Mac OS X Enterprise Directory Integration
Mac OS X EnterpriseDirectory IntegrationByDarren R. DavisStudent Computing Labs
Presentation Overview Enterprise Directories What are they? Why do I need one? Who makes them? Server Setup Client Setup Apple’s Directory Tools U of U Case Study
Enterprise Directories What are they?– A Directory is essentially a special usedatabase designed for quick searching andretrieval of information. Think of a phonebook were you look up name and getphone number, or quick reverse search bylooking up phone number and gettingname.
Many Directory Services X.500 (Original Standard)– Used DAP (Directory Access Protocol) NIS– Sun’s Network Information Services Apple Netinfo Novell’s NDS (Novell DAP) Note: LDAP is not a Directory– Access Protocol (Lightweight DAP)
Structure (Schema) Data is organized in Key and Valuepairs.– What is that? Think of.––––Key of Name - Value of Darren DavisKey of Phone - Value of 801.585.9811Key of EMail - Value of drdavis@scl.utah.eduKey of Password - Value of (yeah like I would tell)
Enterprise Directories Why do I need one? Uses of a Directory––––––Storage of user identitiesAuthenticationAuthorizationPhone Book (Searching)Storing Common or Network Configuration InformationNetwork Services Discovery and Location
Enterprise Directories Where is it?– Enterprise Directories are Networkresources accessed like any typicalnetwork service located on a server.
Enterprise Directories Who makes them? Just about Everyone Apple Open DirectoryIBMMicrosoft Active DirectoryNovell eDirectoryOpenLDAPOracleSun ONE (Formerly iPlanet)
Enterprise Directories How do I access them? Directory Client Uses standard protocol X.500 had DAP (Directory Access Protocol) DAP was way too heavy. U of Mich. developed LDAP (Lightweight) First implemented as a Gateway to DAP Now becoming primary access method
Server Setup Depends on who’s directory you use.– Follow setup instructions OpenLDAP (Open Source Directory)– Apple includes as part of it’s OpenDirectory.
Client Setup Use a directory client– Built-In to Mac OS X– Now built in to most UNIX Systems OpenLDAP– Oh yeah, Windows have them to.
Apple’s Directory Tools
Demonstration Setting Up Mac OS X Client Apple Directory Access– Located in Applications:Utilities
University of Utah Case StudyU
Definitions Authentication– The process of verifying the identity of auser. Authorization– Determining what the user can access. Kerberos– A network authentication protocol LDAP– A directory access protocol
University of Utah Case Study We use Kerberos for Authentication We use Active Directory for userinformation storage.– Why Active Directory?– Because we needed it to manage Win 2Kclients. So, if we already have a directory,we should just use it.
Setting up Active Directory Install Win 2K Server Patch and Patch and Patch– It’s Win 2K double check your patches ;) Setup Domain Controller– Starts AD Use AD4UNIX to extend schema– MKSADExtPlugins.msi Add users (Perl Script)
Why Extend the Schema? The Schema Represents the structureof the Directory.– So, we needed it to represent Mac OS X(basically just another UNIX) information.– So, we added schema information to havestandard UNIX information stored in AD.
What is stored in AD? User IDUID (UNIX ID #)GID (Group ID #)Home Directory We DO NOT store passwords in AD
Diagram
Questions and Answers?
This Presentation is aWork in Progress.This will be finalized at thejoint Apple and U of Useminar “Integrating MacOS X on Campus” on May 1st.
Resources www.macosxlabs.org web.mit.edu/kerberos/www/ www.netcom.utah.edu– NID– ANA www.openldap.org
Microsoft Active Directory Novell eDirectory OpenLDAP Oracle Sun ONE (Formerly iPlanet) . Use a directory client - Built-In to Mac OS X - Now built in to most UNIX Systems OpenLDAP - Oh yeah, Windows have them to. Client Setup. Apple's Directory Tools Setting Up Mac OS X Client Apple Directory .
Chapter 1 MAC Address Configuration Commands 1.1 MAC Address Configuration Commands 1.1.1 mac address-table static Syntax [no] mac address-table static mac-addr vlan vlan-id interface interface-id To add a static MAC address, run mac address-table static mac-addr vlan vlan-id interface interface-id. To cancel the static MAC address, run no mac
Open Directory Security 50 Tools for Managing Open Directory Services 50 Server Admin 51 Directory Access 51 Workgroup Manager 51 Command-Line Tools 52 . 100 Populating LDAP Directories With Data for Mac OS X 100 Accessing an Active Directory Domain 101 Learning About the Active Directory Plug-in
Online Backup Client User Manual Mac OS 1. Product Information Product: Online Backup Client for Mac OS X Version: 4.1.7 1.1 System Requirements Operating System Mac OS X Leopard (10.5.0 and higher) (PPC is not supported, Intel only) Mac OS X Snow Leopard (10.6.0 and higher) Mac OS X Lion Mac OS X Mountain Lion Hardware Resources
3 iPassConnect 3.1 for Mac OS X Users Guide 2009 iPass Inc. Version 1.3, September 2009 Page 3 iPassConnect 3.1 for Mac OS X iPassConnect for Mac 3.1, is an easy-to-use network connectivity manager for Wi-Fi enabled Mac computers. It allows Mac users to connect to the Internet and enterprise resources through
d’annuaires LDAP, notamment: v IBM Tivoli Directory Server V5.2 v IBM Directory Server V4.1, V5.1 v IBM SecureWay Directory Server V3.2.2 v eNetwork LDAP Directory Server V2.1 v eNetwork X.500 Directory Server for AIX v Sun ONE Directory Server L’API LDAP offre des fonctions de serveur d’annuaires classiques, telles que l’écriture, la .
Oracle Directory (fka. SunOne) Oracle Internet Directory Microsoft Active Directory Application Mode (ADAM) Siemens DirX OpenLDAP eB2Bcom View500 Directory Server CA eTrust Directory SAP IDM Virtual Directory Server Any LDAP v3 compliant directory server SAP Busines
DNS is a requirement for Active Directory. Active Directory clients such as users computers) use DNS to find each other and locate services advertised in Active Directory by the Active Directory domain controllers. You must decide whether DNS will be integrated with Active Directory or not. It is easier to get Active Directory up and
While opening an AutoCAD 2000 drawing, you can use the Partial Open option to work with only part of the drawing file. If you are working with a large drawing, you can partially open the drawing and select a specific view and layers to work with instead of loading the entire drawing. See “Using Par- tial Open and Partial Load” on page 311. To open a drawing 1 In the Startup dialog box .
