opendirectoryd
launchd job for client access to local or remote directory systems
opendirectoryd [--version]
Requires root privileges. Must be launched by launchd.
dscl command line user interface
- Active Directory
- LDAP
- Local Database
- NIS
opendirectoryd modules have specific capabilities:
- Authentication password verification, password changes, etc.
- Connection for queries, record modifications, etc.
- Discovery location and prioritization of servers to contact (aka service discovery)
- Unspecified a generic module used for unspecified purpose (usually to extend capabilities)
Third party plugins developed for "DirectoryService" are supported via dspluginhelperd
Open Directory
Includes a client API abstraction layer, a directory server, and opendirectoryd
daemon. This allows clients to utilize a single API to access a variety of directory servers simultaneously or configure
their own directory server.
Forms the foundation of how OS X accesses all authoritative configuration information (users, groups,
mounts, managed desktop data, etc.). allows use of virtually any directory system via Apple and third party modules.
Configuration of opendirectoryd is done via "System Preferences" under the "Users & Groups" preference pane.
Advanced settings are available by using "Open Directory Utility (dscl)
See Apple Open Source website:
developer.apple.com/darwin/projects/opendirectory
Open Directory Server
OpenLDAP which is included as part of Mac OS X Client, Server, and Darwin, provides a robust and scalable platform for serving directory-based information for standalone and networked systems.
NFSv4 Domain name
The following will set the default domain name used to map user and group identities in NFSv4 client/server operations.
dscl . -create Config/NFSv4Domain RealName <Example.com>
Example of user plist as displayed by plistbuddy Opendirectory.
sudo ls -l /private/var/db/dslocal/nodes/Default/users/dgerman.plist
rw------- 1 root wheel 336094 Mar 17 12:04 /private/var/db/dslocal/nodes/Default/users/dgerman.plist
FILES
/etc/openldap
116915 Sep 19 19:00 AppleOpenLDAP.plist
845 Jul 30 19:26 DB_CONFIG.example
265 Jul 30 19:26 ldap.conf
265 Jul 30 19:26 ldap.conf.default
2151 Jul 30 19:26 slapd.conf.default
1292 Jul 30 19:27 schema/
1845 Jul 30 19:27 corba.ldif
2036 Jul 30 19:27 collective.ldif
12006 Jul 30 19:27 cosine.ldif
20612 Jul 30 19:27 core.ldif
4842 Jul 30 19:27 duaconf.ldif
3481 Jul 30 19:27 inetorgperson.ldif
3330 Jul 30 19:27 dyngroup.ldif
2979 Jul 30 19:27 java.ldif
|
6809 Jul 30 19:27 nis.ldif
2082 Jul 30 19:27 misc.ldif
6904 Jul 30 19:27 pmi.ldif
3308 Jul 30 19:27 openldap.ldif
4032 Jul 30 19:27 ppolicy.ldif
717 Jul 30 19:27 apple_auxillary.schema
48470 Jul 30 19:27 apple.schema
8063 Jul 30 19:27 corba.schema
6190 Jul 30 19:27 collective.schema
73994 Jul 30 19:27 cosine.schema
20501 Jul 30 19:27 core.schema
10388 Jul 30 19:27 duaconf.schema
2059 Jul 30 19:27 fmserver.schema
3289 Jul 30 19:27 dyngroup.schema
13901 Jul 30 19:27 java.schema
6267 Jul 30 19:27 inetorgperson.schema
4059 Jul 30 19:27 krb5-kdc.schema
177122 Jul 30 19:27 microsoft.ext.schema
122955 Jul 30 19:27 microsoft.schema
13124 Jul 30 19:27 microsoft.std.schema
8455 Jul 30 19:27 netinfo.schema
2387 Jul 30 19:27 misc.schema
1514 Jul 30 19:27 openldap.schema
7834 Jul 30 19:27 nis.schema
19603 Jul 30 19:27 ppolicy.schema
20467 Jul 30 19:27 pmi.schema
5689 Jul 30 19:27 samba.schema
|
3512 Jul 30 19:27 README
README
This directory contains user application schema definitions for use with slapd(8).
