Next up is Open Directory.

Open Directory is Apple’s directory server that stores information in a centralized location such as users, groups, and management data which other systems like Windows and Unix can also easily access. This flexibility is what makes Open Directory so powerful, allowing OS X Server to be seamlessly integrated in a heterogeneous network environment.

But before you get too excited, I should mention that I’ll only be covering Apple Server/Client scenarios via AFP (Apple Filing Protocol) since I’m assuming you have mostly Macs on your network. When you bring Linux and Windows servers into the mix, that’s a whole ‘nother ball of wax.

So go ahead and fire up Server Admin and click on AFP under Computers & Services.

• Click on the Settings tab on the bottom and make sure both check boxes for “Enable Bonjour registration” and “Enable browsing with AppleTalk” are checked.
• Click on Start Service button to enable AFP.
• Open Network Preference and make Appletalk active.

For this tutorial, we’ll use OS X Server as the Open Directory Master on our network. Remember that your server as of now is a “Stand Alone Server” with only local user accounts? Once we get Open Directory up and running, you’ll be able to create network accounts with shared directories and more!

Exciting stuff, no? …Ok moving on.

First, we’ll need to create and configure an LDAP database that will store the information within the directory domain we created earlier in the DNS tutorial.

LDAP, (Lightweight Directory Access Protocol) is an internet protocol that email and other services use to look up and verify information from a server. LDAP provides a consistent single sign on verification system where one password for a user is shared between various services of OS X Server so that you don’t have to sign on every time you want to use a particular service.

This verification process is taken care of by Apple Password Server and Kerberos, which will be up and running automatically upon starting Open Directory.

• Click on the Setting Tab on the lower right side of the panel. On the popup menu next to Role, select “Open Directory Master”.

• You’ll be directed to create a new Open Directory master domain. You’ll need to create another user account, namely the Directory Administrator. This is already filled in by default so all you have to do is to supply a password and verify it.
• Notice on the bottom under Domain Info - The Kerberos Realm will use the domain zone with the domain name of your server that you created earlier in the DNS tutorial.
• Click Create button. This may take a bit of time as the LDAP database is being built.

Once that’s done, select the Protocols tab and see the result.

Press the Start Service button to start Open Directory.

Click on the Overview tab on the bottom. If all is well, everything should be running.

As I mentioned earlier, Kerberos is now set up and running automatically. Pretty sweet, right?

Now to check if your Open Directory is running correctly, open up the Directory Assistant application located in the Applications/Utilities folder.

• If NetInfo is still active, uncheck it.
• Make sure that LDAPv3 is checked and active.

• Click on the Authentication tab. On the drop down menu, select Custom Path and make sure that /LDAPv3/127.0.0.1 is listed under the Directory Domains list.

Next, we’ll start adding accounts with the Workgroup Manager.

Previous | Next

Trackback URI | Comments RSS