In addition to configuring discovery service protocols, the Directory Access utility is also used to configure directory service options. You select which directory service methods to use and the configuration options for each service. Although Mac OS X includes support for several different networked directory services, this lesson will focus on how to configure the two most common types of directory services: LDAP and Active Directory. Configuring LDAP in Mac OS XAs mentioned earlier, LDAP is the industry-standard method for communicating directory information over a network. Unfortunately, there is much variation in the organization of that information. The configuration options range from very easy to very difficult. Automatically Configuring with DHCPDHCP gives system administrators a standardized way to distribute LDAP information to client computers when they request an IP address. In fact, if your site is using Mac OS X Server to provide DHCP services, the default setting is to distribute LDAP binding information to DHCP clients. For this reason, it is possible to find and use a directory server on a newly installed computer without any additional configuration. Manually Configuring for Specific Directory ServersIf your site doesn't use DHCP to distribute LDAP information, you'll have to add some information so that the client can find and use the directory information. The information you'll need to get from your administrator includes:
Manually Configuring for Custom Directory ServerThis is an advanced configuration, which will not be covered in this book. It allows a very flexible but complex configuration that would enable you to work with a customized LDAP server. This configuration is covered by the Apple Certified System Administrator classes. Finally, after you have configured Mac OS X to use your LDAP server, you need to tell Mac OS X to use this LDAP server for all authentication attempts. You do this by choosing Search > Custom path in the Authentication pane of Directory Access and adding the LDAP server to the Directory Node list. Note that Directory Access configurations are independent of network locations. Selecting a different network location does not change LDAP settings. NOTE If you misconfigure directory services on Mac OS X, your computer can become unresponsive. To fix this, start your computer in single-user mode and reset the directory service settings by deleting the configuration files in /Library/Preferences/DirectoryService. Configuring Active Directory in Mac OS XIn addition to LDAP, Mac OS X can use Active Directory fo r authentication information. There are three pieces of information you will need to obtain from your system administrator:
Additionally, you can configure advanced options such as mobile account settings, network home directory protocols, and Active Directory attribute mappings. After you have configured Active Directory, you will again need to configure the authentication search path to include Active Directory. |