Considerations for Implementation of Lion Server’s Open Directory
Whether you use a detailed Gantt chart or just a quick sketch on a cocktail napkin, start your Open Directory deployment in Lion Server with a plan. Here are some considerations to ponder prior to your deployment:
How many servers do you need? For a small domain of ten or so users, you could have just one server, but consider a second for larger networks. A minimum of two Open Directory servers provides you with redundancy and failover — the ability to switch automatically to a second server in the event something goes wrong with the first.
Two Open Directory servers can take you quite far. Apple states that Open Directory’s technical limitations are
LDAP records: 200,000
Simultaneous client connections: 1,000
Each client may open multiple connections to an Open Directory server during the initial login and when requesting additional authentication. However, a two-server Open Directory deployment handily manages several hundred clients in a local network.
Are you accounting for physical security? The directory servers in your shared domain contain sensitive information, such as user passwords and permissions. Treat your Open Directory servers with the same care and caution as any of the other important data on your network.
Who will have responsibility for domain maintenance and backups? When you specify an administrator to primarily manage your domain, you likely reduce mistakes and complications that result from things like ill-timed software updates and improperly made backups.