Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Version 10.3 or Later
51525354555657585960
Chapter 5 Setting Up Open Directory Services 59
You can configure Mac OS X computers to connect to an Open Directory replica
instead of the Open Directory master for directory and authentication services. On each
Mac OS X computer, you can use Directory Access to create an LDAPv3 configuration
for accessing the replicas LDAP directory and set up a custom search policy that
includes this LDAPv3 configuration. You can also configure a DHCP service to supply
the replicas LDAP directory to Mac OS X computers that get the address of an LDAP
server from the DHCP service. See “Accessing LDAP Directories on page 90 and
“Defining Automatic Search Policies” on page 88. See the network services
administration guide for instructions on setting up DHCP service to supply an LDAP
server’s address.
The Open Directory master automatically updates the replica. You can configure the
master to update its replicas at a specific interval or whenever the master directory
changes. For instructions, see “Setting the Replication Frequency of an Open Directory
Master on page 64.
Setting Up Open Directory Failover
If an Open Directory master or any of its replicas become unavailable, its client
computers with Mac OS X version 10.3 or Mac OS X Server version 10.3 will
automatically find an available replica and connect to it.
Replicas only allow clients to read directory information. Directory information on a
replica can’t be modified with administration tools such as Workgroup Manager.
Users whose password type is Open Directory can change their passwords on
computers that are connected to Open Directory replicas. The replicas automatically
synchronize password changes with the master. If the master is unavailable for a while,
the replicas synchronize password changes with the master when it becomes available
again.
If an Open Directory master or replica becomes unavailable and it has client computers
with version 10.2 or earlier of Mac OS X or Mac OS X Server, these client computers
must be reconfigured manually to connect to an available replica. You can use
Directory Access to create an LDAPv3 configuration that specifies how the computer
accesses an available replica. For instructions, see “Accessing LDAP Directories” on
page 90.
LL2352.Book Page 59 Friday, August 22, 2003 3:12 PM