Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Command-Line
31323334353637383940
Important: If you congure Mac OS X to use an automatic authentication search
policy and a DHCP-supplied LDAP server or a DHCP-supplied local directory domain,
you increase the risk of an attacker gaining control of your computer. The risk is higher
if your computer is congured to connect to a wireless network. For more information,
see “Protecting Computers from a Malicious DHCP Server on page 131.
Custom Search Policies
If you don’t want a Mac OS X computer to use the automatic search policy supplied by
DHCP, you can dene a custom search policy for the computer.
For example, a custom search policy could specify that an Active Directory domain
be searched before an Open Directory servers shared directory domain. Users can
congure their computer to log in using their user records from the Active Directory
domain and have their preferences managed by group and computer records from
the Open Directory domain.
A custom search policy generally does not work in multiple network locations or while
not connected to a network because it relies on the availability of specic directory
domains on the network.
If a portable computer is disconnected from its usual network, it no longer has access to
the shared directory domains on its custom search policy. However, the disconnected
computer still has access to its own local directory domain because it is the rst
directory domain on every search policy.
The portable computer user can log in using a user record from the local directory
domain, which can include mobile user accounts. These mirror user accounts from the
shared directory domain that the portable computer accesses when its connected to
its usual network.
Search Policies for Authentication and Contacts
A Mac OS X computer has a search policy for nding authentication information and
it has a separate search policy for nding contact information:
Open Directory uses the authentication search policy to locate and retrieve user Â
authentication information and other administrative data from directory domains.
Open Directory uses the contacts search policy to locate and retrieve name, address, Â
and other contact information from directory domains. Mac OS X Address Book uses
this contact information, and other applications can be programmed to use it as well.
Each search policy can be automatic, custom, or local directory domain only.
36 Chapter 2 Open Directory Search Policies