العربية
中国
Français
Deutsch
Ελληνική
हिन्दी
Italiano
日本語
Português
Русский
EspañolAPPLE OPEN DIRECTORY
Directory Access
'Open Directory' is the directory service model used by Mac OS X and Mac OS X Server. In the context of Mac OS X Server, ''Open Directory'' describes a shared LDAPv3 directory domain based on OpenLDAP and a corresponding authentication model comprised of Apple Password Server and Kerberos 5. The term ''Open Directory'' can also be used to describe the entire Directory Services framework used by Mac OS X and Mac OS X Server. In this context, it describes the role of a Mac OS X or Mac OS X Server system when it is connected an existing directory domain.
| Contents |
| Implementation in Mac OS X Server |
| Directory Services Framework |
| History |
| See also |
| External links |
| References |
Implementation in Mac OS X Server
Mac OS X Server can host an ''Open Directory domain'' when configured as an ''Open Directory Master''. In addition to its local directory, this OpenLDAP-based LDAPv3 domain is designed to store centralized management data, user, group, and computer accounts, which other systems can access. The directory domain is paired with the ''Open Directory Password Server'' and, optionally, a Kerberos realm. Either provides an authentication model and stores password information outside of the directory domain itself.[1]
For Kerberos authentication, the Kerberos realm can either be hosted by a Kerberos key distribution center (KDC) running on the server system, or the server can participate in an existing Kerberos realm.
For services that are not Kerberized, the Password Server provides the following Simple Authentication and Security Layer-based authentication methods:[2]
★ APOP
★ CRAM-MD5
★ Diffie-Hellman key exchange
★ Digest-MD5
★ MS-CHAPv2
★ NTLM v1 and v2
★ Lan Manager
★ WebDAV-Digest
Any Mac OS X Server system configured as an Open Directory Master can act as a Windows Primary Domain Controller (PDC), providing domain authentication services to Windows clients.[3]
Directory Services Framework
In a more general sense, Open Directory can describe the plugins model used by Directory Access and the directory services framework in Mac OS X and Mac OS X Server. When ''connected to a directory system'', a Mac OS X client or Server can authenticate users, lookup contacts, perform service discovery and name resolution with the following types of directories[4]:
★ Authentication & Contacts
★
★ Microsoft Active Directory
★
★ LDAPv3, including an Open Directory domain or RFC 2307-compliant system
★
★ Apple/NeXT NetInfo domains
★
★ BSD flat files and NIS
★ Service Discovery & Name Resolution
★
★ AppleTalk
★
★ Windows (NetBIOS and WINS)
★
★ Service Location Protocol (SLP)
★
★ Multicast DNS (Bonjour/Zeroconf)
History
Mac OS X Server 10.4 includes Open Directory 3, which introduced Active Directory domain member support, trusted directory binding, and increased robustness[5]. The forthcoming Mac OS X Server 10.5 will feature Open Directory 4 with support for cross-domain authorization and a built-in RADIUS server for managing AirPort base stations[6].
Open Directory began with Mac OS X Server 10.2. In this initial form, Open Directory consisted of a network-visible NetInfo directory domain and a corresponding Authentication Manager service for storing passwords outside of the directory. Version 10.2 also included support for Kerberos[7]. Mac OS X versions 10.1 and 10.0 stored user password information within the directory domain using crypt password authentication authorities, but version 10.2 paved the way for the current Shadow Hash and Password Server mechanisms[8]. Password Server is the successor to Authentication Manager, and was introduced in Open Directory 2 in Mac OS X Server 10.3. Open Directory 2 was also the first version to use LDAPv3 as the directory domain.
See also
★ List of LDAP software
External links
★ Apple's Open Directory Page
★ Open Directory Manual (PDF)
★ How To Set Up Open Directory
References
1. Mac OS X Server: Open Directory Administration, page 40
2. Mac OS X Server: Open Directory Administration, page 50
3. Server Admin 10.4 Help: Setting Up a Server as a Primary Domain Controller
4. Mac OS X Server: Open Directory Administration, chapter 7
5. Apple - Mac OS X Server - Open Directory
6. Apple - Mac OS X Server - Leopard Sneak Peek - New Features
7. Apple - Mac OS X Server 10.2: How to Integrate Services With Kerberos
8. Mac OS X Server: Open Directory Administration, page 41
This article provided by Wikipedia. To edit the contents of this article, click here for original source.
psst.. try this: add to faves
Featured Companies
| Dancing Moon Travel | |
| Selloffvacations.com Oakville |
Newest Companies
Apple Open Directory Travel Deals
