Authenticated vs anonymous OD binding

[PERTnet]

Could someone help me understand the functional difference between binding to OD with authentication or not?

I’m configuring a simple golden triangle, and my 10.5.8 server is only going to dish out MCX to the clients; no file, web, print or network services.

Considering what I’m using the server for, is there any compelling reason to use authenticated binding?
(I do like that the computer account gets created in OD, v.s. not when binding blind)

thanks,
Darrin

[arekdreyer]

When you set up authenticated binding, you get:
1) A computer account (or three!) created in your OD LDAP directory, so you don’t need to add it manually, if you want to add it to a computer list or computer group, and manage the computer account or computer group;
2) Kerberos principals are set up for your computer in your OD KDC (cifs, host, vnc, and clientname$), but if you’re doing the golden triangle, you won’t have OD KDC, so forget that.
3) A password server entry for your computer in your OD Password Server
4) LDAP communication encrypted between the client and OD LDAP server, but it sounds like you don’t care about that either.

So the big upside for you is that it automatically creates a computer record for your client.

The downside is that you have to provide an OD username/password every time you bind a computer to OD.

There are other means to automatically creating a computer record in your OD LDAP database…

[Goatboy]

This isn’t an inherent drawback of authenticated binding, but using DeployStudio (which is wicked for deploying images to Macs) I couldn’t get the OD server to show up in the search policy paths automatically when binding from a workflow/script. For some reason binding anonymously, the entry was added to the search node automatically. That removed a big headache for me. 🙂

[Author]

Posts