Apple Mac OS X Server Version 10.3 or Later Specifikace

Mac OS X ServerOpen DirectoryAdministrationFor Version 10.3 or Later034-2352_Cvr 9/12/03 10:29 AM Page 1

10 Preface About This Guide • Chapter 7, “Managing Directory Access,” explains how to use the Directory Access application. This chapter tells you

100 Chapter 7 Managing Directory Access Populating LDAP Directories With Data for Mac OS XAfter configuring access to LDAP directory domains and se

Chapter 7 Managing Directory Access 101 Learning About the Active Directory Plug-inYou can configure Mac OS X to access basic user account informat

102 Chapter 7 Managing Directory Access The Active Directory plug-in automatically discovers all domains in an Active Directory forest. You can con

Chapter 7 Managing Directory Access 103 6 Click Bind, authenticate as a user who has rights to set up a connection to the Active Directory domain,

104 Chapter 7 Managing Directory Access In addition, you must add the Active Directory domain to a custom search policy in the Authentication or Co

Chapter 7 Managing Directory Access 105 To specify a server you prefer the Active Directory plug-in to access:1 In Directory Access, click Services

106 Chapter 7 Managing Directory Access To specify which groups of Active Directory user accounts have administrator privileges:1 In Directory Acce

Chapter 7 Managing Directory Access 107 To create an Active Directory server configuration:1 In Directory Access, click Services.2 If the lock icon

108 Chapter 7 Managing Directory Access 5 Optionally, enter the DNS name or the IP address of the server or servers where the NIS domain resides.If

Chapter 7 Managing Directory Access 109 Setting Up Data in BSD Configuration FilesIf you want a Mac OS X computer to get administrative data from B

Preface About This Guide 11 Getting Additional InformationMac OS X Server comes with a suite of guides that explain other services and provide inst

110 Chapter 7 Managing Directory Access About NetInfo BindingWhen a Mac OS X computer starts up, it can bind its local directory domain to a shared

Chapter 7 Managing Directory Access 111 Configuring NetInfo BindingUsing Directory Access, you can configure Mac OS X or Mac OS X Server to bind to

112 Chapter 7 Managing Directory Access 8 Choose New Property from the Directory menu. 9 Change new_property to “serves” and then change new_value

Chapter 7 Managing Directory Access 113 Setting Up Directory Access on a Remote ServerYou can use the Directory Access application on your computer

LL2352.Book Page 114 Friday, August 22, 2003 3:12 PM

8 1158 Maintenance and Problem SolvingYou can monitor Open Directory services, view and edit raw data from Open Directory domains, and back up Op

116 Chapter 8 Maintenance and Problem Solving To see directory services status or logs:1 Open Server Admin and select Open Directory for a server i

Chapter 8 Maintenance and Problem Solving 117 You can also click the All Records button, which is next to the Computers button, and choose a record

118 Chapter 8 Maintenance and Problem Solving 5 Locate RecordName in the list of attributes, and if a triangle appears next to RecordName, click th

Chapter 8 Maintenance and Problem Solving 119 This use of slapcat saves the complete contents of the LDAP directory as a raw LDIF dump in a text fi

12 Preface About This Guide For more information, consult these resources:• Read Me documents contain important updates and special information. Lo

120 Chapter 8 Maintenance and Problem Solving Restoring Open Directory FilesTo restore an Open Directory master from backup files, you need to rest

Chapter 8 Maintenance and Problem Solving 121 8 Type the following command and press Return.mkpassdb -mergedb backup folder pathnameThis use of mkp

122 Chapter 8 Maintenance and Problem Solving Solving Authentication ProblemsYou can solve some common problems with authentication services.A User

Chapter 8 Maintenance and Problem Solving 123 Resetting an Administrator PasswordUsing the Mac OS X Server installation disc, you can change the pa

LL2352.Book Page 124 Friday, August 22, 2003 3:12 PM

125AppendixAA Mac OS X Directory DataKnowing the Open Directory LDAP schema and the record types and attributes in Mac OS X directory domains ca

126 Appendix A Mac OS X Directory Data Use these specifications for reference when you:• Map object classes and attributes of non-Apple LDAP direct

Appendix A Mac OS X Directory Data 127 User Object ClassThe apple-user object class is an auxiliary class used to store Mac OS X specific attribute

128 Appendix A Mac OS X Directory Data Machine Auxiliary Object Classobjectclass (1.3.6.1.4.1.63.1000.1.1.2.3NAME 'apple-machine'SUP topA

