Manualshelf

Setup guide

ManualsBrandsApple ManualsNetwork CardMac OS X Server
41424344454647484950
4.5.1 Configure Role
The Open Directory service can act in one of four different roles: Standalone Server,
Open Directory Master, Connected to a Directory System, and Open Directory
Replica. A Mac OS X Server system that does not participate in a directory domain
(and only authenticates users using its own local directory) should have its role set to
Standalone Server so that it does not engage in unnecessary network
communications. Using the other roles depend on the system’s place in the overall
network and directory structure. To configure the Open Directory Role:
1. Open Server Admin
2. Click Open Directory in the list for the server you want.
3. Click on the Settings tab.
4. If the role is set to Open Directory Master:
a. Make sure that only legitimate replicas are listed.
b. Replicating to clients whenever the directory is modified is
recommended.
5. If the role is set to Open Directory Replica, make sure that the intended
Master is set.
6. If the role is set to Connected to a Directory System, make sure that the
system has joined the appropriate Kerberos realm.
4.5.2 Configure Protocols
The Open Directory Master and Open Directory Replica roles involve the Open
Directory service communicating LDAP information over the network, and these
communications should be protected by SSL. After following the instructions of the
earlier section “Creating an SSL Certificate for LDAP Services,” the required files
should be on your own CA. If they were purchased from a commercial CA, the
following instructions will apply. From the Open Directory panel in Server Admin,
do the following to ready the Open Directory service for SSL:
1. Click on the Settings tab.
2. Click the Protocols button at the top of the pane.
3. At the “Configure:” pop-up menu, choose LDAP settings. Using NetInfo is
not recommended.
4. Make sure the “Search base” and “Database” text fields are correct for your
site.
5. Place a check in the box for “Use SSL.”
6. Certificates and key files need to be specified to support SSL. If you’re
using a certificate from a commercial Certificate Authority, follow their
instructions for handling these files. If you are using self-signed
39
UNCLASSIFIED