Open Directory

brettuk

macrumors member
Original poster
Jun 19, 2009
32
0
Hi Folks,

I'm tempted to buy OS X server as it's only £13, for me to play with for home use.

I'm curious about Open Directory, it seems to be touted as Active Directory for the rest of us, but there's a lack of detail about how it works.

Can I import existing accounts to it? Do password changes propagate through the network (i'd imagine they do)? Can you prevent certain users from logging into certain computers? For instance, I don't want every user being able to log into the OS X server, as they have no business logging in there.

Another nice feature seems to be that Synology support Open Directory, so when I get that device, everything should work seemlessly with no additional password prompts (single sign on)? Is this correct?

I've had some limited experience with Active Directory, I had a test domain I played with when I was younger, but not with Open Directory.

Thanks
 

jackhdev

macrumors 6502
Apr 9, 2011
343
0
Bismarck, North Dakota
Yes, you can import accounts into Open Directory and the password changes propagate through the network. You can restrict who logs into the server using Service Access settings.

I don't know what Synology is.

Open Directory is REALLY easy to set up. You fill in a few text boxes (nothing complicated), click ok, and it creates everything.
 

DoFoT9

macrumors P6
Jun 11, 2007
17,530
32
Singapore
Can I import existing accounts to it? Do password changes propagate through the network (i'd imagine they do)? Can you prevent certain users from logging into certain computers? For instance, I don't want every user being able to log into the OS X server, as they have no business logging in there.
Yes, most certainly can do that - OD is actually extremely powerful! Apple's implementation of OD is "for the rest of us", but there are still the "things users don't see" aspects which make it potentially even far greater than AD.

Another nice feature seems to be that Synology support Open Directory, so when I get that device, everything should work seemlessly with no additional password prompts (single sign on)? Is this correct?
Yes, it works perfectly, have used it many times.

Yes, you can import accounts into Open Directory and the password changes propagate through the network.
Yes, it's important to mention here that each machine you want to connect to the OD (like AD), must be joined to the domain. System Prefs->Users & Groups->Login Options->Join.

:)
 

Truffy

macrumors 6502a
Never used AD, but OD is undoubtedly useful. I understand that it has some weaknesses compared to AD, but for a SOHO set up it should suffice easily enough. I'm coming from SLS and have read that MLS's implementation of OD (such as MCX) is different. But I'm still working through the real-world implications of that though.
 

marc7654

macrumors newbie
Jul 2, 2007
16
0
Indiana
An Apple OD system is actually a combination of Open LDAP, Kerberos and something Apple calls Password Server. Password Server deals with all the passwords that can't be dealt with through Kerberos, like NTLM etc. It's all automatic you don't usually need to manage each component separately.

The key to setting up any OS X Server is to get DNS and static IPs setup before you setup the server. Apple has good documentation for the basic setup and management. If you need to integrate with Window systems then it gets much more complicated.
 

drober30

macrumors 6502a
Jul 5, 2007
813
71
I just completed an Apple training on OSX 10.7 and Server. I'm looking to set up an OD and possibly integrate it with our AD too.

Anyways, one thing that was mentioned in training or I was warned about is the possibility of the MAC users Keychain becoming out of sync. Understanding how this happens upfront and how to fix it will make your life easier.

I will leave it up to the much more knowledgeable on here to elaborate.

In the next few days I need to learn about Deploy Studio. My instructor said it is an excellent program and I look forward to learning all this new stuff!