Appendix A Mac OS X Directory Data 129 macAddress $apple-computer-list-groups $apple-mcxflags $apple-mcxsettings $apple-xmlplist $authAuthority $ui

1 131 Directory Service ConceptsA directory service provides a central repository for information about computer users and network resources in a

130 Appendix A Mac OS X Directory Data Preset Computer List Object Classobjectclass (1.3.6.1.4.1.63.1000.1.1.2.13NAME 'apple-preset-computer-l

Appendix A Mac OS X Directory Data 131 apple-mcxflags $apple-mcxsettings $apple-user-adminlimits $apple-user-passwordpolicy $userPassword $apple-us

132 Appendix A Mac OS X Directory Data Attributes in Open Directory LDAP SchemaThis section defines the Open Directory LDAP attributes that extend

Appendix A Mac OS X Directory Data 133 apple-user-mailattributeStores mail-related settings as XML. attributetype (1.3.6.1.4.1.63.1000.1.1.1.1.9NAM

134 Appendix A Mac OS X Directory Data apple-user-pictureStores a file system path to the picture to use for this user record when displayed in log

Appendix A Mac OS X Directory Data 135 apple-user-authenticationhintThe apple-user-authenticationhint is used by login window to provide a hint if

136 Appendix A Mac OS X Directory Data apple-generateduidattributetype (1.3.6.1.4.1.63.1000.1.1.1.1.20NAME ( 'apple-generateduid' )DESC &

Appendix A Mac OS X Directory Data 137 apple-group-homeownerThe apple-group-homeowner attribute determines the owner of the workgroup home director

138 Appendix A Mac OS X Directory Data Machine Attributesapple-machine-softwareattributetype (1.3.6.1.4.1.63.1000.1.1.1.3.8NAME 'apple-machine

Appendix A Mac OS X Directory Data 139 Mount attributesmountDirectoryattributetype (1.3.6.1.4.1.63.1000.1.1.1.8.1NAME 'mountDirectory'DES

14 Chapter 1 Directory Service Concepts Apple has built an open, extensible directory services architecture, called Open Directory, into Mac OS X a

140 Appendix A Mac OS X Directory Data mountPassNoattributetype (1.3.6.1.4.1.63.1000.1.1.1.8.5NAME 'mountPassNo'DESC 'mount passno&a

Appendix A Mac OS X Directory Data 141 apple-printer-typeattributetype (1.3.6.1.4.1.63.1000.1.1.1.9.4NAME 'apple-printer-type'DESC '

142 Appendix A Mac OS X Directory Data apple-computer-list-groupsattributetype (1.3.6.1.4.1.63.1000.1.1.1.11.4NAME 'apple-computer-list-groups

Appendix A Mac OS X Directory Data 143 apple-config-realnameattributetype (1.3.6.1.4.1.63.1000.1.1.1.12.3NAME 'apple-config-realname'DESC

144 Appendix A Mac OS X Directory Data apple-kdc-authkeyattributetype (1.3.6.1.4.1.63.1000.1.1.1.12.7NAME 'apple-kdc-authkey'DESC 'K

Appendix A Mac OS X Directory Data 145 Location Attributesapple-dns-domainattributetype (1.3.6.1.4.1.63.1000.1.1.1.18.1NAME 'apple-dns-domain&

146 Appendix A Mac OS X Directory Data Record Type Mappings for UsersAttribute Mappings for UsersOpen Directory name,RFC/classLDAP object class nam

Appendix A Mac OS X Directory Data 147 GeneratedUID,Apple registeredapple-generateduid1.3.6.1.4.1.63.1000.1.1.1.1.20From GUID—formattedRecordName,R

148 Appendix A Mac OS X Directory Data SMBAccountFlags,Samba registered,Apple PDCacctFlags1.3.6.1.4.1.7165.2.1.41.2.840.113556.1.4.302 (Microsoft)S

Appendix A Mac OS X Directory Data 149 Mappings for GroupsThe following tables specify how the LDAPv3 plug-in in Directory Access maps the Open Dir

Chapter 1 Directory Service Concepts 15 Directory Services and Directory DomainsA directory service acts as an intermediary between application and

150 Appendix A Mac OS X Directory Data Attribute Mappings for GroupsMappings for MountsThe following tables specify how the LDAPv3 plug-in in Direc

Appendix A Mac OS X Directory Data 151 Attribute Mappings for MountsMappings for ComputersThe following tables specify how the LDAPv3 plug-in in Di

