Open Directory is Apple’s answer to Microsoft’s enterprise directory standard, Active Directory. Open Directory is the directory service and network authentication architecture at the core of Mac OS X Server starting with OS X Server 10.3 “Panther”. As with most of Apple’s technologies Open Directory is based on an open source technology, OpenLDAP, as well as its primary authentication protocol, Kerberos, which is borrowed from MIT’s Kerberos project

Similar to other directory service environments, Open Directory stores and organizes information about users and computers, that is supposed to allow administrators to control network security and access control lists for file server access. A big difference between Open Directory and Active Directory is that Open Directory does not store server configuration information in its LDAP schema like Microsoft’s solution.

Open Directory natively only communicates with other Open Directory servers, but with tools available from Apple in the Directory Services application, it is possible to connect to Microsoft’s Active Directory as well.  Once Open Directory and Active Directory are connected it is possible for them to share the same Kerberos domain controller (KDC) for many important services (AFP, SMB, Login, WWW).

Open Directory include enterprise grade features that are beneficial to larger implementation such as Directory replication to a mirrored member server as well as integration with all of OS X’s other services such as Mail, VPN, Chat, Web, Xgrid, AFP, SMB, NFS, Windows, and Kerberos (In Open Directory exclusive implementations).

Be Sociable, Share!

•