Book HomeMac OS X for Unix GeeksSearch this book

3.3. Configuring Directory Services

In order to configure Directory Services, use the Directory Access application (/Application/Utilities), shown in Figure 3-3. You can enable or disable various directory service plug-ins, or change their configuration.

Figure 3-3

Figure 3-3. The Directory Access application shows the available plug-ins

Directory Access supports the following plug-ins:

AppleTalk
This is the ultimate Mac OS legacy protocol. AppleTalk was the original networking protocol supported by Mac OS versions prior to Mac OS X. Linux and the server editions of Windows also support AppleTalk.

BSD configuration files
These are flat files located in the /etc directory, such as hosts, exports, and services.

WARNING: By default, the checkboxes for NetInfo and BSD Configuration Files are off. For the BSD Configuration Files, the checkbox controls whether the files are consulted for Directory Service lookups. NetInfo is a little more complicated. If the checkbox is off, NetInfo uses the local domain but does not consult network-based NetInfo domains. If the checkbox is on, NetInfo will also look for and potentially use any network-based domains that it finds.

LDAPv2
This is a version of LDAP that Mac OS X can access (read-only).

LDAPv3
This is a newer version of LDAP, which Mac OS X fully supports (read-write). This is the same version of LDAP used by Microsoft's Active Directory and Novell's NDS. Mac OS X Server includes both the client and server components of OpenLDAP (http://www.openldap.org), an Open Source LDAPv3 implementation. The client version of Jaguar includes only the OpenLDAP client components.

NetInfo
This is a legacy Directory Services protocol introduced in NeXTSTEP.

TIP: NetInfo and LDAP both use the same data store, which is contained in /var/db/netinfo/. The data store is a collection of embedded database files.

Rendezvous
This is Apple's zero-configuration protocol for discovering file sharing, printers, and other network services. It uses a peer-to-peer approach to announce and discover services automatically as devices join a network.

SLP
This is the Service Location Protocol, which supports file and print services over IP.

SMB
This is the Server Message Block protocol, which is Microsoft's protocol for file and print services.

Under the Services tab, everything except NetInfo and BSD Configuration Files is enabled by default. However, if you go to the Authentication tab (Figure 3-4), you'll see that NetInfo is the sole service in charge of authentication (which is handled by /etc/passwd and /etc/group on other Unix systems).

Figure 3-4

Figure 3-4. The Directory Access Authentication tab

By default, the Authentication tab is set to Automatic. You can set the Search popup to any of the following:

Automatic
This is the default, which searches (in order): the local NetInfo directory, a shared NetInfo domain, and a shared LDAPv3 domain.

Local directory
This searches only the local NetInfo directory.

Custom path
This allows you to use BSD flat files (/etc/passwd and /etc/group). After you select Custom path from the pop up, click Add and select /BSD Configuration Files/Local.

After you have changed the Search setting, click Apply. The Contact tab is set up identically to the Authentication tab and is used by programs that search Directory Services for contact information (office locations, phone numbers, full names, etc.).

WARNING: Note that enabling BSD flat files does not copy or change the information in the local directory (the NetInfo database). If you want to rely only on flat files, you would need to remove all the entries from the local directory and add them to /etc/master.passwd. This would mean you could no longer use the GUI tools to manage those accounts.



Library Navigation Links

Copyright © 2003 O'Reilly & Associates. All rights reserved.