Open Directory , the directory services layer of Mac OS X (see Figure 7-1 for a detailed view), offers the essential service of providing information to the system about users, machines, printers, and more. It’s also something that most people know very little about. To many, Open Directory is mysterious because its name connotes a tie to the idea of a filesystem directory. In reality, Open Directory doesn’t have much at all to do with the filesystem other than the fact that its data is arranged in a hierarchical tree.

For the most part, however, Open Directory is an enigma, because the role it plays is central enough to the system that it’s hard to distinguish what it’s doing. At Apple’s 2003 Worldwide Developer’s Conference (WWDC), an Apple employee retold a story about how management always wanted to see a demo of directory services. His response was simply, “Did you make it past the login window? [If so,] well, that’s the demo.”

Every time you log in, whether through a local or a network account, and every time you browse for Macintosh- or Windows-based file servers, you are using Open Directory. When you log into your Mac using the login window, the login window consults Open Directory to see whether you have a valid username and password for the system. If Open Directory indicates that the username and password are okay, login proceeds. If not, you’re challenged until you either get it right or your entry is refused. When you want to connect to a server, ...