Home Forums OS X Server and Client Discussion Open Directory Setting Open Directory Administrators to be admins to other Directories

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • February 14, 2007 at 7:01 pm #368319
    velo2k77
    Participant

    Background:
    I have an open directory system with one open directory master, and two replicas. We connect our various sites into the open directory system, then we upgrade the local sites to be their own open directory masters. In directory access on the local servers the authentication order is set as:

    /Netinfo/DefaultLocalNode
    /LDAPv3/127.0.0.1
    /LDAPv3/odmaster

    The directory administrators on the odmaster are able to administrate the odmaster domain. The directory administrators on the local servers can admin those local directories. We need the upper admins to be recognized as admins of the lower directory servers. Anyone know the best method to do this or know where to point me for some good documentation?

    Thanks

    February 15, 2007 at 7:16 am #368325
    velo2k77
    Participant

    Thanks, I’ll look into trying that. I was looking into nesting our admin users withing the lower odmaster’s groups, but I like your idea better.

    As far as why our directory is setup in it’s current way, I believe a previous admin was looking to compartmentalize the domains and give each site the ability to manage their own local directory without being able to monkey with upper level directory users, groups and mcx settings. We are currently mixing computer list mcx settings from the upper domain with group list settings on the lower domain.

    Our client’s directory access authentication settings are as follows:
    /Netinfo/DefaultLocalNode
    /LDAPv3/localodmaster
    /LDAPv3/odmaster

    Me and the current co’admins have looked into demoting the lower level directories back to stand alone then making them replicas but have yet to pursue that course of action further. It’s a curious setup but so far it works.

    Thanks

    February 16, 2007 at 6:14 pm #368337
    velo2k77
    Participant

    We currently have 59 sites each with their own local open directory domain. The only client stations being managed are labs. The lab stations login with a local user then obtain mcx settings from a group on the local domain then more mcx settings from the upper domain. Eventually we may be connecting the whole thing into an active directory which will have the massive bulk of our users.

    February 19, 2007 at 3:59 am #368342
    velo2k77
    Participant

    Fantastic, I finally got a chance to try that out in my test environment. Your suggestion worked great, now to deploy it in the real world.

    Thank you to MacTroll,
    Richard Bezanson,
    Jordan School District

    Oh, and I noticed that I probably should have posted this in the questions and answers section. Sorry about putting this post here.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.