[unisog] Is Apple Open Directory really used somewhere ?

Peter C. Lai peter at simons-rock.edu
Wed Dec 16 23:18:16 GMT 2009


We are actively exploring a migration to OpenDirectory from OpenLDAP
in order to provide SSO services to Mac, Windows, and UNIX desktops and 
CIFS shares. OpenDirectory+KRB seems like a good/cheap drop-in replacement 
for MS AD and it provides interoperable schema support for traditional POSIX 
(RFC2307[bis]), Apple's netinfo-replacement schema, and AD's schema.

It should be relatively non-difficult to migrate from AD to OpenDirectory.
(IMO)

On 2009-12-16 10:46:58AM +0100, Krassimir Todorov wrote:
> Hello.
> 
> We would like to deploy Apple's Open Directory to manage our MycOS
> computer park.
> 
> We already have a custom built institutional meta-directory, which
> fills our OpenLDAP and Active Directory infrastructure.
> 
> We want to know if there is some university or enterprise already
> using Apple's Open Directory. We asked our local Apple vendors and
> support, but till now they were not of big help.
> 
> The goal for us is to manage about 2'000 MacOS hosts, 17'000 users and
> 2'000 user groups. Ideally Open Directory should be put in parallel to
> our OpenLDAP and Active Directory, linked only to our meta-directory.
> Another possibility would be to use a "magic triangle" as named by
> Apple, which makes MacOS machines to get informations from both Active
> Directory and Open Directory. But we think that such coupling between
> Active Directory and Open Directory will not be solid enough.
> 
> If you have such experience, or if you know someone who has some,
> please make me know.
> 
> Thank you very much !
> _______________________________________________________________________
> 
> Krassimir TODOROV
> responsable du groupe "Services de Base"
> Domaine IT - EPFL, Services informatiques
> Ecole Polytechnique Fédérale de Lausanne
> (Swiss Federal Institute of Technology)
> case postale 121, 1015 Lausanne 15 - Suisse
> bureau MA C0 644
> tél.: +41 21 693 22 41, fax: +41 21 693 22 20
> 
> http://dit.epfl.ch/
> http://www.epfl.ch/
> krassimir.todorov at epfl.ch
> _______________________________________________________________________
> 
>  GPG KeyFingerprint=7EF8 DBA0 3700 8A56 2E48  7899 C39E 6C16 FFEB F5C1
> _______________________________________________________________________
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog

-- 
===========================================================
Peter C. Lai                 | Bard College at Simon's Rock
Systems Administrator        | 84 Alford Rd.
Information Technology Svcs. | Gt. Barrington, MA 01230 USA
peter AT simons-rock.edu     | (413) 528-7428
===========================================================



More information about the unisog mailing list