File Description
---- -----------
collective.schema Collective attributes (experimental)
corba.schema Corba Object
core.schema OpenLDAP "core"
cosine.schema COSINE Pilot
duaconf.schema Client Configuration (work in progress)
dyngroup.schema Dynamic Group (experimental)
inetorgperson.schema InetOrgPerson
java.schema Java Object
misc.schema Miscellaneous Schema (experimental)
nadf.schema North American Directory Forum (obsolete)
nis.schema Network Information Service (experimental)
openldap.schema OpenLDAP Project (FYI)
ppolicy.schema Password Policy Schema (work in progress)
The core.ldif and openldap.ldif are equivalent to their corresponding .schema files and
have been provided as examples for use with the dynamic configuration backend.
These are not necessary since slapd will convert any
included *.schema files into LDIF when converting a slapd.conf file
to a configuration database, but they serve as a model of how to
convert schema files in general.
| | System files provided by Apple and should only change with operating system updates
|
/System/Library/OpenDirectory/Configurations/ node configuration files
as of OSX 10.8.2
|
Contacts.plist node name = /Contacts comment = Contact search policy
locked = false mappings = Dict { }
modules = Dict {
session = Array {
Dict { module = search
options = Dict {
dsAttrTypeStandard:SearchPolicy = dsAttrTypeStandard:NSPSearchPath
dsAttrTypeStandard:CSPSearchPath = Array { }
dsAttrTypeStandard:LSPSearchPath = Array { /Local/Default }
dsAttrTypeStandard:NSPSearchPath = Array { /Local/Default } } uuid = 7963E752-DB53-4C9B-8842-D3F5FDF6C9D8 }
}
}
Local.plist
locked =true enabled =true
mappings = Dict {
recordtypes = Dict {
dsRecTypeStandard:Users = Dict {
attributetypes = Dict {
|
σ := dsAttrTypeStandard
σUniqueID uid
σGeneratedUID generateduid
σPassword passwd
σAuthenticationHint hint
σPasswordPolicyOptions passwordpolicyoptions
σAltSecurityIdentities altsecurityidentities
σPrimaryGroupID gid
σOriginalNFSHomeDirectory original_home
σUserPKCS12Data userpkcs12data
σExpire expire
σUserCertificate usercertificate
σUserSMIMECertificate usersmimecertificate
σUserShell shell
σHomeDirectory home_loc
σOriginalHomeDirectory original_home_loc
σHomeDirectoryQuota homedirectoryquota
σHomeDirectorySoftQuota homedirectorysoftquota
σNFSHomeDirectory home
σAdminLimits admin_limits
σCopyTimestamp copy_timestamp
σMCXFlags mcx_flags
σMCXSettings mcx_settings
σMailAttribute applemail
σAuthenticationAuthority authentication_authority
σOriginalAuthenticationAuthority original_authentication_authority
σSMBKickoffTime smb_kickoff_time
σSMBLogoffTime smb_logoff_time
σSMBProfilePath smb_profile_path
σSMBScriptPath smb_script_path
σSMBLogonTime smb_logon_time
σSMBAccountFlags smb_acctFlags
σSMBUserWorkstations smb_user_workstations
σSMBRID smb_rid
σSMBGroupRID smb_group_rid
σSMBHomeDrive smb_home_drive
σSMBSID smb_sid
σSMBPasswordLastSet smb_pwd_last_set
σSMBPrimaryGroupSID smb_primary_group_sid
σSMBHome smb_home
σMapGUID mapguid
σPrintServiceUserData appleprintservice
σChange change
σWeblogURI webloguri
σMapURI mapURI
σXMLPlist XMLPlist
σURL URL
σOriginalNodeName original_node_name
σServicesLocator serviceslocator
σRecordName name
σKeywords keywords
|
σNamePrefix nameprefix
σFirstName firstname
σNameSuffix namesuffix
σLastName lastname
σRealName realname
σNickName nickname
σHomePhoneNumber homephonenumber
σMobileNumber mobilenumber
σPagerNumber pagernumber
