Search policies for directory domain hierarchies – Apple Mac OS X Server (version 10.2.3 or later) User Manual

58

Chapter 2

You can affect an entire network or just a group of computers by choosing the domain in
which to publish administrative data. The higher the administrative data resides in a
directory domain hierarchy, the fewer places it needs to be changed as users and system
resources change. Probably the most important aspect of directory services for
administrators is planning directory domains and hierarchies. These should reflect the
resources you want to share, the users you want to share them among, and even the way you
want to manage your directory data.

Search Policies for Directory Domain Hierarchies

Each Mac OS X computer has a search policy that specifies the order in which Open
Directory searches directory domains. A search policy, also known as a search path, is simply
a list of directory domains. On a Mac OS X computer, Open Directory goes down this list of
directory domains whenever an application or system software running on the computer
needs administrative data. The list of directory domains defines the computer’s search
policy. The search policy effectively establishes the computer’s place in the hierarchy.

A computer’s local directory domain is always first on the list. It may be followed by shared
Open Directory domains on Mac OS X Servers and LDAP domains on other servers. It may
also include a set of BSD configuration files that are on the computer.

For example, when someone tries to log in to a Mac OS X computer, Open Directory
searches the computer’s local domain for the user’s record. The local directory domain is
always first on a computer’s search policy.

Graduates

domain

Local domain

Is the user

defined here?

LL0395.Book Page 58 Wednesday, November 20, 2002 11:44 AM