When Apple designed its directory service, simplicity was the likely the central focus. Open Directory is easy to configure and easy to administer, when it is working. Apple’s Open Directory quickly became the single most frustrating point of my research. Although Apple has created Open Directory from the solid foundation of Kerberos and OpenLDAP, they made a mistake at some point. I have been working on these issues for almost a year now, and I frequently ran into them while I was consulting for another Mac IT firm in Seattle. During this consulting stint that lasted for 6 months I completed over twenty OS X server installations had had direct access to resources at Apple to solve problems and report bugs. The issues that I ran into with Open Directory were ignored and denied by Apple. The stock answers that I continually received never addressed the problem.

(more…)

Open Directory is Apple’s answer to Microsoft’s enterprise directory standard, Active Directory. Open Directory is the directory service and network authentication architecture at the core of Mac OS X Server starting with OS X Server 10.3 “Panther”. As with most of Apple’s technologies Open Directory is based on an open source technology, OpenLDAP, as well as its primary authentication protocol, Kerberos, which is borrowed from MIT’s Kerberos project

(more…)