Open Directory makes it possible to consolidate and maintain network information easily in a directory domain, but this information has value only if application and system software processes running on network computers access the information.
Here are some ways in which OS X and app software use directory data:
Login: Directory Editor in Directory Utility can create user records in a directory domain, and these records can be used to authenticate users who log in to a Mac. When a user specifies a name and a password in the login window, the login process asks Open Directory to authenticate the name and password. Open Directory uses the name to find the user’s account record in a directory domain and uses other data in the user record to validate the password.
Folder and file access: After logging in, a user can access files and folders. OS X uses other data from the user record to determine the user’s access privileges for each file or folder.
Home folders: Each user record in a directory domain stores the location of the user’s home folder. This is where the user keeps personal files, folders, and preferences. A user’s home folder can be located on a computer the user always uses or it can be located on a network file server.
Automount share points: You can configure Share points to automount (appear automatically) in the /Network folder (the Network globe) in the Finder windows of client computers. Information about these automount share points is stored in a directory domain. Share points are folders, disks, or disk partitions you make accessible over the network.
Mail account settings: Each user’s record in a directory domain specifies whether the user has mail service, which mail protocols to use, how to present incoming mail, whether to alert the user when mail arrives, and so forth.
Resource usage: Disk, print, and mail quotas can be stored in each user record of a directory domain.
Managed client information: The administrator can manage the OS X environment of users whose account records are stored in a directory domain. The administrator makes mandatory preference settings that are stored in the directory domain and override users’ personal preferences.
Group management: In addition to user records, a directory domain also stores group records. Each group record affects all users who are in the group. Information in group records specifies preference settings for group members. Group records also determine access to files, folders, and computers.
Managed network views: The administrator can set up custom views that users see when they select the Network icon in the sidebar of a Finder window. Because these managed network views are stored in a directory domain, they’re available when a user logs in.
Open Directory can access directory domains for the following kinds of directory services:
Lightweight Directory Access Protocol (LDAP), an open standard common in mixed environments of Mac, UNIX, and Windows computers. LDAP is the native directory service for shared directories in OS X Server.
Local directory domain, the local directory service for OS X and OS X Server v10.6 or later.
Active Directory, the directory service of Microsoft Windows 2000 and 2003 servers and later.
Network Information System (NIS), the directory service of many UNIX servers.
BSD flat files, the legacy directory service of UNIX systems.