fbpx
Wikipedia

Apple Open Directory

March 28, 2023

Apple Open Directory is the LDAP directory service model implementation from Apple Inc. A directory service is software which stores and organizes information about a computer network's users and network resources and which allows network administrators to manage users' access to the resources.

In the context of macOS Server, Open Directory describes a shared LDAPv3 directory domain and a corresponding authentication model composed of Apple Password Server and Kerberos 5 tied together using a modular Directory Services system. Apple Open Directory is a fork of OpenLDAP.

The term Open Directory can also be used to describe the entire directory services framework used by macOS and macOS Server. In this context, it describes the role of a macOS or macOS Server system when it is connected to an existing directory domain, in which context it is sometimes referred to as Directory Services.

Apple, Inc. also publishes an API called the OpenDirectory framework, permitting macOS applications to interrogate and edit the Open Directory data.[1]

With the release of Mac OS X Leopard (10.5), Apple chose to move away from using the NetInfo directory service (originally found in NeXTSTEP and OPENSTEP), which had been used by default for all local accounts and groups in every release of Mac OS X from 10.0 to 10.4. Mac OS X 10.5 now uses Directory Services and its plugins for all directory information. Local accounts are now registered in the Local Plugin, which uses XML property list (plist) files stored in /var/db/dslocal/nodes/Default/ as its backing storage.[2]

Implementation in macOS Server

macOS Server can host an Open Directory domain when configured as an Open Directory Master. In addition to its local directory, this OpenLDAP-based LDAPv3 domain is designed to store centralized management data, user, group, and computer accounts, which other systems can access. The directory domain is paired with the Open Directory Password Server and, optionally, a Kerberos realm. Either provides an authentication model and stores password information outside of the directory domain itself.[3]

For Kerberos authentication, the Kerberos realm can either be hosted by a Kerberos key distribution center (KDC) running on the server system, or the server can participate in an existing Kerberos realm.

For services that are not Kerberized, the Password Server provides the following Simple Authentication and Security Layer-based authentication methods:[4]

Any Mac OS X Server system prior to 10.7 (Lion) configured as an Active Directory Master can act as a Windows Primary Domain Controller (PDC), providing domain authentication services to Microsoft Windows clients.[5]

Directory services framework

In a more general sense, Open Directory can describe the plugins model used by Directory Utility and the directory services framework in macOS and macOS Server. This could be thought of as analogous to the Name Service Switch systems of some other Unix-like operating systems. When connected to a directory system, a macOS client or Server can authenticate users, lookup contacts, perform service discovery and name resolution with the following types of directories:[6]

History

Open Directory began with Mac OS X Server 10.2. In this initial form, Open Directory consisted of a network-visible NetInfo directory domain and a corresponding Authentication Manager service for storing passwords outside of the directory. Version 10.2 also included support for Kerberos.[7] Mac OS X versions 10.1 and 10.0 stored user password information within the directory domain using crypt password authentication authorities, but version 10.2 paved the way for the current Shadow Hash and Password Server mechanisms.[8]

Password Server is the successor to Authentication Manager, and was introduced in Open Directory 2 in Mac OS X Server 10.3. Open Directory 2 was also the first version to use LDAPv3 as the directory domain.

Mac OS X Server 10.4 includes Open Directory 3, which introduced Active Directory domain member support, trusted directory binding, and increased robustness.[9]

Mac OS X Server 10.5 features Open Directory 4 with support for cross-domain authorization and a built-in RADIUS server for managing AirPort base stations.[10] Open Directory 4 no longer includes elements of NetInfo.[11]

See More

References

  1. ^ "OpenDirectory Release Notes at developer.apple.com". Retrieved 2010-04-21.
  2. ^ "Directory Services source code at www.opensource.apple.com". Retrieved 2009-09-02.
  3. ^ (PDF). Archived from the original (PDF) on 2007-03-15. Retrieved 2007-06-07.
  4. ^ (PDF). Archived from the original (PDF) on 2007-03-15. Retrieved 2007-06-07.
  5. ^ "Server Admin 10.4 Help: Setting Up a Server as a Primary Domain Controller". Retrieved 2007-06-07.
  6. ^ (PDF). Archived from the original (PDF) on 2007-03-15. Retrieved 2007-06-07.
  7. ^ . Archived from the original on 2008-02-18. Retrieved 2007-06-08.
  8. ^ (PDF). Archived from the original (PDF) on 2007-03-15. Retrieved 2007-06-08.
  9. ^ "Apple - Mac OS X Server - Open Directory". Retrieved 2007-06-08.
  10. ^ "Apple - Mac OS X Server - Technology - Open Directory". Retrieved 2007-12-21.
  11. ^ . Archived from the original on 2009-04-15. Retrieved 2007-12-21.

March 28, 2023
apple, open, directory, ldap, directory, service, model, implementation, from, apple, directory, service, software, which, stores, organizes, information, about, computer, network, users, network, resources, which, allows, network, administrators, manage, user. Apple Open Directory is the LDAP directory service model implementation from Apple Inc A directory service is software which stores and organizes information about a computer network s users and network resources and which allows network administrators to manage users access to the resources In the context of macOS Server Open Directory describes a shared LDAPv3 directory domain and a corresponding authentication model composed of Apple Password Server and Kerberos 5 tied together using a modular Directory Services system Apple Open Directory is a fork of OpenLDAP The term Open Directory can also be used to describe the entire directory services framework used by macOS and macOS Server In this context it describes the role of a macOS or macOS Server system when it is connected to an existing directory domain in which context it is sometimes referred to as Directory Services Apple Inc also publishes an API called the OpenDirectory framework permitting macOS applications to interrogate and edit the Open Directory data 1 With the release of Mac OS X Leopard 10 5 Apple chose to move away from using the NetInfo directory service originally found in NeXTSTEP and OPENSTEP which had been used by default for all local accounts and groups in every release of Mac OS X from 10 0 to 10 4 Mac OS X 10 5 now uses Directory Services and its plugins for all directory information Local accounts are now registered in the Local Plugin which uses XML property list plist files stored in var db dslocal nodes Default as its backing storage 2 Contents 1 Implementation in macOS Server 2 Directory services framework 3 History 4 See More 5 ReferencesImplementation in macOS Server EditmacOS Server can host an Open Directory domain when configured as an Open Directory Master In addition to its local directory this OpenLDAP based LDAPv3 domain is designed to store centralized management data user group and computer accounts which other systems can access The directory domain is paired with the Open Directory Password Server and optionally a Kerberos realm Either provides an authentication model and stores password information outside of the directory domain itself 3 For Kerberos authentication the Kerberos realm can either be hosted by a Kerberos key distribution center KDC running on the server system or the server can participate in an existing Kerberos realm For services that are not Kerberized the Password Server provides the following Simple Authentication and Security Layer based authentication methods 4 APOP CRAM MD5 Diffie Hellman key exchange Digest MD5 MS CHAPv2 NTLM v1 and v2 Lan Manager WebDAV DigestAny Mac OS X Server system prior to 10 7 Lion configured as an Active Directory Master can act as a Windows Primary Domain Controller PDC providing domain authentication services to Microsoft Windows clients 5 Directory services framework EditIn a more general sense Open Directory can describe the plugins model used by Directory Utility and the directory services framework in macOS and macOS Server This could be thought of as analogous to the Name Service Switch systems of some other Unix like operating systems When connected to a directory system a macOS client or Server can authenticate users lookup contacts perform service discovery and name resolution with the following types of directories 6 Authentication and contacts Microsoft Active Directory LDAPv3 including an Open Directory domain or RFC 2307 compliant system Apple NeXT NetInfo domains BSD flat files and NIS Service discovery and name resolution AppleTalk Windows NetBIOS and WINS Service Location Protocol SLP Multicast DNS Bonjour Zeroconf History EditOpen Directory began with Mac OS X Server 10 2 In this initial form Open Directory consisted of a network visible NetInfo directory domain and a corresponding Authentication Manager service for storing passwords outside of the directory Version 10 2 also included support for Kerberos 7 Mac OS X versions 10 1 and 10 0 stored user password information within the directory domain using crypt password authentication authorities but version 10 2 paved the way for the current Shadow Hash and Password Server mechanisms 8 Password Server is the successor to Authentication Manager and was introduced in Open Directory 2 in Mac OS X Server 10 3 Open Directory 2 was also the first version to use LDAPv3 as the directory domain Mac OS X Server 10 4 includes Open Directory 3 which introduced Active Directory domain member support trusted directory binding and increased robustness 9 Mac OS X Server 10 5 features Open Directory 4 with support for cross domain authorization and a built in RADIUS server for managing AirPort base stations 10 Open Directory 4 no longer includes elements of NetInfo 11 See More EditList of LDAP software Active Directory FreeIPA NetInfoReferences Edit OpenDirectory Release Notes at developer apple com Retrieved 2010 04 21 Directory Services source code at www opensource apple com Retrieved 2009 09 02 Mac OS X Server Open Directory Administration page 40 PDF Archived from the original PDF on 2007 03 15 Retrieved 2007 06 07 Mac OS X Server Open Directory Administration page 50 PDF Archived from the original PDF on 2007 03 15 Retrieved 2007 06 07 Server Admin 10 4 Help Setting Up a Server as a Primary Domain Controller Retrieved 2007 06 07 Mac OS X Server Open Directory Administration chapter 7 PDF Archived from the original PDF on 2007 03 15 Retrieved 2007 06 07 Apple Mac OS X Server 10 2 How to Integrate Services With Kerberos Archived from the original on 2008 02 18 Retrieved 2007 06 08 Mac OS X Server Open Directory Administration page 41 PDF Archived from the original PDF on 2007 03 15 Retrieved 2007 06 08 Apple Mac OS X Server Open Directory Retrieved 2007 06 08 Apple Mac OS X Server Technology Open Directory Retrieved 2007 12 21 AFP548 Leopard Server Part 2 Local Directory Services Archived from the original on 2009 04 15 Retrieved 2007 12 21 Retrieved from https en wikipedia org w index php title Apple Open Directory amp oldid 1140129730, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.