σEMailAddress mail
σIMHandle imhandle
σPicture picture
σJPEGPhoto jpegphoto
σPostalAddressContacts postaladdresscontacts
σAddressLine1 address1
σPostalAddress postaladdress
σStreet street
σCity city
σState state
σCountry country
σPostalCode zip
σPhoneNumber phonenumber
σFAXNumber faxnumber
σCompany company
σOrganizationName orgname
σJobTitle jobtitle
σDepartment department
σEMailContacts emailcontacts
σMapCoordinates mapcoordinates
σComment comment
σBuilding native = building
σPhoneContacts phonecontacts
σOrganizationInfo organizationinfo
σRelationships relationships
σBirthday birthday
|
native = users }
as of 10/05/16 on smackerpro
/var/db/dslocal/nodes
./Default/users:(all names end with .plist)
Guest _coreaudiod _ftp _krb_krbtgt _netstatistics _softwareupdate _uucp
_amavisd _coremediaiod _gamecontrollerd _krbfast _networkd _sophos _warmd
_appleevents_cvmsroot _geod _krbtgt _nsurlsessiond _spotlight _webauthserver
_appowner _cvs _iconservices _launchservicesd _nsurlstoraged _sshd _windowserver
_appserver _cyrus _installassistant _lda _ondemand _svn _www
_ard _devdocs _installer _locationd _postfix _taskgated _wwwproxy
_assetcache _devicemgr _jabber _lp _postgres _teamsserver _xserverdocs
_astris _displaypolicyd _kadmin_admin _mailman _qtss _timezone daemon
_atsserver _distnote _kadmin_changepw _mbsetupuser _sandbox _tokend dgerman
_avbdeviced _dovecot _krb_anonymous _mcxalr _screensaver _trustevaluationagent nobody
_calendar _dovenull _krb_changepw _mdnsresponder _scsd _unknown root
_ces _dpaudio _krb_kadmin _mysql _securityagent _update_sharing rut
_clamav _eppc _krb_kerberos _netbios _serialnumberd _usbmuxd
use dscl
> sudo plistbuddy /var/db/dslocal/nodes/Default/users/dgerman.plistdgerman.plist |cur -c1-100 # many long lines
Command: print
Dict {
accountPolicyData = Array {
<?xml version="1.0" encoding="UTF-8"?>
<DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>creationTime<key> <real>1474026221.296545<real>
<key>failedLoginCount<key> <integer>0<integer>
<key>failedLoginTimestamp<key> <integer>0<integer>
<key>passwordLastSetTime<key> <real>1474026223.4683349<real>
<dict>
<plist> }
jpegphoto = Array { JFIFHH8Photoshop 3.08BIM8BIM%B~" output translated out unprintables }
authentication_authority = Array {
;ShadowHash;HASHLIST:<SALTED-SHA512-PBKDF2,SRP-RFC5054-4096-SHA512-PBKDF2>
;Kerberosv5;;dgerman@LKDC:SHA1.357D6B8D92C8E3F98ECFD82037B33C3A01FA81A9;LKDC:SHA1.357D6B8D92C8E3F98ECFD82037B33C3A01FA81A9
}
picture = Array { /Library/User Pictures/Flowers/Lotus.tif }
_writers_picture = Array { dgerman }
HeimdalSRPKey = Array {… } <-- SRP verififer Heimdal is a Kerberos 5 implementation -->
hint = Array { initials in hex x2 }
shell = Array { /bin/bash }
_writers_realname = Array { } realname = Array { Dennis German }
name = Array { dgerman
dgermanapl@real-world-systems.com
com.apple.idms.appleid.prd.5649646d41542f78336a6555502f4f6d776b586648773d3d
}
_writers_UserCertificate = Array { dgerman }
home = Array { /Users/dgerman } KerberosKeys = Array {… }
ShadowHashData = Array { bplist00 _SRP-RFC5054-4096-SHA512-PBKDF2_SALTED-SHA512-PBKDF2XverifierTsaltZiterationsOhI*… }
uid = Array { 501 }
_writers_passwd = Array { dgerman }
LinkedIdentity = Array {
<?xml version="1.0" encoding="UTF-8"?>
<DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>appleid.apple.com<key>
<dict> <key>linked identities<key> <array>
<dict>
