- Introducing Directory Services Concepts
- What Is Open Directory?
- Overview of Open Directory Components
- Configuring Open Directory
- Managing Network User Accounts
- Connecting to the Shared LDAP Directory
- Configuring an Open Directory Replica
- Using Authentication Methods on Mac OS X Server
- Archiving and Restoring Open Directory Data
- Troubleshooting
- What You've Learned
- References
- Review Quiz
This chapter is from the book
This chapter is from the book
This chapter is from the book
Configuring an Open Directory Replica
Open Directory enables you to replicate servers, that is, to create and maintain one or more exact copies of your server’s LDAP, password, and Kerberos databases. Open Directory also provides automatic load balancing between replicated servers. As a result, you can scale your directory infrastructure and improve search-and-retrieval time on distributed networks. Replication also protects against network outages because client systems can use any replica in your organization.
In Mac OS X Server v10.5, you can create nested replicas, that is, replicas of replicas. One master can have up to 32 replicas, and those replicas can have 32 replicas each; this totals 1056 replicas and one master, totaling 1057 authentication servers for a single Open Directory domain. Nesting replicas is accomplished by joining one replica to your Open Directory master, and then joining other replicas to the first replica.
)
If you already have an open directory master server set up, you can configure a second Mac OS X server as a directory replica to provide the same directory information and authentication information as the master. The replica server hosts a copy of the master’s LDAP directory and its Kerberos KDC. The Password Server authentication database is copied and is also writable on the master and any replicas. When data is transferred from the master to any replica, that data is encrypted as it is copied over. Replicas need a serial number that is different from that of the master, unless a site license is purchased from Apple.
Configure Your Server to Host a Replica of an Open Directory Master
You will be stepping through the process of hosting a Replica of your Mac OS X Server Open Directory master. If you have only one Mac OS X Server and one Mac OS X computer, you can read through this exercise but not complete it.
- Launch Server Admin and select Open Directory in the services list on the left and add Open Directory, as shown in the following
figure.
Alternatively, you can follow the instructions on adding a service in Lesson 2, “Providing Basic DNS Service” (when the DNS service was added).
Whatever the current role of the server, the goal is to make the server an Open Directory replica.
- Select the Settings button in the toolbar, click the General tab, and click the Change button to launch the Service Configuration Assistant, just as you did when you created an Open Directory master from a standalone server earlier in this lesson.
- Once the Service Configuration Assistant opens, select Open Directory Replica in the list and click Continue.
- Configure the replica with the following parameters:
- IP address or FQDN of the Open Directory master
- Root password on Open Directory master
- Domain administrator’s short name
- Domain administrator’s password
- Click Continue.
At this point, the server is becoming a replica of an Open Directory master.
)
)
)
)
)
Once the replica has been established, viewing the Open Directory general settings of either the Open Directory master server or the Open Directory replica server will display the IP address of the Open Directory master and the IP address(es) of any Open Directory replicas.
)
Once a single replica has been established, other Mac OS X Servers can be set up as replicas of replicas. This increases the redundancy and potentially improves performance of the entire Open Directory structure.