
your server needs to authenticate users and give them access to services. Information about
users (such as their names, passwords, and preferences) as well as printers and other
resources on the network is consolidated rather than distributed to each computer on the
network, simplifying the administrator’s tasks of directory domain setup and maintenance.

Open Directory

On Mac OS X computers, the directory services are collectively referred to as Open
Directory. Open Directory acts as an intermediary between directory domains that store
information and Mac OS X processes that need the information.

Open Directory supports a wide variety of directory domains, letting you store your directory
information on Mac OS X Server or on a server you already have set up for this purpose:

m You can define and manage information in directory domains that reside on Mac OS X

Server. Open Directory supports both NetInfo and LDAPv3 protocols and gives you
complete control over directory data creation and management.

m Mac OS X Server can also retrieve directory data from LDAP and Active Directory servers

and BSD configuration files you’ve already set up. Your server provides full read/write and
SSL communications support for LDAPv3 directory domains.

Chapter 2, “Directory Services,” provides complete information about all the Open Directory
options, including instructions for how to create Mac OS X–resident directory domains and
how to configure your server and your clients to access directory domains of all kinds.
Chapter 3, “Users and Groups,” describes how to work with user and group accounts stored
in Open Directory domains.

Password Validation

Open Directory gives you several options for validating a user’s password:

m Using a value stored as a readable attribute in the user’s account.

m Using a value stored in the Open Directory Password Server. This strategy lets you set up

user-specific password policies for users. For example, you can require a user to change
his password periodically or use only passwords having more than a minimum number
of characters.

Password Server supports a wide range of client authentication protocols.

m Using a Kerberos server.

m Using LDAP bind authentication with a non-Apple LDAPv3 directory server.

“Understanding Password Validation” on page 189 provides more information about these
options and tells you how to implement them.

This manual is related to the following products:
See also other documents in the category Apple Software: