Configuring Network Directory
Services
In addition to configuring discovery service
protocols, the Directory Access utility is also used to configure
directory service options. You select which directory service
methods to use and the configuration options for each service.
Although Mac OS X includes support for several different networked
directory services, this lesson will focus on how to configure the
two most common types of directory services: LDAP and Active
Directory.
Configuring LDAP in Mac OS X
As mentioned earlier, LDAP is the
industry-standard method for communicating directory information
over a network. Unfortunately, there is much variation in the
organization of that information. The configuration options range
from very easy to very difficult.
Automatically Configuring with
DHCP
DHCP gives system administrators a standardized
way to distribute LDAP information to client computers when they
request an IP address. In fact, if your site is using Mac OS X
Server to provide DHCP services, the default setting is to
distribute LDAP binding information to DHCP clients. For this
reason, it is possible to find and use a directory server on a
newly installed computer without any additional configuration.
Manually Configuring for Specific
Directory Servers
If your site doesn't use DHCP to distribute LDAP
information, you'll have to add some information so that the client
can find and use the directory information. The information you'll
need to get from your administrator includes:
-
The address of the LDAP server
-
The type of server you are connecting to: Open
Directory (for Mac OS X Server), RFC 2307 (for many UNIX servers),
or Active Directory
Normally, for Active Directory servers you'll
want to use the Active Directory plug-in, as explained later in
this lesson.
-
The search base of the LDAP server
The search base is a string of text that will be
different for every site. It should look something like
dc=pretendco, dc=com.
Manually Configuring for Custom
Directory Server
This is an advanced configuration, which will
not be covered in this book. It allows a very flexible but complex
configuration that would enable you to work with a customized LDAP
server. This configuration is covered by the Apple Certified System
Administrator classes.
Finally, after you have configured Mac OS X to
use your LDAP server, you need to tell Mac OS X to use this LDAP
server for all authentication attempts. You do this by choosing
Search > Custom path in the Authentication pane of Directory
Access and adding the LDAP server to the Directory Node list.
Note that Directory
Access configurations are independent of network locations.
Selecting a different network location does not change LDAP
settings.
NOTE
If you misconfigure directory services on Mac OS
X, your computer can become unresponsive. To fix this, start your
computer in single-user mode and reset the directory service
settings by deleting the configuration files in
/Library/Preferences/DirectoryService.
Configuring Active Directory in Mac OS
X
In addition to LDAP, Mac OS X can use Active
Directory fo r authentication information. There are three pieces
of information you will need to obtain from your system
administrator:
Additionally, you can configure advanced options
such as mobile account settings, network home directory protocols,
and Active Directory attribute mappings.
After you have configured Active Directory, you
will again need to configure the authentication search path to
include Active Directory.
|