<key>anchor dn<key> <string>CN=Apple Root CA,OU=Apple Certification Authority,O=Apple Inc.,C=US<string>
<key>full name<key> <string>dgermanapl@real-world-systems.com<string>
<key>name<key> <string>com.apple.idms.appleid.prd.5649646d41542f78336a6555502f4f6d776b586648773d3d<string>
<key>principal<key> <string>com.apple.idms.appleid.prd.5649646d41542f78336a6555502f4f6d776b586648773d3d<string>
<key>subject dn<key> <string>CN=com.apple.idms.appleid.prd.5649646d41542f78336a6555502f4f6d776b586648773d3d<string>
<key>timestamp<key> <date>2016-09-17T16:04:34Z<date>
</dict>
</array>
</dict>
<dict>
<plist> }
generateduid = Array { 9928515E-3778-4B13-9B6C-48BBACDE3B78 }
gid = Array { 20 }
passwd = Array { ******** }
altsecurityidentities = Array {
X509:<T>CN=Apple Root CA,OU=Apple Certification Authority,O=Apple Inc.,C=US<S>CN=com.apple.idms.appleid.prd.*hellip;
}
_writers_hint = Array { dgerman }
_writers_jpegphoto = Array { dgerman }
}
τ := dsAttrTypeStandard
dsRecTypeStandard:Aliases = Dict {
attributetypes = Dict {
τ:GeneratedUID = Dict { native = generateduid }
τ:RecordName = Dict { native = name }
}
native = aliases }
dsRecTypeStandard:People = Dict {
attributetypes = Dict {
τ:AddressLine1 = Dict { native = address1 }
τ:WeblogURI = Dict { native = webloguri }
τ:PagerNumber = Dict { native = pagernumber }
τ:GeneratedUID = Dict { native = generateduid }
τ:PostalCode = Dict { native = zip }
τ:Keywords = Dict { native = keywords }
τ:Street = Dict { native = street }
τ:Relationships = Dict { native = relationships }
τ:PhoneContacts = Dict { native = phonecontacts }
τ:OrganizationInfo = Dict { native = organizationinfo }
τ:MailAttribute = Dict { native = applemail }
τ:IMHandle = Dict { native = imhandle }
τ:JPEGPhoto = Dict { native = jpegphoto }
τ:Building = Dict { native = building }
τ:MapGUID = Dict { native = mapguid }
τ:LastName = Dict { native = lastname }
τ:Country = Dict { native = country }
τ:PostalAddressContacts = Dict { native = postaladdresscontacts }
τ:NameSuffix = Dict { native = namesuffix }
τ:Picture = Dict { native = picture }
τ:MobileNumber = Dict { native = mobilenumber }
τ:State = Dict { native = state }
τ:PhoneNumber = Dict { native = phonenumber }
τ:URL = Dict { native = URL }
τ:Company = Dict { native = company }
τ:OrganizationName = Dict { native = orgname }
τ:PostalAddress = Dict { native = postaladdress }
τ:EMailAddress = Dict { native = mail }
τ:RealName = Dict { native = realname }
τ:JobTitle = Dict { native = jobtitle }
τ:Birthday = Dict { native = birthday }
τ:MapURI = Dict { native = mapURI }
τ:NamePrefix = Dict { native = nameprefix }
τ:City = Dict { native = city }
τ:ServicesLocator = Dict { native = serviceslocator }
τ:HomePhoneNumber = Dict { native = homephonenumber }
τ:FirstName = Dict { native = firstname }
τ:NickName = Dict { native = nickname }
τ:Department = Dict { native = department }
τ:RecordName = Dict { native = name }
τ:XMLPlist = Dict { native = XMLPlist }
τ:FAXNumber = Dict { native = faxnumber }
τ:MapCoordinates = Dict { native = mapcoordinates }
τ:Comment = Dict { native = comment }
τ:EMailContacts = Dict { native = emailcontacts }
} native = people }
dsRecTypeStandard:PresetComputerGroups = Dict {
attributetypes = Dict {
τ:MCXFlags = Dict { native = mcx_flags }
τ:GeneratedUID = Dict { native = generateduid }
τ:RecordName = Dict { native = name }
τ:Keywords = Dict { native = keywords }
τ:MCXSettings = Dict { native = mcx_settings }
τ:Comment = Dict { native = comment }
τ:NestedGroups = Dict { native = nestedgroups }
τ:PrimaryGroupID = Dict { native = gid }
τ:JPEGPhoto = Dict { native = jpegphoto }
τ:GroupMembership = Dict { native = users }
}
native = presetcomputergroups }
dsRecTypeStandard:ComputerLists = Dict {
attributetypes = Dict {
τ:Computers = Dict { native = computers }
τ:Group = Dict { native = groups }
τ:GeneratedUID = Dict { native = generateduid }
τ:RecordName = Dict { native = name }
τ:Keywords = Dict { native = keywords }
τ:MCXSettings = Dict { native = mcx_settings }
τ:MCXFlags = Dict { native = mcx_flags }
}
native = computerlists }
dsRecTypeStandard:Groups = Dict {
attributetypes = Dict {
τ:GeneratedUID = Dict { native = generateduid }
τ:TimeToLive = Dict { native = timetolive }
τ:RealName = Dict { native = realname }
τ:GroupMembership = Dict { native = users }
τ:Picture = Dict { native = picture }
τ:SMBSID = Dict { native = smb_sid }
τ:Password = Dict { native = passwd }
τ:Comment = Dict { native = comment }
τ:NestedGroups = Dict { native = nestedgroups }
τ:XMLPlist = Dict { native = XMLPlist }
τ:URL = Dict { native = URL }
τ:GroupServices = Dict { native = groupservices }
τ:Keywords = Dict { native = keywords }
τ:PrimaryGroupID = Dict { native = gid }
τ:HomeLocOwner = Dict { native = home_loc_owner }
τ:SMBGroupRID = Dict { native = smb_group_rid }
τ:MCXFlags = Dict { native = mcx_flags }
τ:MCXSettings = Dict { native = mcx_settings }
τ:ContactGUID = Dict { native = contactguid }
τ:JPEGPhoto = Dict { native = jpegphoto }
τ:RecordName = Dict { native = name }
τ:ServicesLocator = Dict { native = serviceslocator }
τ:SMBRID = Dict { native = smb_rid }
τ:HomeDirectory = Dict { native = home_loc }
τ:GroupMembers = Dict { native = groupmembers }
τ:EMailAddress = Dict { native = mail }
τ:OwnerGUID = Dict { native = ownerguid }
}
native = groups }
dsRecTypeStandard:PresetComputers = Dict {
attributetypes = Dict {
τ:Group = Dict { native = groups }
τ:GeneratedUID = Dict { native = generateduid }
τ:RecordName = Dict { native = name }
τ:Keywords = Dict { native = keywords }
τ:MCXSettings = Dict { native = mcx_settings }
τ:Comment = Dict { native = comment }
τ:PrimaryComputerList = Dict { native = primarycomputerlist }
τ:NetworkView = Dict { native = networkview }
τ:MCXFlags = Dict { native = mcx_flags }
}
native = presetcomputers
}
dsRecTypeStandard:PresetGroups = Dict {
attributetypes = Dict {
τ:MCXFlags = Dict { native = mcx_flags }
τ:HomeLocOwner = Dict { native = home_loc_owner }
τ:GroupServices = Dict { native = groupservices }
τ:Keywords = Dict { native = keywords }
τ:URL = Dict { native = URL }
τ:NestedGroups = Dict { native = nestedgroups }
τ:GeneratedUID = Dict { native = generateduid }
τ:PrimaryGroupID = Dict { native = gid }
τ:RecordName = Dict { native = name }
τ:JPEGPhoto = Dict { native = jpegphoto }
τ:HomeDirectory = Dict { native = home_loc }
τ:MCXSettings = Dict { native = mcx_settings }
τ:RealName = Dict { native = realname }
τ:Comment = Dict { native = comment }
τ:ServicesLocator = Dict { native = serviceslocator }
τ:GroupMembership = Dict { native = users }
}
native = presetgroups }
dsRecTypeStandard:Hosts = Dict {
attributetypes = Dict {
τ:GeneratedUID = Dict { native = generateduid }
τ:RecordName = Dict { native = name }
τ:IPAddress = Dict { native = ip_address }
τ:IPv6Address = Dict { native = ipv6_address }
}
native = hosts }
dsRecTypeStandard:Services = Dict {
attributetypes = Dict {
