home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam    

Book HomeMac OS X for Unix GeeksSearch this book

Chapter 3. Directory Services

A directory service manages information about users and resources, such as printers and servers. It can manage this information for anything from a single machine to an entire corporate network. The Directory Service architecture in Mac OS X is called Open Directory. Open Directory encompasses flat files (such as /etc/hosts), NetInfo (the legacy directory service brought over from earlier versions of Mac OS X and NeXTSTEP), LDAPv3, and other services through third-party plug-ins.

This chapter describes how to perform common configuration tasks, such as adding a user or host on Mac OS X with the default configuration. If your system administrator has configured your Macintosh to consult an external directory server, some of these instructions may not work. If that's the case, you should ask your system administrator to make these kinds of changes anyhow!

3.1. Understanding Directory Services

In Mac OS X 10.1.x and earlier, the system was configured to consult the NetInfo database for all directory information. If you needed to do something simple, such as adding a host, you couldn't just add it to /etc/hosts and be done with it. Instead, you had to use the NetInfo Manager (or NetInfo's command-line utilities) to add the host.

However, in Mac OS X 10.2 (Jaguar), NetInfo functions more as a legacy protocol. Instead of being a major player in the directory services world, NetInfo's role has been reduced to that of the local directory database for machines that are not participating in a network-wide directory, such as Active Directory or OpenLDAP. NetInfo is still present on Mac OS X systems, but you can perform most configuration tasks by editing the standard Unix flat files. By default, Mac OS X 10.2 is configured to consult the local directory (also known as the NetInfo database) for authentication, which corresponds to /etc/passwd [6] and /etc/group on other Unix systems. You can override this setting with the Directory Access application. For more information, see Section 3.3, later in this chapter.

[6]/etc/master.passwd is the shadow password file that actually contains the encrypted passwords.

For users whose network configuration consists of an IP address, a default gateway, and some DNS addresses, this default configuration should be fine. You'll need to tap into Open Directory's features for more advanced configurations, such as determining how a user can log into a workstation and find their home directory, even when that directory is hosted on a shared server.

In order to work with Mac OS X's Directory Services, you must first understand the overall architecture, which is known as Open Directory. Directory Services is the part of Mac OS X (and the open source Darwin operating system) that implements this architecture. Figure 3-1 shows the relationship of Directory Services to the rest of the operating system. On the top, server processes, as well as the user's desktop and applications, act as clients to Directory Services, which delegates requests to a directory service plug-in (see Section 3.3, later in this chapter, for a description of each plug-in).

Figure 3-1

Figure 3-1. The Directory Services architecture

Library Navigation Links

Copyright © 2003 O'Reilly & Associates. All rights reserved.