Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Version 10.3 or Later
21222324252627282930
Chapter 1 Directory Service Concepts 21
Inside a Directory Domain
Information in a directory domain is organized into record types, which are specific
categories of records, such as users, computers, and mounts. For each record type, a
directory domain may contain any number of records. Each record is a collection of
attributes, and each attribute has one or more values. If you think of each record type
as a spreadsheet that contains a category of information, then records are like the rows
of the spreadsheet, attributes are like spreadsheet columns, and each spreadsheet cell
contains one or more values.
For example, when you define a user by using Workgroup Manager, you are creating a
user record (a record of the user’s record type). The settings that you configure for the
user—short name, full name, home directory location, and so on—become values of
attributes in the user record. The user record and the values of its attributes reside in a
directory domain.
In some directory services, such as LDAP and Active Directory, record types are called
object classes or simply classes, and records are called objects. Each class (record type) is
a set of rules that define similar objects (records) by specifying certain attributes that
each object must have and certain other attributes that each object may have. For
example, the inetOrgPerson class defines objects that contain user attributes. The
inetOrgPerson class is a standard LDAP class defined by RFC 2798. Other standard LDAP
classes and attributes are defined by RFC 2307.
A collection of attributes and record types or object classes provides a blueprint for the
information in a directory domain. This blueprint is called the schema of the directory
domain.
Local and Shared Directory Domains
Where you store your server’s user information and other administrative data is
determined by whether the data needs to be shared. This information may be stored in
the server’s local directory domain or in a shared directory domain.
About the Local Directory Domain
Every Mac OS X computer has a local directory domain. A local domains administrative
data is visible only to applications and system software running on the computer
where the domain resides. It is the first domain consulted when a user logs in or
performs some other operation that requires data stored in a directory domain.
When the user logs in to a Mac OS X computer, Open Directory searches the
computer’s local directory domain for the users record. If the local directory domain
contains the user’s record (and the user typed the correct password), the login process
proceeds and the user gets access to the computer.
LL2352.Book Page 21 Friday, August 22, 2003 3:12 PM