152 Appendix A Mac OS X Directory Data AuthenticationAuthority,Apple registeredauthAuthority1.3.6.1.4.1.63.1000.1.1.2.16.1Apple extended schemaGene

Appendix A Mac OS X Directory Data 153 Mappings for ComputerListsThe following tables specify how the LDAPv3 plug-in in Directory Access maps the O

154 Appendix A Mac OS X Directory Data Attribute Mappings for ConfigMappings for PeopleThe following tables specify how the LDAPv3 plug-in in Direc

Appendix A Mac OS X Directory Data 155 Attribute Mappings for PeopleOpen Directory name,RFC/classLDAP attribute nameOIDActive Directory plug-inReco

156 Appendix A Mac OS X Directory Data Mappings for PresetComputerListsThe following tables specify how the LDAPv3 plug-in in Directory Access maps

Appendix A Mac OS X Directory Data 157 Attribute Mappings for PresetGroupsMappings for PresetUsersThe following tables specify how the LDAPv3 plug-

158 Appendix A Mac OS X Directory Data MailAttribute,Apple registeredapple-user-mailattribute1.3.6.1.4.1.63.1000.1.1.1.1.9Apple extended schemaPrin

Appendix A Mac OS X Directory Data 159 Mappings for PrintersThe following tables specify how the LDAPv3 plug-in in Directory Access maps the Open D

16 Chapter 1 Directory Service Concepts Other application and system software processes can also use the user account information stored in directo

160 Appendix A Mac OS X Directory Data Mappings for AutoServerSetupThe following tables specify how the LDAPv3 plug-in in Directory Access maps the

Appendix A Mac OS X Directory Data 161 Attribute Mappings for LocationsStandard Attributes in User RecordsThe following table specifies facts about

162 Appendix A Mac OS X Directory Data UniqueID: A unique user identifier, used for access privilege managementSIgned 32-bit ASCII string of digits

Appendix A Mac OS X Directory Data 163 MCXSettings:A user’s managed preferencesUTF-8 XML plist, multivaluedAdminLimits:The privileges allowed by Wo

164 Appendix A Mac OS X Directory Data AuthenticationAuthority:Describes the user’s authentication methods, such as Open Directory or crypt passwor

Appendix A Mac OS X Directory Data 165 User Data That Mac OS X Server UsesThe following table describes how your Mac OS X Server uses data from use

166 Appendix A Mac OS X Directory Data Standard Attributes in Group RecordsThe following table specifies facts about the standard attributes, or da

Appendix A Mac OS X Directory Data 167 HomeDirectory: The location of an AFP-based home directory for the groupStructured UTF-8 text <home_dir&g

168 Appendix A Mac OS X Directory Data Standard Attributes in Computer RecordsThe following table specifies facts about the standard attributes, or

Appendix A Mac OS X Directory Data 169 Standard Attributes in Computer List RecordsThe following table specifies facts about the standard attribute

Chapter 1 Directory Service Concepts 17 Data ConsolidationFor years, UNIX systems have stored administrative information in a collection of files l

170 Appendix A Mac OS X Directory Data Standard Attributes in Mount Records The following table specifies facts about the standard attributes,

Appendix A Mac OS X Directory Data 171 Standard Attributes in Config RecordsThe following table specifies facts about the standard attributes, or d

LL2352.Book Page 172 Friday, August 22, 2003 3:12 PM

173AppendixBB Open Directory Password Server Authentication MethodsOpen Directory Password Server is based on the SASL standard for supporting m

174 Appendix B Open Directory Password Server Authentication Methods Note: Disabling or enabling an authentication method may necessitate resettin

Appendix B Open Directory Password Server Authentication Methods 175 Digest-MD5 Password ValidationDigest-MD5 is used by the Mac OS X login window,

176 Appendix B Open Directory Password Server Authentication Methods WebDAV-Digest Password ValidationWebDAV-Digest handles Digest-MD5 password val

177AppendixCC Authentication ManagerMac OS X Server supports users that were configured to use the legacy Authentication Manager technology in M

LL2352.Book Page 178 Friday, August 22, 2003 3:12 PM

179GlossaryGlossaryActive Directory The directory service of Microsoft Windows 2000 and 2003 servers.administrator A user with server or direc

18 Chapter 1 Directory Service Concepts Processes no longer need to know how and where administrative data is stored. Open Directory gets the data

180 Glossary DHCP (Dynamic Host Configuration Protocol) A protocol used to distribute IP addresses to client computers. Each time a client comput

Glossary 181 Kerberos A secure network authentication system. Kerberos uses tickets, which are issued for a specific user, service, and period of

182 Glossary owner The person who created a file or folder and who therefore has the ability to assign access privileges for other users. The own

Glossary 183 SMB (Server Message Block) A protocol that allows client computers to access files and network services. It can be used over TCP/IP,

LL2352.Book Page 184 Friday, August 22, 2003 3:12 PM

185IndexIndexAaccess privileges, directory services and 20Active Directoryadministrator groups 105configuring access to 102credential caching 104e

186 Index computer attributes 141computer list attributes 169computer list object class 129computer list records, attributes of 141computer obj

Index 187Jjoining a Kerberos domain 63KKDCSee KerberosKerberized services 37Kerberosauthentication process 38enabling 79KDC built in 37Open D

188 Index disabling domain 66, 68, 69enabling and disabling access 85migrating domain to LDAP 66parent 109port configuration 112shared domain

Index 189preset user object class 130principals, Kerberos 37printer attributes 140printer object class 128protocolsSee also specific protocols

Chapter 1 Directory Service Concepts 19 Open Directory solves this problem by letting you store administrative data in a directory domain that can

190 Index See mappingticket, Kerberos 38ticket-granting ticket, Kerberos 38UUNIXBSD configuration files 108compared to Open Directory 16–18info

 Apple Computer, Inc.© 2003 Apple Computer, Inc. All rights reserved. The owner or authorized user of a valid copy of Mac OS X Server software ma

20 Chapter 1 Directory Service Concepts • Folder and file access: After logging in successfully, a user can access files and folders. Mac OS X use

Chapter 1 Directory Service Concepts 21 Inside a Directory DomainInformation in a directory domain is organized into record types, which are specif

22 Chapter 1 Directory Service Concepts After login, the user could choose “Connect to Server” from the Go menu and connect to Mac OS X Server for

Chapter 1 Directory Service Concepts 23 Shared domains generally reside on servers because directory domains store extremely important data, such a

24 Chapter 1 Directory Service Concepts If you wanted some users to be able to log in to any computer, you could create their user records in anoth

Chapter 1 Directory Service Concepts 25 The order in which Mac OS X searches directory domains is configurable. A search policy determines the orde

26 Chapter 1 Directory Service Concepts • Service Location Protocol (SLP), an open standard for discovering file and print services • Server Me

2 272 Open Directory Search PoliciesEach computer has a search policy that specifies one or more directory domains and the sequence in which Open

28 Chapter 2 Open Directory Search Policies Local Directory Search PolicyThe simplest search policy consists only of a computer’s local directory.

Chapter 2 Open Directory Search Policies 29 Each class (English, math, science) has its own computer. The students in each class are defined as use

3 3 Contents Preface 9 About This Guide10 Using This Guide 11 Getting Additional Information Chapter 1 13 Directory Service Concepts15 Direc

30 Chapter 2 Open Directory Search Policies Here’s a scenario in which more than one shared directory might be used:Each class (English, math, scie

Chapter 2 Open Directory Search Policies 31 Next the automatic search policy looks at the binding of shared NetInfo domains. The computer’s local d

32 Chapter 2 Open Directory Search Policies Custom Search PoliciesIf you don’t want a Mac OS X computer to use the automatic search policy supplied

3 333 User Authentication With Open DirectoryOpen Directory offers a variety of options for authenticating users whose accounts are stored in dir

34 Chapter 3 User Authentication With Open Directory You experience authentication and authorization when you use a credit card. The merchant authe

Chapter 3 User Authentication With Open Directory 35 Open Directory AuthenticationWhen a user’s account has a password type of Open Directory, the

36 Chapter 3 User Authentication With Open Directory Open Directory Password Server Authentication MethodsThe Open Directory Password Server is bas

Chapter 3 User Authentication With Open Directory 37 • The password is stored in recoverable (clear text) or hashed (encrypted) form. The form depe

38 Chapter 3 User Authentication With Open Directory Here are examples of realm and principal names; note that realm names are capitalized by conve

Chapter 3 User Authentication With Open Directory 39 Note that the service does not need to know any password or password policy information. Once

4 Contents 36 Contents of Open Directory Password Server Database 37 Kerberos Authentication 37 Kerberized Services 37 Kerberos Principals and Realms

