• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
OpenDirectory, DirectoryServices, OpenLDAP architecture questions
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OpenDirectory, DirectoryServices, OpenLDAP architecture questions

  • Subject: OpenDirectory, DirectoryServices, OpenLDAP architecture questions
  • From: Michael L Torrie <email@hidden>
  • Date: Mon, 14 Mar 2005 15:57:47 -0700
I was referred to this list by Apple's tech support.  I'm seeking to
better understand how the parts of OpenDirectory all fit together.  I'm
experiencing massive problems with my two OpenDirectory services and I
need to better understand how things work so I can track these problems
down.  As near as I can tell the problems are all originating in
OpenLDAP and its interaction with PasswordService (the password server).

So here's my current understanding of how OpenDirectory is working:

1. netinfo provides a bridge between libc posix api calls (getpwnam,
etc) and the OpenDirectory API provided by DirectoryService
2. DirectoryService communicates with OpenLDAP to get name switching
information (uid-uidNumber mappings, user information, etc) and directly
with PasswordService to do authentication.  DirectoryService will not do
an actual LDAP bind to authenticate a user in this case because the user
is an OpenDirectory user and thus has information in the Password
server.
3. OpenLDAP talks to PasswordService whenever asked to perform a SASL
bind via standard LDAP protocol.  This only occurs if the user in
question is an OpenDirectory user.  If not, and the user has a normal
userPassword field, the bind is performed against that.

My questions so far are these:
1. Are my understandings so far correct?
2. What protocols do remote OpenDirectory clients use to communicate
with the server?  If authentication is done using PasswordServer, is
this done over a tcp/ip port other than ldap?  Where are these protocols
documented?

I have many more questions, but I'll wait to ask them until I have a
better understanding of how things work.

thank you very much.

Michael



--

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Prev by Date: Re: CFMessagePortSendRequest seems to ignore sendTimeout
  • Next by Date: Re: New and only webbrowser session does not play quicktime file
  • Previous by thread: Re: New and only webbrowser session does not play quicktime file
  • Next by thread: Re: OpenDirectory, DirectoryServices, OpenLDAP architecture questions
  • Index(es):
    • Date
    • Thread