What You ve Learned

What You've Learned

• Apple provides plug-ins for LDAPv3 and Active Directory and the option to integrate third-party custom plug-ins.

• When using the LDAPv3 plug-in, the requirements are the same as if Mac OS X were connecting to Open Directory.

• The key to integration is planning your approach to supplementing the existing directory. For the best results, start by connecting to the third-party directory service with an LDAP browser, and then follow the LDAP workflow outlined in this lesson.

• At login, Mac OS X needs to find user identification and to authenticate the identity.

• If using LDAP Bind, administrators need to use SSL to avoid exposing user passwords to the network.

• Kerberos can be used to securely authenticate identities, allow for password policies, or enable SSO to services.

References

Administration Guides

"Mac OS X Server Open Directory Administration": http://images.apple.com/server/pdfs/Open_Directory_v10.4.pdf

"Mac OS X Server Command-Line Administration": http://images.apple.com/server/pdfs/Command_Line_v10.4.pdf

Apple Knowledge Base Documents

The following Knowledge Base document (located at http://www.apple.com/support) provides further information about troubleshooting login problems with third-party LDAP directories.

Document 107523, "Mac OS X 10.2.5: Unable to Log In After Deleting NIS Server Entry"

Books

Carter, Gerald. LDAP System Administration (O'Reilly, 2003).

URLs

MacEnterprise.org: www.macosxlabs.org

Integrating Mac OS X in an NIS network: www.bresink.de/osx/nis.html

Novell eDirectory: www.novell.com/products/edirectory