τ:GeneratedUID = Dict { native = generateduid }
τ:RecordName = Dict { native = name }
τ:Port = Dict { native = port }
τ:Comment = Dict { native = comment }
τ:Protocols = Dict { native = protocols }
}
native = services
}
dsRecTypeStandard:PresetComputerLists = Dict {
attributetypes = Dict {
τ:GeneratedUID = Dict { native = generateduid }
τ:RecordName = Dict { native = name }
τ:Group = Dict { native = groups }
τ:Keywords = Dict { native = keywords }
τ:MCXSettings = Dict { native = mcx_settings }
τ:MCXFlags = Dict { native = mcx_flags }
}
native = presetcomputerlists
}
dsRecTypeStandard:PresetUsers = Dict {
attributetypes = Dict {
τ:Change = Dict { native = change }
τ:GeneratedUID = Dict { native = generateduid }
τ:RealName = Dict { native = realname }
τ:GroupMembership = Dict { native = users }
τ:HomeDirectoryQuota = Dict { native = homedirectoryquota }
τ:Picture = Dict { native = picture }
τ:Password = Dict { native = passwd }
τ:Comment = Dict { native = comment }
τ:MailAttribute = Dict { native = applemail }
τ:Keywords = Dict { native = keywords }
τ:AuthenticationAuthority = Dict { native = authentication_authority }
τ:PrimaryGroupID = Dict { native = gid }
τ:HomeDirectorySoftQuota = Dict { native = homedirectorysoftquota }
τ:MCXFlags = Dict { native = mcx_flags }
τ:Expire = Dict { native = expire }
τ:JPEGPhoto = Dict { native = jpegphoto }
τ:RecordName = Dict { native = name }
τ:MCXSettings = Dict { native = mcx_settings }
τ:ServicesLocator = Dict { native = serviceslocator }
τ:PasswordPolicyOptions = Dict { native = passwordpolicyoptions }
τ:HomeDirectory = Dict { native = home_loc }
τ:UserShell = Dict { native = shell }
τ:GroupMembers = Dict { native = groupmembers }
τ:PrintServiceUserData = Dict { native = appleprintservice }
τ:AdminLimits = Dict { native = admin_limits }
τ:NFSHomeDirectory = Dict {
native = home
}
}
native = presetusers
}
dsRecTypeStandard:AutomountMap = Dict {
attributetypes = Dict {
τ:GeneratedUID = Dict { native = generateduid }
τ:Comment = Dict { native = comment }
τ:RecordName = Dict { native = name }
}
native = automountmap
}
dsRecTypeStandard:Automount = Dict {
attributetypes = Dict {
τ:GeneratedUID = Dict { native = generateduid }
τ:RecordName = Dict { native = name }
τ:AutomountInformation = Dict { native = automountinformation }
τ:Comment = Dict {
native = comment
}
}
native = automount
}
dsRecTypeStandard:Protocols = Dict {
attributetypes = Dict {
τ:GeneratedUID = Dict { native = generateduid }
τ:RecordName = Dict { native = name }
}
native = protocols
}
dsRecTypeStandard:Ethernets = Dict {
attributetypes = Dict {
τ:GeneratedUID = Dict { native = generateduid }
τ:RecordName = Dict { native = name }
}
native = ethernets
}
dsRecTypeStandard:ComputerGroups = Dict {
attributetypes = Dict {
τ:GeneratedUID = Dict { native = generateduid }
τ:TimeToLive = Dict { native = timetolive }
τ:RealName = Dict { native = realname }
τ:GroupMembership = Dict { native = users }
τ:Picture = Dict { native = picture }
τ:SMBSID = Dict { native = smb_sid }
τ:Comment = Dict { native = comment }
τ:NestedGroups = Dict { native = nestedgroups }
τ:URL = Dict { native = URL }
τ:Keywords = Dict { native = keywords }
τ:GroupServices = Dict { native = groupservices }
τ:PrimaryGroupID = Dict { native = gid }
τ:SMBGroupRID = Dict { native = smb_group_rid }
τ:HomeLocOwner = Dict { native = home_loc_owner }
τ:XMLPlist = Dict { native = XMLPlist }
