Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Version 10.3 or Later
51525354555657585960
Chapter 5 Setting Up Open Directory Services 57
You can configure DHCP service to supply the Open Directory master as an LDAP
server to computers with automatic search policies. Computers with Mac OS X or
Mac OS X Server version 10.2 can have automatic search policies. These computers
don’t have to be configured individually to access the LDAP server. When these
computers start up, they try to get the address of an LDAP server from DHCP service.
You can configure a computer to access the servers LDAP directory and then add the
server’s LDAP directory to the computers custom search policy.
For instructions on configuring DHCP to supply an LDAP server’s address, see the
network services administration guide. For instructions on setting up search policies
and configuring access to specific LDAP directory domains, see Chapter 7, “Managing
Directory Access.”
Setting Up an Open Directory Replica
Using Server Admin, you can set up Mac OS X Server to be a replica of an Open
Directory master so it can provide the same directory information and authentication
information to other systems as the master. The replica server hosts a read-only copy of
the master’s LDAP directory domain. The replica server also hosts a read/write copy of
the authentication database associated with the master directory domain and the
Kerberos Key Distribution Center (KDC).
Open Directory replicas can provide these benefits:
In a wide area network (WAN) of local area networks (LANs) interconnected by slow
links, replicas on the LANs can provide servers and client computers with fast access
to user accounts and other directory information.
A replica provides redundancy. If the Open Directory master fails, computers
connected to it automatically switch to a nearby replica. This automatic failover
behavior is a feature of version 10.3 and later of Mac OS X and Mac OS X Server.
Important: When you set up an Open Directory replica, all the directory and
authentication data must be copied to it from the Open Directory master. Replication
may take several seconds or several minutes depending on the size of the directory
domain. Replication over a slow network link can take a very long time. During
replication, the master cannot provide directory or authentication services. User
accounts in the master LDAP directory can’t be used to log in or authenticate for
services until replication is finished. To minimize the disruption of directory service, set
up a replica before the master LDAP directory is fully populated or at a time of day
when the directory service is not needed. Having another replica already set up will
insulate clients of directory service from the master being unavailable.
LL2352.Book Page 57 Friday, August 22, 2003 3:12 PM