Open Directory

Discussion in 'Mac OS X Server, Xserve, and Networking' started by brettuk, Aug 2, 2012.

  1. macrumors member

    Joined:
    Jun 19, 2009
    #1
    Hi Folks,

    I'm tempted to buy OS X server as it's only £13, for me to play with for home use.

    I'm curious about Open Directory, it seems to be touted as Active Directory for the rest of us, but there's a lack of detail about how it works.

    Can I import existing accounts to it? Do password changes propagate through the network (i'd imagine they do)? Can you prevent certain users from logging into certain computers? For instance, I don't want every user being able to log into the OS X server, as they have no business logging in there.

    Another nice feature seems to be that Synology support Open Directory, so when I get that device, everything should work seemlessly with no additional password prompts (single sign on)? Is this correct?

    I've had some limited experience with Active Directory, I had a test domain I played with when I was younger, but not with Open Directory.

    Thanks
     
  2. macrumors 6502

    Joined:
    Apr 9, 2011
    Location:
    Bismarck, North Dakota
    #2
    Yes, you can import accounts into Open Directory and the password changes propagate through the network. You can restrict who logs into the server using Service Access settings.

    I don't know what Synology is.

    Open Directory is REALLY easy to set up. You fill in a few text boxes (nothing complicated), click ok, and it creates everything.
     
  3. macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #3
    Yes, most certainly can do that - OD is actually extremely powerful! Apple's implementation of OD is "for the rest of us", but there are still the "things users don't see" aspects which make it potentially even far greater than AD.

    Yes, it works perfectly, have used it many times.

    Yes, it's important to mention here that each machine you want to connect to the OD (like AD), must be joined to the domain. System Prefs->Users & Groups->Login Options->Join.

    :)
     
  4. macrumors 6502a

    Truffy

    Joined:
    May 9, 2005
    Location:
    somewhere outside your window...
    #4
    Never used AD, but OD is undoubtedly useful. I understand that it has some weaknesses compared to AD, but for a SOHO set up it should suffice easily enough. I'm coming from SLS and have read that MLS's implementation of OD (such as MCX) is different. But I'm still working through the real-world implications of that though.
     
  5. macrumors newbie

    Joined:
    Jul 2, 2007
    Location:
    Indiana
    #5
    An Apple OD system is actually a combination of Open LDAP, Kerberos and something Apple calls Password Server. Password Server deals with all the passwords that can't be dealt with through Kerberos, like NTLM etc. It's all automatic you don't usually need to manage each component separately.

    The key to setting up any OS X Server is to get DNS and static IPs setup before you setup the server. Apple has good documentation for the basic setup and management. If you need to integrate with Window systems then it gets much more complicated.
     
  6. macrumors 6502a

    Joined:
    Jul 5, 2007
    #6
    I just completed an Apple training on OSX 10.7 and Server. I'm looking to set up an OD and possibly integrate it with our AD too.

    Anyways, one thing that was mentioned in training or I was warned about is the possibility of the MAC users Keychain becoming out of sync. Understanding how this happens upfront and how to fix it will make your life easier.

    I will leave it up to the much more knowledgeable on here to elaborate.

    In the next few days I need to learn about Deploy Studio. My instructor said it is an excellent program and I look forward to learning all this new stuff!
     

Share This Page