beautypg.com

Before you begin, Before you begin 70 – Apple Mac OS X Server (version 10.2.3 or later) User Manual

Page 70

background image

70

Chapter 2

Before You Begin

Before setting up directory services for the first time:

m Understand why clients need directory data, as discussed in the first several sections of

this chapter.

m Assess your server access requirements.

Identify which users need to access your Mac OS X Servers.

Users whose information can be managed most easily on a server should be defined in a
shared Open Directory domain on a Mac OS X Server. Some of these users may instead be
defined in Active Directory domains or LDAP domains on other servers.

These concepts are discussed in “Local and Shared Directory Domains” on page 50 and
“Directory Domain Hierarchies” on page 54.

m Understand search policies, as described in “Search Policies for Directory Domain

Hierarchies” on page 58.

m Design the hierarchy of shared directory domains.

Determine whether user information should be stored in a local directory domain or in a
directory domain that can be shared among servers. Design your directory domain
hierarchy, identifying the shared and local domains you want to use, the servers on which
the shared domains should reside, and the relationships between shared domains. In
general, try to limit the number of users associated with any directory domain to no more
than 10,000.

“Directory Domain Planning” on page 61 provides some guidelines that will help you
decide what your directory domain hierarchy should look like.

m Assess your authentication needs.

Decide whether to use an Open Directory Password Server. Keep in mind that you must
have a Password Server to enforce password policies or to authenticate Windows
computer users for Windows services in a Mac OS X Server. Decide which Mac OS X
Server will host the Password Server. These concepts are discussed in “Open Directory
Password Server” on page 63.

m Consider the best equipment and location for your servers.

Choose computers and locations that are reliable and accessible.

If possible, use a dedicated Mac OS X Server for directory services.

Make the server physically secure. It shouldn’t have a keyboard or monitor, especially if it
hosts a Password Server.

m Pick server administrators very carefully. Give only trusted people administrator

passwords.

Have as few administrators as possible. Don’t delegate administrator access for minor
tasks, such as changing settings in a user record.

LL0395.Book Page 70 Wednesday, November 20, 2002 11:44 AM

See also other documents in the category Apple Software: