Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Command-Line
81828384858687888990
Chapter 5 Setting Up Open Directory Services 87
Setting Up an Open Directory Replica
Using Server Admin, you can set up Mac OS X Server to be a replica of an Open
Directory master so it can provide the same directory information and authentication
information to other systems as the master.
The replica server hosts a read-only copy of the master’s LDAP directory domain. The
replica server also hosts a read/write copy of the Open Directory Password Server and
the Kerberos Key Distribution Center (KDC).
Open Directory replicas provide these benets:
In a wide area network (WAN) of local area networks (LANs) interconnected by slow Â
links, replicas on the LANs provide servers and client computers with fast access to
user accounts and other directory information.
A replica provides redundancy. If the Open Directory master fails, computers Â
connected to it switch to a nearby replica. This automatic failover behavior is a
feature of Mac OS X and Mac OS X Server v10.4 and 10.5 or later.
Note: If your network has a mix of Mac OS X Server versions 10.4 and 10.5 or later, one
version can’t be a replica of a master of the other version. An Open Directory master
of v10.5 or later won’t replicate to Mac OS X Server v10.4, nor will an Open Directory
master of Mac OS X Server v10.4 replicate to Mac OS X Server v10.5 or later.
When you set up an Open Directory replica, all directory and authentication data must
be copied to it from the Open Directory master. Replication can take several seconds
or several minutes, depending on the size of the directory domain. Replication over a
slow network link can take a long time.
During replication, the master cannot provide directory or authentication services.
You can’t use user accounts in the master LDAP directory to log in or authenticate for
services until replication is nished.
To minimize the disruption of directory service, set up a replica before the master
LDAP directory is fully populated or at a time of day when the directory service is not
needed. Having another replica set up will insulate clients of directory service from
problems if the master becomes unavailable.
If you change a Mac OS X Server computer that was connected to another directory
system to be an Open Directory replica, the server remains connected to the other
directory system. The server searches for user records and other information in its
shared LDAP directory domain before searching in other directory systems it is
connected to.