What are the advantages of using a Mac OS X Server centralized directory store in a heterogeneous network?
2.
What configuration file is used by the LDAP server process? Where is it located?
3.
How do Mac OS X computers acquire the mappings when binding to an Open Directory server?
4.
What is the schema and where is it stored?
5.
In order for a client to work properly with Open Directory, what directory-service data items must be correctly mapped and populated?
6.
What does adding disallow bind_anon to slapd.conf do?
7.
What is the benefit of enabling SSL on the LDAP server?
8.
When is the BerkeleyDB cache size set by Mac OS X Server, and how is its value determined?
Answers
1.
There is only one directory store for ease of administration.
Users can use the same account from disparate clients.
The administrator has more control over the connection methods.
As connection methods are secured, all clients take advantage of the increased security.
2.
The LDAP server uses the /etc/openldap/slapd.conf file as its configuration file. The slapd.conf file includes a directive to include /etc/openldap/slapd_macosxserver.conf file, which is managed by Server Admin.
3.
The mappings are provided as part of the configuration entry located in the LDAP database at cn=macosxodconfig,cn=Config.
4.
The schema defines the types and format of records stored in the local LDAP database. The schema files are at /etc/openldap/schema.
5.
In order for a client to work properly, the following data items must be correctly mapped and populated: RecordName, RealName, Password, UniqueID, PrimaryGroupID, NFSHomeDirectory, and HomeDirectory.
6.
It configures the LDAP server to not respond to data requests without authentication.
7.
When SSL is enabled on both the client and server computers, the LDAP data sent between the two computers is encrypted. This prevents attackers from eavesdropping on critical directory data.
8.
Mac OS X Server sets the BerkeleyDB cache size when the server is promoted to be an Open Directory master. The size of the cache is based upon the amount of RAM installed on the server when it was promoted. The value can later be overridden to enhance performance.
