Integrating Specific Records With Third-Party LDAP Directories

Previous page
Table of content
Next page

There are certain characteristics of third-party directory services that require additional configurations when working with Mac OS X. The following figure compares how different directories can integrate Mac OS X by default. Attributes with "???" are deficiencies in the directory that must be addressed to successfully integrate.

Mac OS X Server integrates well because it provides all of the attributes required by Mac OS X. It takes some additional configuration to integrate Mac OS X with other servers as they are usually missing at least some key attributes.

A common deficiency amongst third-party directories is the HomeDirectory mapping. This mapping is an addition Apple applied to the RFC 2307 standard schema. It is a required attribute for users who will have a network home folder, and administrators should always plan to address this need when integrating into any directory not manufactured by Apple.

Integrating With eDirectory

eDirectory is a directory service offering from Novell that provides support for LDAP and can be configured to provide support for Mac OS X.

When configuring, be sure to leave the Password field blank so that authentication will occur over the LDAP Bind. Novell has provided the homeDirectory attribute as a UNIXonly attribute; using it will not conflict with native Novell clients. This was done to ensure compliance with RFC 2307.

By default the only missing user attribute is HomeDirectory; this will need to be addressed prior to integrating. Administrators interested in modifying the schema to better support Mac OS X can get functional unsupported LDIF files to automate modifying eDirectory's schema from www.macosxlabs.org.

Integrating With SunOne

SunOne directory service is an LDAP directory service provided by Sun Microsystems. Originally called iPlanet, it has a schema that is designed to ensure full compliance with RFC 2307. This leaves the schema ready for use with exception of the HomeDirectory mapping, which is not part of the RFC 2307 schema. Schema modification should be automated through the use of LDIF files.

Although Sun has implemented a model RFC 2307 schema, administrators often make changes to meet the needs of an individual organization. A common change would be to not store the password in the directory as a user record attribute and use Kerberos instead. Be sure to follow the LDAP workflow and to use the above figure as a reference for your own integration.



Previous page
Table of content
Next page
Apple Training Series. Mac OS X System Administration Reference, Volume 1
Apple Training Series: Mac OS X System Administration Reference, Volume 1
ISBN: 032136984X
EAN: 2147483647
Year: 2005
Pages: 258
Authors: Schoun Regan
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
Absolute Beginner[ap]s Guide to Project Management
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
SQL Hacks
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy