When a user attempts to log in to the server or use one of its services that require authentication, the server authenticates the user by consulting the local database. If the user has an account on the system and supplies the appropriate password, authentication succeeds.
Setting Up a Server to Host an Open Directory Master
When you want a server you are setting up to host an Apple LDAP directory for use by itself and other computers, choose the directory usage option called Open Directory Master in Server Assistant. This option:
•Sets up the Apple LDAP domain on the server
•Turns on Open Directory authentication for validating all users defined in the local NetInfo domain and the shared Apple LDAP domain
•Sets up a Kerberos KDC on the server
•Optionally enables a Windows Primary Domain Controller on the server, letting your server authenticate and provide home directories for users of computers with Windows NT4.x, Windows 9x, and Windows XP
To set up replication for the Apple LDAP directory, use Server Admin after setup is complete. To configure additional directory connectivity, use Directory Access. See the Open Directory administration guide for more information about directory configuration.
Open Directory authentication is set up on the server and used by default for any users added to domains that reside on the server.
Setting Up a Server to Connect to a Directory System
When you want a server you are setting up to use a shared directory on another computer, choose the directory usage option called Connected to a Directory System in Server Assistant. Then choose one of the following options:
•As Specified by DHCP Server, which sets up a server to receive the identity of a shared LDAP or NetInfo directory server from the DHCP server that provides its IP address. The LDAP directory can be an Apple LDAP directory or another vendor’s LDAP directory.
•Apple LDAP Directory, which lets you indicate that the address of the Mac OS X Server hosting the LDAP directory should be obtained using DHCP or specify the IP address or domain name of the server.
•NetInfo Directory, which lets you indicate how the server being set up should locate the server hosting a shared domain. Choose one or more of these: Broadcast, DHCP, and Static IP Address, the last of which requires that you supply the NetInfo server’s IP address and the NetInfo tag of the directory domain, usually “network.”
•Other Directory System, which is the selection to make when you want to use a directory option different from the three above. After server setup, use Directory Access to specify the server’s directory configuration. See the Open Directory administration guide for more information.
Chapter 7 Initial Server Setup
95