EHLO; MAIL FROM: Aaron; RCPT TO: You; SUBJECT: Enjoy!
Well, I’ve been swamped with work for the last 10 months and haven’t even come close to having a chance to sit down and write any well thought out blog entries. I was compelled though a couple weeks ago to write a new entry about the coolest new feature that I stumbled across in Apple’s still relatively new OS X 10.5.2 Server.
There are many reasons for why a company would want to integrate an Apple Open Directory server with a Microsoft Active Directory server, but the most common scenario is that a company already has a Windows centric IT environment. In this post we will explore this scenario along with an Apple centric environment that is looking to have full featured Windows client support and greater stability.
When Apple designed its directory service, simplicity was the likely the central focus. Open Directory is easy to configure and easy to administer, when it is working. Apple’s Open Directory quickly became the single most frustrating point of my research. Although Apple has created Open Directory from the solid foundation of Kerberos and OpenLDAP, they made a mistake at some point. I have been working on these issues for almost a year now, and I frequently ran into them while I was consulting for another Mac IT firm in Seattle. During this consulting stint that lasted for 6 months I completed over twenty OS X server installations had had direct access to resources at Apple to solve problems and report bugs. The issues that I ran into with Open Directory were ignored and denied by Apple. The stock answers that I continually received never addressed the problem.
Open Directory is Apple’s answer to Microsoft’s enterprise directory standard, Active Directory. Open Directory is the directory service and network authentication architecture at the core of Mac OS X Server starting with OS X Server 10.3 “Panther”. As with most of Apple’s technologies Open Directory is based on an open source technology, OpenLDAP, as well as its primary authentication protocol, Kerberos, which is borrowed from MIT’s Kerberos project