Planning Behind-the-Scenes Account Management

Previous page
Table of content
Next page

The personal and political aspects of planning a deployment are important, but without proper hardware planning the whole scenario is in jeopardy. Care should be taken to avoid an overloaded server. It is not realistic to have a single server hold all the account information, handle the authentication duties, and serve home folders for a thousand or so concurrent connections. The tasks must be spread across several servers to insure a quality user experience. This means having at least one Xserve (preferably with an attached Xserve RAID) that is utilized for home folder storage.

Also, there are many dangers in using a single Xserve to run your entire LDAP database with all the associated authentication information. First, a catastrophe could leave the server permanently disabled and the data destroyed. Second, having one access point for both authentication and authorization will soon become a bottleneck for a quality user experience.

Using Server Replication

To solve these issues, replicas should be used to share the load of the directory server and provide redundancy should the Open Directory master have a catastrophic physical failure. Replicas help provide load sharing and redundancy by essentially becoming clones of the Open Directory master's LDAP, Password Server, and Kerberos containers, thereby allowing a computer bound to either the master or any replica to query all servers in sequence and allow the first server to respond to authenticate the user. For more information on setting up replicas, refer to Apple Training Series: Mac OS X System Administration Reference, Volume 1.

Archiving Account Data

Using Server Admin, you can create an archive copy of the Open Directory master's directory and authentication data. After you select a location and click the Archive button, Server Admin creates a disk image containing the following:

  • An LDAP database and configuration files

  • A Password Server database

  • A Kerberos database and configuration files

  • A Local NetInfo database

  • A Local NetInfo users password folder

  • Machine networking and service information

  • Various launchd items

  • Samba configuration information

Using Server Admin to create an archive.

Restoring Archived Data

To restore the data, enter the path to the archived image and click Restore. The data from the image will be merged with the existing master's data. If there are conflicts between the master's data and the image, the data in the master takes precedence and the conflict is recorded in the slapconfig log file. To restore from an archive, navigate to the archive using Server Admin and click Restore.

If you have configured Open Directory replica servers to connect to the Open Directory master, you will need to reconnect the replicas after restoring a server from an archive.

Note

It is better to promote a replica to a master than to restore a master from an archive.




Previous page
Table of content
Next page
Apple Training Series(c) Mac OS X v10. 4 System Administration Reference
Apple Training Series: Mac OS X v10.4 System Administration Reference, Volume 2
ISBN: 0321423151
EAN: 2147483647
Year: 2006
Pages: 128
Authors: Schoun Regan, David Pugh
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
MySQL Stored Procedure Programming
CompTIA Project+ Study Guide: Exam PK0-003
VBScript Programmers Reference
Developing Tablet PC Applications (Charles River Media Programming)
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy