site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com I was referred to this list by Apple's tech support. I'm seeking to better understand how the parts of OpenDirectory all fit together. I'm experiencing massive problems with my two OpenDirectory services and I need to better understand how things work so I can track these problems down. As near as I can tell the problems are all originating in OpenLDAP and its interaction with PasswordService (the password server). So here's my current understanding of how OpenDirectory is working: 1. netinfo provides a bridge between libc posix api calls (getpwnam, etc) and the OpenDirectory API provided by DirectoryService 2. DirectoryService communicates with OpenLDAP to get name switching information (uid-uidNumber mappings, user information, etc) and directly with PasswordService to do authentication. DirectoryService will not do an actual LDAP bind to authenticate a user in this case because the user is an OpenDirectory user and thus has information in the Password server. 3. OpenLDAP talks to PasswordService whenever asked to perform a SASL bind via standard LDAP protocol. This only occurs if the user in question is an OpenDirectory user. If not, and the user has a normal userPassword field, the bind is performed against that. My questions so far are these: 1. Are my understandings so far correct? 2. What protocols do remote OpenDirectory clients use to communicate with the server? If authentication is done using PasswordServer, is this done over a tcp/ip port other than ldap? Where are these protocols documented? I have many more questions, but I'll wait to ask them until I have a better understanding of how things work. thank you very much. Michael -- _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... This email sent to site_archiver@lists.apple.com