Apple Open Directory

Apple Open Directory

Open Directory is the LDAP directory service model implementation from Apple Inc. A directory service is software which stores and organizes information about a computer network's users and network resources and which allows network administrators to manage users' access to the resources.

In the context of Mac OS X Server, "Open Directory" describes a shared LDAPv3 directory domain based on OpenLDAP and a corresponding authentication model composed of Apple Password Server and Kerberos 5 tied together using a modular Directory Services system.

The term "Open Directory" can also be used to describe the entire directory services framework used by Mac OS X and Mac OS X Server. In this context, it describes the role of a Mac OS X or Mac OS X Server system when it is connected to an existing directory domain.

Implementation in Mac OS X Server

Mac OS X Server can host an "Open Directory domain" when configured as an "Open Directory Master". In addition to its local directory, this OpenLDAP-based LDAPv3 domain is designed to store centralized management data, user, group, and computer accounts, which other systems can access. The directory domain is paired with the "Open Directory Password Server" and, optionally, a Kerberos realm. Either provides an authentication model and stores password information outside of the directory domain itself. [cite web | title=Mac OS X Server: Open Directory Administration, page 40 | url=http://images.apple.com/server/pdfs/Open_Directory_v10.4.pdf | accessdate=2007-06-07]

For Kerberos authentication, the Kerberos realm can either be hosted by a Kerberos key distribution center (KDC) running on the server system, or the server can participate in an existing Kerberos realm.

For services that are not Kerberized, the Password Server provides the following Simple Authentication and Security Layer-based authentication methods: [cite web | title=Mac OS X Server: Open Directory Administration, page 50 | url=http://images.apple.com/server/pdfs/Open_Directory_v10.4.pdf | accessdate=2007-06-07]

* APOP
* CRAM-MD5
* Diffie-Hellman key exchange
* Digest-MD5
* MS-CHAPv2
* NTLM v1 and v2
* Lan Manager
* WebDAV-Digest

Any Mac OS X Server system configured as an Open Directory Master can act as a Windows Primary Domain Controller (PDC), providing domain authentication services to Microsoft Windows clients. [cite web | title=Server Admin 10.4 Help: Setting Up a Server as a Primary Domain Controller | url=http://docs.info.apple.com/article.html?path=ServerAdmin/10.4/en/c2wn5.html | accessdate=2007-06-07]

Directory Services Framework

In a more general sense, Open Directory can describe the plugins model used by Directory Access and the directory services framework in Mac OS X and Mac OS X Server. This could be thought of as analogous to the Name Service Switch systems of some other Unix-like operating systems. When "connected to a directory system", a Mac OS X client or Server can authenticate users, lookup contacts, perform service discovery and name resolution with the following types of directories: [cite web | title=Mac OS X Server: Open Directory Administration, chapter 7 | url=http://images.apple.com/server/pdfs/Open_Directory_v10.4.pdf | accessdate=2007-06-07]

* Authentication & Contacts
** Microsoft Active Directory
** LDAPv3, including an Open Directory domain or RFC 2307-compliant system
** Apple/NeXT NetInfo domains
** BSD flat files and NIS

* Service Discovery & Name Resolution
** AppleTalk
** Windows (NetBIOS and WINS)
** Service Location Protocol (SLP)
** Multicast DNS (Bonjour/Zeroconf)

History

Open Directory began with Mac OS X Server 10.2. In this initial form, Open Directory consisted of a network-visible NetInfo directory domain and a corresponding Authentication Manager service for storing passwords outside of the directory. Version 10.2 also included support for Kerberos. [cite web | title=Apple - Mac OS X Server 10.2: How to Integrate Services With Kerberos | url=http://docs.info.apple.com/article.html?artnum=107155 | accessdate=2007-06-08] Mac OS X versions 10.1 and 10.0 stored user password information within the directory domain using crypt password authentication authorities, but version 10.2 paved the way for the current Shadow Hash and Password Server mechanisms. [cite web | title=Mac OS X Server: Open Directory Administration, page 41 | url=http://images.apple.com/server/pdfs/Open_Directory_v10.4.pdf | accessdate=2007-06-08]

Password Server is the successor to Authentication Manager, and was introduced in Open Directory 2 in Mac OS X Server 10.3. Open Directory 2 was also the first version to use LDAPv3 as the directory domain.

Mac OS X Server 10.4 includes Open Directory 3, which introduced Active Directory domain member support, trusted directory binding, and increased robustness. [cite web | title=Apple - Mac OS X Server - Open Directory | url=http://www.apple.com/server/macosx/opendirectory.html | accessdate=2007-06-08]

Mac OS X Server 10.5 features Open Directory 4 with support for cross-domain authorization and a built-in RADIUS server for managing AirPort base stations. [cite web | title=Apple - Mac OS X Server - Technology - Open Directory | url=http://www.apple.com/server/macosx/technology/opendirectory.html | accessdate=2007-12-21] Open Directory 4 no longer includes elements of NetInfo. [cite web | title=AFP548 - Leopard Server Part 2 - Local Directory Services | url=http://www.afp548.com/article.php?story=LeopardServerReview-LocalDirectory | accessdate=2007-12-21]

See also

* List of LDAP software

References


Some of References not found.


Wikimedia Foundation. 2010.

Игры ⚽ Нужна курсовая?

Look at other dictionaries:

  • Apple Open Directory — Open Directory Développeur Apple Inc. Environnement Mac OS X …   Wikipédia en Français

  • Apple Open Directory — Das Open Directory ist Apples Umsetzung des LDAP Verzeichnisdiensts in Mac OS X. Es speichert und organisiert Informationen über die Benutzer und Netzwerkressourcen eines Computernetzwerkes und ermöglicht den Netzwerk Administratoren den Zugriff… …   Deutsch Wikipedia

  • Open Directory — steht für: das Webverzeichnis Open Directory Project eine Implementierung des Lightweight Directory Access Protocol durch Apple, siehe Apple Open Directory Diese Seite ist eine Begriffsklärung zur Unterscheidung meh …   Deutsch Wikipedia

  • Open Directory — may refer to: The Open Directory Project (ODP), a human maintained directory of websites also known as DMOZ Apple Open Directory, an LDAP compatible directory service for Mac OS X Server The Sun Open Directory Service (OpenDS) project This… …   Wikipedia

  • Apple Open Collaboration Environment — Apple Open Collaboration Environment, or AOCE (sometimes OCE), was a collection of messaging related technologies introduced for the Mac OS in the early 1990s. It included the PowerTalk mail engine, which was the primary client side interface to… …   Wikipedia

  • Directory Utility — Developer(s) Apple Computer Stable release 2.0.1 (294.1) / August 5, 2009 Operating system Mac OS X …   Wikipedia

  • Directory Access Protocol — LDAP im TCP/IP‑Protokollstapel: Anwendung LDAP Transport UDP TCP Internet IP (IPv4, IPv6) Netzzugang …   Deutsch Wikipedia

  • Directory Access — Infobox Software name = Directory Access caption = Directory Access Services tab developer = Apple Computer latest release version = 1.8 latest release date = operating system = Mac OS X genre = Utility license = Proprietary website =… …   Wikipedia

  • Apple 2 — Apple II Hersteller Apple Vorgestellt April 1977 (USA) Eingestellt November 1993 (USA) Empf. Verkaufspreis US$1298 (ca. 3500 bis 5000 DM) je nach Ausstattung CPU …   Deutsch Wikipedia

  • Apple IIc+ — Apple IIc Hersteller Apple Vorgestellt April 1984 Eingestellt August 1988 Empf. Verkaufspreis US$1295 CPU 65C02 , 1,020 MHz …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”