| Use Directory Access to define the following search policies: Mac OS X uses the authentication search policy to locate and retrieve user authentication information and other administrative data from directory services or data stores. Mac OS X uses the contacts search policy to locate and retrieve name, address, and other contact information from directory services or data stores. Address Book uses this contact information, and other applications can be programmed to use it as well.
Each search policy consists of a list of directory nodes (also known as directory domains). The order of directory nodes in the list defines the search policy. Starting at the top of the list, Mac OS X searches each listed directory node in turn until it either finds the information it needs or reaches the end of the list without finding the information.  You can set the authentication search policy and contacts search policy as follows: "Automatic" starts with the local directory domain and can include an LDAP directory supplied automatically by DHCP and NetInfo domains to which the computer is bound. An automatic search policy is the default setting for Mac OS X v10.2 and later, and offers the most flexibility for mobile computers. "Local directory" includes only the local directory domain. "Custom path" starts with the local directory domain and includes your choice of one or several LDAP directories, an Active Directory domain, NetInfo domains, BDS configuration files, and an NIS domain.
To verify that DirectoryService is using the configuration you specified in Directory Access, go to the command line and type dscl localhost -read Search. This will list the search policies that are configured (LSPSearchPath, CSPSearchPath, SearchPath, and NSPSearchPath) and the search policy that is being used (SearchPolicy). Configuring Mac OS X to Use BSD Flat Files You will configure the BDS Configuration Files Open Directory plug-in, and then create the required files to allow a user to log in using this type of directory request. Note If you do not know how to use sudo or how to edit files with a commandline application such as vi, pico, or emacs, you should skip this exercise. See Appendix A for more about vi.
1. | In Terminal, make a copy of the existing /etc/master.passwd file, saving it as master.passwd.bkup.
Before you use a user list taken from another UNIX computer, you will need to edit the file to avoid conflicts. Enter the following command:
sudo cp /etc/master.passwd /etc/master.passwd.bkup
| 2. | Create a root shell by typing sudo -s.
| 3. | Use vi to open the file by typing vi/etc/master.passwd.
| 4. | View the contents of the file as you scroll to the end of the file.
Every user record in /etc/master.passwd contains ten attributes, each separated by a colon (:).
| 5. | Using Terminal, highlight the last line of text in the file.
It should look something like this:
securityagent:*:92:92::0:0:SecurityAgent:/var/empty:/usr/bin/false
| 6. | Using vi, enter interactive mode, create a new line below the current line, and paste in the identical line.
You now have two identical lines of text at the end of the /etc/master.passwd file. You will be editing the last line to make some changes.
| 7. | You will be changing a few attributes in this new line to a new user named Annie, so edit the file so it matches the following:
annie:*:600:600::0:0:Annie Whey:/Users/annie:/bin/bash
The first attribute is the short user name (annie). The second attribute is the account password. You will use a command-line tool to change this later. The third and fourth attributes are the user ID (UID) and primary group ID (GID), respectively. Because the Apple Admin account already uses 501, you needed to change the values for Annie's account to a different value. The next attribute after the GID should be the account's general classification. The UNIX accounts lacked this attribute, so you needed to add one. (Don't worry about Annie's account not having any class; none of the other user accounts has any either.) The next two attributes are for the password change time (0) and account expiration time (0). The following attribute is the user's long name (Annie Whey). The next attribute is a pointer to the location of Annie's home folder (/Users/annie). The final attribute is the default shell (bash).
| 8. | Save the changes and close the file.
| 9. | Set a crypt password for Annie's user account in the BDS flat file by typing sudo passwd -i file annie.
The -i parameter specifies where the crypt password should be stored. In this case, -i file specifies that the password is to be set for the specified account (annie) in the BDS flat files (/etc/master.passwd is the default file).
| 10. | When prompted for the new password, type annie and verify.
| 11. | View Annie's entry in the /etc/master.passwd file again.
Notice how the password field has changed.
|
Enabling the BSD Open Directory Plug-in Directory Access enables the BDS Open Directory plug-in to use the newly created passwd file. 1. | Open Directory Access.
| 2. | Select the "BDS Flat Files and NIS" checkbox in the Services pane.
| 3. | In the Authentication pane, choose "Custom path" from the Search pop-up menu.
| 4. | Click Add.
| 5. | Select /BDS/local from the list of available directories.
| 6. | Click Add.
| 7. | Click Apply.
| 8. | Quit Directory Access.
|
Testing BSD Configuration Files Setup The BDS flat file is the only location where the Annie Whey account currently exists. 1. | In Terminal, switch users to Annie Whey by typing su annie.
| 2. | Enter Annie Whey's password, annie.
You might receive an error because Annie's home folder does not exist. However, notice the prompt changes to annie$.
| 3. | Display the user ID for the current user by typing id.
This displays Annie's user ID, along with her group information.
| 4. | Type exit and quit the Terminal application.
| 5. | Log out as Apple Admin and log in as Annie Whey.
Once the desktop appears, you have successfully accessed user account information located in flat files you previously created.
Notice that Mac OS X automatically created a new home folder for Annie in /Users.
| 6. | Log out as Annie and log back in as Apple Admin.
|
|
