Re: DSLDAPv3PlugInConfig.plist is not updating

Because the Password server is multi-master, and the Kerberos KDC password changes are performed only through the OD Master's Kerberos KDC, you should still be able to change passwords etc as you used to (as long as the OD Master is running!)

Hmmmm, that's not making sense to me. You're saying that with DHCP supplied prefs, the computer should be able to go to any network and pickup the prefs dynamically, which is logical. If a computer moves from NetworkA to NetworkB then the prefs for NetworkA must be forgotten when it links up to NetworkB. Why would the computer not just download a new list of replicas each time it found itself on a new network and overwrite the old list? It would seem to me that just because it's using DHCP, that would not be reason enough to not have the list of replicas downloaded and written to the DSLDAPv3PluginConfig file. After all I'd suspect that the vast majority of client computers use DHCP to obtain their LDAP config data and the majority of those computers are fixed on a single network. If that were truly te case then most OS X clients would never get correct replica infomation. Can you point me to any documentation that backs up that claim?

I was never impressed by this decision, but that was the explanation I received when I raised it as an issue in the 10.3.9 timeframe as a bug report.

The question I was asked at that time is - I boot up on a new network - do I read my plist and try each replica in turn (including the long wait time when none of them respond) or do I read the DHCP configuration first? The behaviours of caching some of this info have started to change with newer revisions of OS X, but it was definitely the case in 10.3, and we conducted thorough testing to confirm it.

The suggested environment as above works around this quite acceptably, and gives good flexibility. Don't get me wrong - I know there's something very attractive about telling a Lab admin "just tick the tickbox and your Mac is configured.." then enabling a "Guest" account in OD to provide a very quickly configured lab of Macs in a school, for example - and I've been involved in some very well implemented solutions based on this config.

This is also similar to the "Location-based Directory Services" features that have been faded out of OS X client as well. I have requested a (deep breath here!) real Active Directory "sites and services" style configuration - which whilst not perfect, is a damn sight better than what we have available to us to advise our clients about the best servers to get to.. Nonetheless - the downside about Sites and Services etc is there is a dependency on the domain or DNS to provide that information, whereas Apple seems to be focused on making it easier to access any heterogeneous networks. This of course doesn't mean that OD couldn't turn into a "best of breed" environment, whilst still maintaining compatability.

There have been some steps in 10.5 to localise items with OD Relays introduced, but I agree with you - there still needs to be better flexibility on advising the client on how to configure itself, and failover.

References:
	>DSLDAPv3PlugInConfig.plist is not updating (From: "Chris McFarling" <email@hidden>)
	>Re: DSLDAPv3PlugInConfig.plist is not updating (From: David Colville <email@hidden>)
	>Re: DSLDAPv3PlugInConfig.plist is not updating (From: "Chris McFarling" <email@hidden>)