Doing the Directory Services Two-Step
Directory services make a server administrator's life much easier by providing a centralized repository for information about users, groups, and computers. Using directory services, administrators can consolidate users and computing resources into groups and then apply and enforce security and permissions policies across those groups.
Windows servers use Active Directory to provide directory services on a network. Apple's Active Directory plug-in for Mac OS X allows a Mac server to maintain information about Mac clients and allows access to enforce Active Directory policies and authentication.
In an Active Directory environment, Mac servers actually provide authentication of both Open Directory and Active Directory to the Mac clients. This dual authentication role allows policies to be implemented on the Mac server for Mac clients that are nonstandard in an Active Directory environment (such as iChat services or Address Book services) while allowing Active Directory to handle the network services that are common to Windows and Mac users on the network.
The Mac server's ability to manage both Open Directory and Active Directory separately (and never the twain shall meet) is known as implementing the magic triangle, as shown in Figure 7-1. (The magic triangle shouldn't be confused with a percussion instrument for productions of The Magic Flute.) The Mac server handles the Active Directory piece of the puzzle by using the Mac's Active Directory ...
Get Mac OS X Lion Server For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
