Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Version 10.3 or Later
61626364656667686970
Chapter 5 Setting Up Open Directory Services 67
Migration to LDAP does not change how user passwords are validated except for
passwords validated by Authentication Manager. Passwords that were validated by a
Password Server continue to be validated by the same Password Server. If any user
accounts in the NetInfo domain used Authentication Manager for password validation,
the migration process converts them to have a password type of Open Directory. Of
course, an administrator can change the password type of any migrated user account
to Open Directory so that the user account can take advantage of single signon and
Kerberos authentication.
Important: Do not click the Disable NetInfo button by accident. Clicking Disable
NetInfo immediately disables NetInfo access to the directory domain. You can’t undo
this change. After disabling NetInfo, all computers that need to connect to the
directory domain must be configured to do so using LDAP.
To migrate a server’s shared directory domain from NetInfo to LDAP:
1 Open Server Admin and select Open Directory for an Open Directory master server in
the Computers & Services list.
2 Click Settings (near the bottom of the window), then click Protocols (near the top).
3 Choose NetInfo Migration from the Configure pop-up menu.
4 Click Migrate and set the migration options.
Administrator short name: The short name of an administrator account in the servers
local directory domain that you want to have copied to the migrated LDAP directory.
This account will be an administrator of the LDAP directory domain.
Administrator password: The password for the administrator account whose short
name you entered.
Kerberos realm name: By convention, the Kerberos realm name is the same as the
server’s DNS name but in all uppercase letters. For example, a server whose DNS name
is example.com would have a Kerberos realm name of EXAMPLE.COM.
Search base (optional): The search base suffix for the migrated LDAP directory.
Typically, the search base suffix is derived from the servers DNS name. For example, the
search base suffix could be dc=example, dc=com for a server whose DNS name is
server.example.com.
Switch existing NetInfo clients to LDAP: Enables client computers with Mac OS X or
Mac OS X Server version 10.3 to automatically reconfigure themselves to access the
migrated directory domain using LDAP instead of NetInfo.
Shut down NetInfo Server at 2:00 am on __: Enter a date when you want to end
NetInfo access to the migrated directory domain. After NetInfo is disabled, all
computers must use LDAP to access the migrated directory domain.
5 Click OK to begin migration.
The migration process can take a while.
LL2352.Book Page 67 Friday, August 22, 2003 3:12 PM