40 Chapter 3 User Authentication With Open Directory A shadow password is stored as several hashes in a file on the same computer as the directory

Chapter 3 User Authentication With Open Directory 41 Different hash functions are used to encrypt shadow and crypt passwords. For crypt passwords,

42 Chapter 3 User Authentication With Open Directory LDAP Bind AuthenticationFor user accounts that reside in an LDAP directory on a non-Apple serv

4 434 Open Directory PlanningLike the plumbing and wiring in a building, directory services for a network must be planned in advance, not on an a

44 Chapter 4 Open Directory Planning If you want to share information among Mac OS X computers, you need to set up at least one shared directory do

Chapter 4 Open Directory Planning 45 If you want all computers to have access to certain administrative data, you store the data in a shared direct

46 Chapter 4 Open Directory Planning The Open Directory server may actually be able to provide LDAP and authentication services to more client comp

Chapter 4 Open Directory Planning 47 Replicating Open Directory ServicesMac OS X Server supports replication of the LDAP directory service, the Ope

48 Chapter 4 Open Directory Planning Having more replicas does have a disadvantage. Replicas communicate with each other and with the master over t

Chapter 4 Open Directory Planning 49 Open Directory SecurityWith Mac OS X Server version 10.3, a server that has a shared LDAP directory domain als

Contents 5 63 Setting LDAP Options 64 Setting the Replication Frequency of an Open Directory Master 64 Changing the Location of an LDAP Database 65 L

50 Chapter 4 Open Directory Planning Replication introduces a minimal increase in security risk. The replicated LDAP directory data has no access c

Chapter 4 Open Directory Planning 51 For basic information about using Server Admin, see the chapter on server administration in the getting starte

52 Chapter 4 Open Directory Planning NetInfo ManagerYou use NetInfo Manger to view and change records, attributes, and values in legacy NetInfo dom

5 535 Setting Up Open Directory ServicesYou can use Server Admin to set up the Open Directory role of a server, set up single signon and Kerberos

54 Chapter 5 Setting Up Open Directory Services Step 6: Migrate upgraded servers from NetInfo to LDAPSee “Migrating a Directory Domain From Netinf

Chapter 5 Setting Up Open Directory Services 55 Managing Open Directory on a Remote ServerYou can install Server Admin on a computer with Mac OS X

56 Chapter 5 Setting Up Open Directory Services Setting Up an Open Directory MasterUsing Server Admin, you can set up Mac OS X Server to be an Open

Chapter 5 Setting Up Open Directory Services 57 • You can configure DHCP service to supply the Open Directory master as an LDAP server to computers

58 Chapter 5 Setting Up Open Directory Services Important: If you change a Mac OS X Server computer that was connected to another directory system

Chapter 5 Setting Up Open Directory Services 59 You can configure Mac OS X computers to connect to an Open Directory replica instead of the Open Di

6 Contents 90 Accessing LDAP Directories 91 Enabling or Disabling Use of a DHCP-Supplied LDAP Directory91 Showing or Hiding Options for LDAP Director

60 Chapter 5 Setting Up Open Directory Services Setting Up a Connection to a Directory SystemUsing Server Admin, you can set up Mac OS X Server to

Chapter 5 Setting Up Open Directory Services 61 Setting Up Single Signon and KerberosSetting up single signon and Kerberos authentication involves

62 Chapter 5 Setting Up Open Directory Services A server that is an Open DIrectory master requires no additional configuration to support single si

Chapter 5 Setting Up Open Directory Services 63 Administrator Name: Enter the name of an LDAP directory administrator on the Open Directory master

64 Chapter 5 Setting Up Open Directory Services Setting the Replication Frequency of an Open Directory MasterUsing Server Admin, you can specify ho

Chapter 5 Setting Up Open Directory Services 65 Limiting Search Results for LDAP ServiceUsing Server Admin, you can prevent one type of denial-of-s

66 Chapter 5 Setting Up Open Directory Services To set up SSL communications for LDAP service:1 Open Server Admin and in the Computers & Servic

Chapter 5 Setting Up Open Directory Services 67 Migration to LDAP does not change how user passwords are validated except for passwords validated b

68 Chapter 5 Setting Up Open Directory Services 6 After migration finishes, set up DHCP service to provide the LDAP server’s address to client comp

Chapter 5 Setting Up Open Directory Services 69 Disabling NetInfo After Migrating to LDAPIf none of the client computers on your network needs NetI

