Overview of Lion Server’s Open Directory - dummies

Overview of Lion Server’s Open Directory

By John Rizzo

Mac OS X Lion Server’s Open Directory uses several technologies: Lightweight Directory Access Protocol (LDAP), Apple’s Password Server (built on the Simple Authentication and Security Layer, or SASL), Kerberos Key Distribution Center (KDC), and managed clients for Mac OS X (MCX).

Briefly, LDAP is a standard communications method for network directories, including Open Directory and Microsoft Active Directory. LDAP is commonly used in mixed networks of Windows, Mac, and Linux/Unix computers.

Kerberos is an authentication technology. Integration with Kerberos gives your users single sign-on: the ability to log in to a network only once, usually at the appropriately named login window of their computers. Your users can then access many different services in an Open Directory domain without having to type any more passwords.

In fact, all the commonly used services in Mac OS X Server are kerberized — they’re compatible with the ticket distribution system used by Kerberos — so users don’t have to provide a password when signing in to access hosted services, such as Apple Mail, iChat, iCal, and shared folders on your network.

Designating Mac OS X Server as an Open Directory master creates an Open Directory domain. The directory domain can be shared to multiple servers and clients. Creating copies of your Open Directory master on other servers increases the speed and reliability of the shared domain.

Open Directory can also access other types of directory domains and the information within them. This includes other LDAP-compatible directories, including Active Directory, as well as Network Information System (NIS), a type of directory service used by some Unix servers.

Open Directory can also access the local directory domains of Mac OS X Server 10.6 or later and in Mac OS X clients. And Open Directory can access BSD Unix flat files, an older but long-used directory service of Unix systems.

Lion Server provides a number of tools. You can use Server Admin to manage the Open Directory service. You can use Workgroup Manager to create and manage accounts — users, groups, machine records, and machine groups. For less technical tasks, the Server app is also an option for managing Open Directory, creating users and groups, and importing user accounts from another directory.