So You Want to Be a Mac OS X Server Admin? Understanding the Building Blocks of Open Directory and Mac OS X User Management
- Understanding Open Directory
- What About Older Macs Running Mac OS 9?
- Replication: What to Do When One Server Isnt Enough
- Keeping Passwords and Your Infrastructure Safe and Secure
- The Basics of Setting Up an Open Directory Server
- Getting Practical About Open Directory and User Accounts
- Users in Workgroup Manager: The Mac OS X Server Tool for Account Management
The Basics of Setting Up an Open Directory Server
The easiest way to configure an Open Directory master is with the Server Assistant that runs immediately following a Mac OS X Server installation. After you enter a server’s network identity and configuration, Server Assistant presents a page labeled Directory Usage. This page includes a pop-up menu with options for Standalone Server, Connected to a Directory System, and Open Directory Master. If you select Open Directory Master, you are also presented with the options to configure the server as a Windows domain controller. Server Assistant generates a default search base for the directory domain based on its name (server.company.com would generate a search base of dc=company,dc=com) and establishes the administrator account for the server as the administrator account for the Open Directory domain. It also establishes the default Kerberos realm name based on the server’s domain name (server.company.com would generate a realm of COMPANY.COM because Kerberos realms are conventionally named using the domain name of a network in capital letters). Kerberos is not made active after being configured from Server Assistant if the server will be hosting DNS service for the network. This is because Kerberos and, to a lesser degree, all of Apple’s LDAP implementation is dependent on DNS, and DNS must be configured for Kerberos to run.
Using Server Assistant not only configures the shared LDAP domain, it also prepopulates the LDAP-related information into all other services for you. However, it does not give you options for any LDAP master configuration options. Some advanced options are available within the Server Admin application, whereas others require the use of various command-line tools. More information about these tools and the processes of configuring an Open Directory server and infrastructure (including Open Directory replicas and servers that are part of a domain, but are not Open Directory servers) can be found in Apple’s Mac OS X Server documentation as well as in the books Essential Mac OS X Panther Server Administration, by Michael Bartosh and me, and Mac OS X Server 10.3 Panther: Visual QuickPro Guide, by Schoun Regan and Kevin White.