Contents 7121 A Delay Occurs During Startup122 Solving Authentication Problems122 A User’s Password Can’t Be Modified122 A User Can’t Authenticate for

LL2352.Book Page 70 Friday, August 22, 2003 3:12 PM

6 716 Managing User AuthenticationThe authentication services included with Mac OS X Server don’t require any setup, but you can change how each

72 Chapter 6 Managing User Authentication Composing a PasswordThe password associated with a user’s account must be entered by the user when he or

Chapter 6 Managing User Authentication 73 If you change the password of an account whose password type is Open Directory and the account resides in

74 Chapter 6 Managing User Authentication Changing the Global Password PolicyUsing Server Admin, you can set a global password policy for user acco

Chapter 6 Managing User Authentication 75 Setting Password Policies for Individual UsersUsing Workgroup Manager, you can set password policies for

76 Chapter 6 Managing User Authentication Changing a User’s Password TypeYou can set the password type on the Advanced pane of Workgroup Manager to

Chapter 6 Managing User Authentication 77 To specify that a user account authenticate using Open Directory:1 Make sure the user’s account resides i

78 Chapter 6 Managing User Authentication Changing the Password Type to Crypt PasswordUsing Workgroup Manager, you can specify that a crypt passwor

Chapter 6 Managing User Authentication 79 Changing the Password Type to Shadow PasswordUsing Workgroup Manager, you can specify that a user have a

8 Contents176 WebDAV-Digest Password ValidationAppendix C 177 Authentication ManagerGlossary 179Index 185LL2352.Book Page 8 Friday, August 22, 2003

80 Chapter 6 Managing User Authentication Enabling LDAP Bind Authentication for a UserYou can use Workgroup Manager to enable the use of LDAP bind

Chapter 6 Managing User Authentication 81 Exporting and Importing Users Whose Password Type Is Open DirectoryWhen you export user accounts whose pa

82 Chapter 6 Managing User Authentication Migrating Passwords to Open Directory AuthenticationUser accounts can be migrated from earlier versions o

7 837 Managing Directory AccessYou can use Directory Access to set up and manage how a computer with Mac OS X or a server with Mac OS X Server ac

84 Chapter 7 Managing Directory Access Enabling or Disabling Active Directory ServiceYou can use Directory Access to enable or disable the use of A

Chapter 7 Managing Directory Access 85 Enabling or Disabling LDAP Directory ServicesYou can use Directory Access to enable or disable access to dir

86 Chapter 7 Managing Directory Access Enabling or Disabling Rendezvous Service DiscoveryYou can use Directory Access to enable or disable the disc

Chapter 7 Managing Directory Access 87 Configuring SMB Service DiscoveryYou can configure how Mac OS X uses the Server Message Block (SMB) protocol

88 Chapter 7 Managing Directory Access Each search policy, authentication and contacts, can be set to Automatic, Local directory, or Custom path.•

Chapter 7 Managing Directory Access 89 Defining Custom Search PoliciesUsing Directory Access, you can configure a Mac OS X computer’s authenticatio

9PrefaceAbout This GuideThis guide describes the directory services and authentication services that Mac OS X Server can provide to Mac OS X cli

90 Chapter 7 Managing Directory Access To have a search policy use only the local directory domain:1 In Directory Access, click the Authentication

Chapter 7 Managing Directory Access 91 Enabling or Disabling Use of a DHCP-Supplied LDAP DirectoryUsing Directory Access, you can configure a Mac O

92 Chapter 7 Managing Directory Access Configuring Access to an LDAP DirectoryYou can use Directory Access to create a configuration that specifies

Chapter 7 Managing Directory Access 93 Changing a Configuration for Accessing an LDAP DirectoryYou can use Directory Access to change the settings

94 Chapter 7 Managing Directory Access 6 Change any of the duplicate configuration’s settings.Enable: Click a checkbox to enable or disable access

Chapter 7 Managing Directory Access 95 Changing the Connection Settings for an LDAP DirectoryYou can use Directory Access to change the connection

96 Chapter 7 Managing Directory Access Configuring LDAP Searches and MappingsUsing Directory Access, you can edit the mappings, search bases, and s

Chapter 7 Managing Directory Access 97 8 Add record types and change their search bases as needed. To add record types, click the Add button below

98 Chapter 7 Managing Directory Access 10 Click Write to Server if you want to store the mappings in the LDAP directory so that it can supply them

Chapter 7 Managing Directory Access 99 8 Change “Map to __ items in list” to All and change the list on the right to the exact set of LDAP object c