A directory service provides a central repository for information about computer users and resources in an organization.
Storing administrative data in a central repository has many benefits:
It reduces data entry effort.
It certifies that network services and clients have consistent information about users and resources.
It simplifies administration of users and resources.
It provides identification, authentication, and authorization information for other network services.
In education and enterprise environments, directory services are the ideal way to manage users and computing resources. Organizations with as few as 10 people can benefit by deploying a directory service.
Directory services are doubly beneficial: they simplify system and network administration, and they simplify a user’s experience on the network.
With directory services, administrators can maintain information about all users—such as their names, passwords, and locations of network home directories—centrally, rather than on each computer. Directory services can also maintain centralized information about printers, computers, and other network resources.
Centralizing information about users and resources can reduce the system administrator’s information management burden, and each user has a centralized user account for logging in on any authorized computer on the network.
With centralized directory service and file service set up to host network home folders, wherever a user logs in, the user gets the same home folder, personal desktop, and individual preferences. The user always has access to personal networked files and can easily locate and use authorized network resources.
A directory service acts as an intermediary between app and system software processes, which need information about users and resources, and the directory domains that store the information.
As shown in the following figure, Open Directory provides directory services for Mac computers and Mac servers.
Open Directory can access information in one or several directory domains. A directory domain stores information in a specialized database that’s optimized to handle many requests for information and to find and retrieve information quickly.
Processes running on Mac computers can use Open Directory services to save information in directory domains. For example, when you create a user account with the Server app, Open Directory stores user name and other account information in a directory domain. You can then review user account information in the Server app or in Directory Editor of Directory Utility, which uses Open Directory to retrieve the user information from a directory domain.
Other application and system software processes can also use the user account information stored in directory domains. When someone attempts to log in to a Mac, the login process uses Open Directory services to validate the user name and password.
