Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Command-Line
61626364656667686970
Using an Open Directory Master, Replica, or Relay with NAT
If your network has an Open Directory server on the private network side of a network
address translation (NAT) router (or gateway), including the NAT router of Mac OS X
Server, only computers on the private network side of the NAT router can connect to
the Open Directory servers LDAP directory domain.
Computers on the public network side of the NAT router can’t connect to the
LDAP directory domain of an Open Directory master or replica that’s on the private
network side.
If an Open Directory server is on the public network side of a NAT router, computers
on the private network and the public network sides of the NAT router can connect to
the Open Directory servers LDAP directory.
If your network supports mobile clients such as MacBooks that will move between
the private LAN of your NAT gateway and the Internet, you can set up VPN service for
mobile users so they can use VPN to connect to the private network and the Open
Directory domain.
Open Directory Master and Replica Compatibility
The Open Directory master and its replicas must use the same version of Mac OS X
Server. In addition:
An Open Directory master using Mac OS X Server v10.5 or later won’t replicate to Â
Mac OS X Server v10.4.
Mac OS X Server v10.5 or later can’t be a replica of an Open Directory master using Â
Mac OS X Server v10.4.
An Open Directory master using Mac OS X Server v10.5 can replicate to an Open Â
Directory replica using Mac OS X Server v10.5.
If you have an Open Directory master and replicas that use Mac OS X Server v10.4,
upgrade them to v10.5 or later at the same time. First, upgrade the master; then,
upgrade the replicas. Clients of the master and replicas will continue to receive
directory and authentication services during the upgrade.
While you are upgrading the master, its clients will fail over to the nearest replica.
When you upgrade replicas one at a time, clients will fail back to the upgraded master.
Upgrading an Open Directory master from Mac OS X Server v10.4 to v10.5 or later will
sever ties to existing replicas. After upgrading each Open Directory replica to Mac OS X
Server v10.5 or later, it will be a standalone directory service and you’ll need to make it
a replica again.
For more information about upgrading to Mac OS X Server v10.6, see Upgrading
and Migrating.
64 Chapter 4 Open Directory Planning and Management Tools