Specifications
The Active Directory server manages authentication requests while the Open Directory
server manages preference and policy settings of client computers.
All services of your Open Directory servers can be Kerberized through the Kerberos
realm of the Active Directory server. Client computers are connected to the Active
Directory and Open Directory servers.
For general information about conguring a magic triangle using an Active Directory
and Open Directory server, see “Magic Triangle General Setup Overview” on page 103.
Integrating with Augment Records
If you integrate with an existing directory domain using a magic triangle, you
can augment user records from the primary directory domain to the secondary
directory domain.
When you augment user records from a primary directory domain to a secondary
directory domain, you can add additional data to these records. These user records
are labeled as augmented in Workgroup Manager. The augmented record information
is used by the secondary directory domain and is not viewable from the primary
directory domain server where the original records reside.
For example, if you congure a magic triangle with an Active Directory server as
the primary server and an Open Directory server as the secondary server, you can
augment user records from the Active Directory server to the Open Directory
server. After you augment these records you can add information, such as setting
a login picture.
Augments do not aect the original user record. Augments provide additional
information specic to the directory domain the augment user logs in to. By keeping
the users in the Active Directory domain and augmenting them into the Open
Directory domain, users can use Mac OS X Server-specic features. Also, it prevents
users from needing two passwords or accounts.
For more information about augmenting user records on Mac OS X Server,
see User Management.
68 Chapter 4 Open Directory Planning and Management Tools