Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Version 10.3 or Later
41424344454647484950
50 Chapter 4 Open Directory Planning
Replication introduces a minimal increase in security risk. The replicated LDAP directory
data has no access controls to restrict reading it, so anyone on the network can
download the entire directory irrespective of replication. The password data is securely
replicated using random keys negotiated during each replication session. The
authentication portion of replication traffic—the Open Directory Password Server and
the Kerberos KDC—is fully encrypted. For extra security, you could configure network
connections between the Open Directory servers to use network switches rather than
hubs. This configuration would isolate authentication replication traffic to trusted
network segments.
Tools for Managing Open Directory Services
The Server Admin, Directory Access, and Workgroup Manager applications provide a
graphical interface for managing Open Directory services in Mac OS X Server. In
addition, you can manage Open Directory services from the command line by using
Terminal. If your network includes legacy NetInfo domains, you can manage them with
the Inspector in Workgroup Manager. (You could also use NetInfo Manager.)
All these applications are included with Mac OS X Server and can be installed on
another computer with Mac OS X version 10.3 or later, making that computer an
administrator computer. For more information on setting up an administrator
computer, see the server administration chapter of the getting started guide.
Server Admin
You use Server Admin to:
Set up Mac OS X Server as an Open Directory master, an Open Directory replica, a
server that’s connected to a directory system, or a standalone server with only a local
directory. For instructions, see Chapter 5, “Setting Up Open Directory Services.”
Set up additional Mac OS X Server systems to use the Kerberos KDC of an Open
Directory master or replica. For instructions, see Chapter 5.
Migrate an upgraded servers shared directory domain from NetInfo to LDAP. For
instructions, see Chapter 5.
Configure LDAP options on an Open Directory master. For instructions, see
Chapter 5.
Configure DHCP service to supply an LDAP server address to Mac OS X computers
with automatic search policies. For instructions, see the DHCP chapter of the network
services administration guide.
Set up password policies that apply to all users who don’t have overriding individual
password policies. For instructions, see Chapter 6, “Managing User Authentication.”
(To set up individual password policies, use Workgroup Manager; see Chapter 6.)
Monitor Open Directory services. For instructions, see Chapter 8, “Maintenance and
Problem Solving.”
LL2352.Book Page 50 Friday, August 22, 2003 3:12 PM