When Apple designed its directory service, simplicity was the likely the central focus. Open Directory is easy to configure and easy to administer, when it is working. Apple’s Open Directory quickly became the single most frustrating point of my research. Although Apple has created Open Directory from the solid foundation of Kerberos and OpenLDAP, they made a mistake at some point. I have been working on these issues for almost a year now, and I frequently ran into them while I was consulting for another Mac IT firm in Seattle. During this consulting stint that lasted for 6 months I completed over twenty OS X server installations had had direct access to resources at Apple to solve problems and report bugs. The issues that I ran into with Open Directory were ignored and denied by Apple. The stock answers that I continually received never addressed the problem.

(more…)