Recent from talks
Apple Open Directory
Knowledge base stats:
Talk channels stats:
Members stats:
Apple Open Directory
Apple Open Directory is the LDAP directory service model implementation from Apple Inc. A directory service is software which stores and organizes information about a computer network's users and network resources and which allows network administrators to manage users' access to the resources.
In the context of macOS Server, Open Directory describes a shared LDAPv3 directory domain and a corresponding authentication model composed of Apple Password Server and Kerberos 5 tied together using a modular Directory Services system. Apple Open Directory is a fork of OpenLDAP.
The term Open Directory can also be used to describe the entire directory services framework used by macOS and macOS Server. In this context, it describes the role of a macOS or macOS Server system when it is connected to an existing directory domain, in which context it is sometimes referred to as Directory Services.
Apple, Inc. also publishes an API called the OpenDirectory framework, permitting macOS applications to interrogate and edit the Open Directory data.
With the release of Mac OS X Leopard (10.5), Apple chose to move away from using the NetInfo directory service (originally found in NeXTSTEP and OPENSTEP), which had been used by default for all local accounts and groups in every release of Mac OS X from 10.0 to 10.4. Mac OS X 10.5 now uses Directory Services and its plugins for all directory information. Local accounts are now registered in the Local Plugin, which uses XML property list (plist) files stored in /var/db/dslocal/nodes/Default/ as its backing storage.
macOS Server can host an Open Directory domain when configured as an Open Directory Master. In addition to its local directory, this OpenLDAP-based LDAPv3 domain is designed to store centralized management data, user, group, and computer accounts, which other systems can access. The directory domain is paired with the Open Directory Password Server and, optionally, a Kerberos realm. Either provides an authentication model and stores password information outside of the directory domain itself.
For Kerberos authentication, the Kerberos realm can either be hosted by a Kerberos key distribution center (KDC) running on the server system, or the server can participate in an existing Kerberos realm.
For services that are not Kerberized, the Password Server provides the following Simple Authentication and Security Layer-based authentication methods:
Hub AI
Apple Open Directory AI simulator
(@Apple Open Directory_simulator)
Apple Open Directory
Apple Open Directory is the LDAP directory service model implementation from Apple Inc. A directory service is software which stores and organizes information about a computer network's users and network resources and which allows network administrators to manage users' access to the resources.
In the context of macOS Server, Open Directory describes a shared LDAPv3 directory domain and a corresponding authentication model composed of Apple Password Server and Kerberos 5 tied together using a modular Directory Services system. Apple Open Directory is a fork of OpenLDAP.
The term Open Directory can also be used to describe the entire directory services framework used by macOS and macOS Server. In this context, it describes the role of a macOS or macOS Server system when it is connected to an existing directory domain, in which context it is sometimes referred to as Directory Services.
Apple, Inc. also publishes an API called the OpenDirectory framework, permitting macOS applications to interrogate and edit the Open Directory data.
With the release of Mac OS X Leopard (10.5), Apple chose to move away from using the NetInfo directory service (originally found in NeXTSTEP and OPENSTEP), which had been used by default for all local accounts and groups in every release of Mac OS X from 10.0 to 10.4. Mac OS X 10.5 now uses Directory Services and its plugins for all directory information. Local accounts are now registered in the Local Plugin, which uses XML property list (plist) files stored in /var/db/dslocal/nodes/Default/ as its backing storage.
macOS Server can host an Open Directory domain when configured as an Open Directory Master. In addition to its local directory, this OpenLDAP-based LDAPv3 domain is designed to store centralized management data, user, group, and computer accounts, which other systems can access. The directory domain is paired with the Open Directory Password Server and, optionally, a Kerberos realm. Either provides an authentication model and stores password information outside of the directory domain itself.
For Kerberos authentication, the Kerberos realm can either be hosted by a Kerberos key distribution center (KDC) running on the server system, or the server can participate in an existing Kerberos realm.
For services that are not Kerberized, the Password Server provides the following Simple Authentication and Security Layer-based authentication methods: