Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Command-Line
121122123124125126127128129130
The authentication and contacts search policies can have one of the following
settings:
 Automatic: Starts with the local directory domain and can include an LDAP directory
supplied by DHCP and directory domains that the computer is connected to. This
is the default setting for Mac OS X v10.2 or later and oers the most exibility for
mobile computers.
 Local directory: Includes only the local directory domain.
 Custom path: Starts with the local directory domain and includes your choice
of LDAP directories, an Active Directory domain, shared directory domains, BSD
conguration les, and an NIS domain.
The /BSD/local folder is always included in the search path, and is always grayed out.
Important: If you congure Mac OS X to use an automatic authentication search policy
and a DHCP-supplied LDAP server, you increase the risk of a malicious user gaining
control of your computer. The risk is even higher if your computer is congured to
connect to a wireless network. For more information, see Protecting Computers from a
Malicious DHCP Server on page 131.
For task descriptions and instructions, see:
 Dening Automatic Search Policies” on page 12 8
 Dening Custom Search Policies” on page 129
 Dening Local Directory Search Policies on page 13 0
 Waiting for a Search Policy Change to Take Eect on page 131
Dening Automatic Search Policies
Using Directory Utility, you can congure a Mac OS X computers authentication and
contacts search policies to be dened automatically.
An automatically dened search policy includes the local directory domain. It can also
include an LDAP directory server specied by the DHCP service.
This is the default conguration for the authentication and contacts search policies.
Note: Some applications, such as Mac OS X Mail and Address Book, can access LDAP
directories directly, without using Open Directory. To set up one of these applications to
access LDAP directories directly, open the application and set the correct preference.
Important: If you congure Mac OS X to use an automatic authentication search
policy and a DHCP-supplied LDAP server or a DHCP-supplied shared directory domain,
you increase the risk of a malicious user gaining control of your computer. The risk is
even higher if your computer is congured to connect to a wireless network. For more
information, see “Protecting Computers from a Malicious DHCP Server on page 131.
12 8 Chapter 8 Advanced Directory Client Settings