Re: Apple's OpenDirectory

[Joe Rhodes <lists@joerhodes.com>]

Just as an FYI:

With Mac OS X, version 10.3, it is now all based on LDAP 
directly--OpenLDAP to be precise.  For authentication, at least with OS 
X server, it uses MIT Kerberos.  In 10.2, OpenDirectory could use LDAP 
as a back end, but the default was NetInfo.  In 10.3, the default is 
OpenLDAP.

Apple has their schema files in "/etc/openldap/".  IIRC, they are there 
in 10.2 as well.  You may be able to find what you're looking for 
there.

Cheers!
-Joe


On Jan 1, 2004, at 4:04 PM, Adam Williams wrote:

> > > I am coding a web form to add users to OpenDirectory. From slapcat, I
> > > see that Apple stores apple-user-mailattribute in some encrypted
> > > format. Can anyone pls tell me
> > > 1. how to encrypt user entered data into this attribute.
> > > 2. I am storing password as Crypt type. How to store in OpenDirectory
> > > format ?
> > What is OpenDirectory? What is its format?
>
> It is Apple Mac OS/X's odd LDAP-like directory,  sort of like M$'s
> Active Directory.
>
> > From the OpenRADIUS web site -
> "Mac OSX Server 10.2 (aka Jaguar) has built-in LDAP server
> functionality.  It's not a real LDAP server, but instead it's an LDAP
> interface to the Mac OS Server's authentication system.  Jaguar uses
> NetInfo, which is a left-over from the NeXT days.  NetInfo was (and
> still is) a parallel to LDAP, and was based on X.500 just like LDAP.
> But the implementation isn't quite compatible with LDAP.
> So Apple has written a set of API's called OpenDirectory, which is
> Apple's new way of handling directories and authentication between
> applications. Apple's LDAP installation is a front-end only, and it 
> uses
> OpenDirectory API to access the NetInfo directory.  Ya got all that?"
Joe Rhodes Consulting, LLC
www.joerhodes.com
608.358.0503