Step 4: Configure a Mac client

Configuring a Mac client to talk to Open Directory is trivial. It is almost easier than launching iTunes. Go to your Mac client's Utilities folder and open up Directory Access.

From here, you want to check the LDAP option and select Configure. When the dialog box opens, select "New" and just type in When you select Continue, it will autoconfigure everything. You're done! Just reboot, and you'll be connected.

Selecting LDAP
Figure 3. Selecting LDAP

Create a New LDAP Connection
Figure 4. Create a New LDAP Connection

Step 5: Enabling Fast User Switching

By far the easiest way to test Open Directory user accounts is to enable Fast User Switching in System Preferences > Accounts > Login Options. This way you can just go into the upper-righthand corner of your screen and quickly test changes you make.

(Note: One gotcha to look out for is that there is a cascading authentication lookup scheme. If you already have a local account called "bob," then you create an Open Directory account called "bob," the local account wins. Keep that in mind if something doesn't seem to work the way you hoped!)

Step 6: Adding an Open Directory user

Fire up Workgroup Manager and add a new user. I suggest adding a new test user called "oduser." Create an easy password like "test" and save the user.

Now select the Home tab and create a local home directory for the new user on your client machine. (Note that you will need to manually create this later.) Click the "+" icon and under home, enter /Users/oduser. This will put the home directory field in the database. Now save.

Create a Local Home Directory
Figure 5. Create a Local Home Directory

Step 7: Adding a local home directory for the Open Directory User

We now need to create a local directory that corresponds with the home directory attribute. Open a shell as root and type in:

mkdir /Users/oduser

chown oduser:staff /Users/oduser

Step 8: Do a fast user switch test

Go to the upper-right corner and log in as oduser with the password "test." You should be able to log in, and skeleton account data will auto-populate /Users/oduser. You are now using Open Directory!

Fast User Switch Select
Figure 6. Fast User Switch Select


Open Directory is easy to use and set up, and it can be used in both massive corporate installations and small home setups. Open Directory can manage a heterogeneous environment consisting of Windows, Linux, and OS X clients, or it can seamlessly integrate into an Active Directory or LDAP world.

This article showed you a quick and dirty way to set up Open Directory from scratch and authenticate a Mac client against it. This barely scratches the surface of what Open Directory can really do. In the next part of this article, I will show you how to integrate a Linux file server to serve out common network home directories for OS X and Linux clients, as well as authenticate Linux boxes to Open Directory.

Noah Gift is the co-author of Python For Unix and Linux by O'Reilly. He is an author, speaker, consultant, and community leader, writing for publications such as IBM Developerworks, Red Hat Magazine, O'Reilly, and MacTech, and Manning.

