Manualshelf

Hardware manual

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Collaboration Services
31323334353637383940
Chapter 2 Inside Mac OS X Server 31
 In Sun Microsystems Network Information System (NIS) files
Mac OS X Server provides full read/write and Secure Sockets Layer (SSL)
communications support for LDAPv3 directories.
Directory Management
Several Open Directory features help you effectively and efficiently manage your
directory data:
 Automatic LDAP schema replication. You can store LDAP schema in the directory,
letting you add new schema without manually copying configuration files. Changes
are automatically propagated from the Open Directory master to all its replicas.
This feature lets you efficiently propagate administrative policy changes without
manually updating servers on which directory replicas reside.
 Directory access controls. You can store data specifying user access to directory
information in a directory.
 Backing up directory services data. You can back up Open Directory authentication
and LDAP directory data with the click of a button in the Server Admin application.
Search Policies
Before a user can log in to or connect with a Mac OS X client or server, the user must
enter a name and password associated with a user account that the computer can find.
A Mac OS X computer can find user accounts that reside in a directory listed in the
computer’s search policy. A search policy is simply a list of directories the computer
searches when it needs configuration data.
You can configure the search policy of Mac OS X computers on the computers
themselves, using the Directory Access application:
 You can automate Mac OS X client directory setup by using Mac OS X Servers built-in
Dynamic Host Configuration Protocol (DHCP) Option 95 support. With this approach,
a DHCP server identifies the server from which a Mac OS X computer should obtain
directory data at the same time the DHCP server provides an IP address to the client
computer. This approach is intended for use by computers connected directly to a
wired network.
 For mobile computers, frequently used in a wireless environment, trusted directory
access binding is available. Trusted binding offers a way for a client computer to
authenticate to an LDAP server and for the LDAP server to authenticate to the client.
This mutual authentication offers the safest way to set up directory server
connections in a wireless environment.