Online Test Banks
Score higher
See Online Test Banks
Learning anything is easy
Browse Online Courses
Mobile Apps
Learning on the go
Explore Mobile Apps
Dummies Store
Shop for books and more
Start Shopping

How LDAP is Used for Authentication and Authorization in Lion Server

In most modern network directories such as Mac OS X Lion Server, LDAP (Lightweight Directory Access Protocol) defines how clients communicate with the directory over TCP/IP networks. Computers use LDAP to read and edit information in LDAP-compatible directories. (The LDAP Data Interchange Format, LDIF defines how data is stored in the LDAP database.)

The LDAP search base tells the client where to start looking for data within the directory — usually account information.

LDAP also has a role to play with the Password Server database. When you authenticate against a shared directory in Mac OS X Server, you’re telling LDAP who you are, but Password Server checks your password to verify your identity. Kerberos authentication does not use the Password Server.

Authentication proves who you are with your username and password credentials. Authorization is what you can do after authentication, such as accessing file sharing or viewing your e-mail inbox. Kerberos is an authentication protocol. LDAP can be used for both authentication and authorization.

The other directories that Open Directory is compatible with are also LDAP-compatible directories. These include Active Directory, eDirectory, and others.

blog comments powered by Disqus

Inside Sweepstakes

Win $500. Easy.