One of the mysteries for many is getting Macintoshes properly
integrated into corporate directory services, especially
Microsoftis Active Directory. Computerworld provided the recipe on Monday.
Directory Services can be daunting for even very technical administrators.
Once an organization settles on Microsoftis Active Directory for its
PCs, shoehorning Macs into the system can seem like an impossible task.
Understanding Kerberos, Appleis services and tools, how they work, and how
they fit in, in many cases is the difference between getting Macs accepted
or thrown out of many organizations.
There are three steps to understanding all this. The first is the history
of NetInfo, the original Directory Service on Mac OS X. The next is
the Lightweight Directory Access Protocol (LDAP). Finally, methods of
integration with Active Directory and Sunis NIS round out the challenge.
“Integrating directory services platforms often begins with modifying the schema of the platforms involved to be able to support the additional objects and attributes that make up Open Directoryis schema,” Ryan Fass wrote. “Often, the Open Directory schema will also be modified to accommodate the needs of the other platform. By supporting the additional information types, it becomes possible to not only perform queries between the platforms but also to store data for specific features, such as managed preferences. While this is a daunting task, the rewards can be worth it in large environments that need a broad solution for differing types of systems.
Often, when faced with this kind of cross-platform challenge, itis good to know
the issues and terminology. Apple provides all the hooks and tools. Even so, in most cases, just knowing where to start and what questions to ask is half the battle. It all starts with LDAP.