How to Manage User Groups with Lion Server Workgroup Manager
Overview of Lion Server’s Open Directory
How to Create an Open Directory Master with Lion’s Server App

How LDAP is Used for Authentication and Authorization in Lion Server

In most modern network directories such as Mac OS X Lion Server, LDAP (Lightweight Directory Access Protocol) defines how clients communicate with the directory over TCP/IP networks. Computers use LDAP to read and edit information in LDAP-compatible directories. (The LDAP Data Interchange Format, LDIF defines how data is stored in the LDAP database.)

The LDAP search base tells the client where to start looking for data within the directory — usually account information.

LDAP also has a role to play with the Password Server database. When you authenticate against a shared directory in Mac OS X Server, you’re telling LDAP who you are, but Password Server checks your password to verify your identity. Kerberos authentication does not use the Password Server.

Authentication proves who you are with your username and password credentials. Authorization is what you can do after authentication, such as accessing file sharing or viewing your e-mail inbox. Kerberos is an authentication protocol. LDAP can be used for both authentication and authorization.

The other directories that Open Directory is compatible with are also LDAP-compatible directories. These include Active Directory, eDirectory, and others.

blog comments powered by Disqus
Lion Server’s Role in an Open Directory Deployment
How to Bind Windows Clients to a Shared Domain in Lion Server
How to Bind Lion Clients and Servers to Directories
DNS Settings to Integrate Lion Server in Active Directory
How to Create an Open Directory Replica Servers Using Lion’s Server Admin