
Concepts: About Open Directory
Apple has built an open, extensible directory services architecture, called Open Directory, into Mac OS X and Mac OS X Server. A Mac OS X client or Mac OS X Server computer can use Open Directory to retrieve authoritative information about users and network resources from a variety of directory services:
- LDAP service on a Mac OS X Server system
- NetInfo service on a computer with Mac OS X or Mac OS X Server
- Active Directory service on a Microsoft Windows server
- OpenLDAP or other LDAP service on a third-party server such as Sun One or Novell eDirectory
- NIS on a UNIX server
- BSD configuration files stored locally (not retrieved from a server)
Mac OS 9 and Mac OS 8 managed clients also use Open Directory to retrieve some user information.
In addition, Mac OS X and Mac OS X Server can use Open Directory to discover network services, such as file servers, that make themselves known with the Rendezvous, AppleTalk, SLP, or SMB service discovery protocols.
The Open Directory architecture also includes authentication service. Open Directory can securely store and validate the passwords of users who want to log in to client computers on your network or use other network resources that require authentication. Open Directory can also enforce such policies as password expiration and minimum length. Open Directory can also authenticate Windows computer users for domain login, file service, print service, and other Windows services provided by Mac OS X Server.