τ:MCXFlags = Dict { native = mcx_flags }
τ:MCXSettings = Dict { native = mcx_settings }
τ:ContactGUID = Dict { native = contactguid }
τ:JPEGPhoto = Dict { native = jpegphoto }
τ:RecordName = Dict { native = name }
τ:ServicesLocator = Dict { native = serviceslocator }
τ:SMBRID = Dict { native = smb_rid }
τ:HomeDirectory = Dict { native = home_loc }
τ:GroupMembers = Dict { native = groupmembers }
τ:EMailAddress = Dict { native = mail }
τ:OwnerGUID = Dict {
native = ownerguid
}
}
native = computergroups
}
dsRecTypeStandard:Networks = Dict {
attributetypes = Dict {
τ:GeneratedUID = Dict { native = generateduid }
τ:RecordName = Dict {
native = name
}
}
native = networks
}
dsRecTypeStandard:Computers = Dict {
attributetypes = Dict {
τ:MCXSettings = Dict { native = mcx_settings }
τ:GeneratedUID = Dict { native = generateduid }
τ:Keywords = Dict { native = keywords }
τ:KerberosServices = Dict { native = kerberosServices }
τ:UniqueID = Dict { native = uid }
τ:SMBSID = Dict { native = smb_sid }
τ:TimeToLive = Dict { native = timetolive }
τ:HardwareUUID = Dict { native = hardwareuuid }
τ:AltSecurityIdentities = Dict { native = altsecurityidentities }
τ:ENetAddress = Dict { native = en_address }
τ:SMBGroupRID = Dict { native = smb_group_rid }
τ:SMBLogoffTime = Dict { native = smb_logoff_time }
τ:MCXFlags = Dict { native = mcx_flags }
τ:SMBAccountFlags = Dict { native = smb_acctFlags }
τ:URL = Dict { native = URL }
τ:PrimaryGroupID = Dict { native = gid }
τ:RealName = Dict { native = realname }
τ:IPAddressAndENetAddress = Dict { native = ipaddressandenetaddress }
τ:SMBLogonTime = Dict { native = smb_logon_time }
τ:PrimaryComputerList = Dict { native = primarycomputerlist }
τ:Group = Dict { native = groups }
τ:IPAddress = Dict { native = ip_address }
τ:SMBPrimaryGroupSID = Dict { native = smb_primary_group_sid }
τ:IPv6Address = Dict { native = ipv6_address }
τ:AuthenticationAuthority = Dict { native = authentication_authority }
τ:Category = Dict { native = category }
τ:RecordName = Dict { native = name }
τ:NodeSASLRealm = Dict { native = saslRealm }
τ:SMBRID = Dict { native = smb_rid }
τ:XMLPlist = Dict { native = XMLPlist }
τ:NetworkView = Dict { native = networkview }
τ:SMBKickoffTime = Dict { native = smb_kickoff_time }
τ:SMBPasswordLastSet = Dict { native = smb_pwd_last_set }
τ:Comment = Dict {
native = comment
}
}
native = computers
}
dsRecTypeStandard:AFPUserAliases = Dict {
attributetypes = Dict {
τ:GeneratedUID = Dict { native = generateduid }
τ:RecordName = Dict { native = name }
}
native = afpuseraliases
}
dsRecTypeStandard:Mounts = Dict {
attributetypes = Dict {
τ:VFSDumpFreq = Dict { native = dump_freq }
τ:VFSType = Dict { native = vfstype }
τ:VFSLinkDir = Dict { native = dir }
τ:GeneratedUID = Dict { native = generateduid }
τ:RecordName = Dict { native = name }
τ:VFSPassNo = Dict { native = passno }
τ:VFSOpts = Dict {
native = opts
}
}
native = mounts
}
dsRecTypeStandard:Config = Dict {
attributetypes = Dict {
τ:DataStamp = Dict { native = data_stamp }
τ:PasswordServerLocation = Dict { native = passwordserverlocation }
τ:Keywords = Dict { native = keywords }
τ:GeneratedUID = Dict { native = generateduid }
τ:RecordName = Dict { native = name }
τ:KDCAuthKey = Dict { native = kdcauthkey }
τ:PasswordServerList = Dict { native = passwordserverlist }
τ:Comment = Dict { native = comment }
τ:KDCConfigData = Dict { native = kdcconfigdata }
τ:RealName = Dict { native = realname }
τ:TimeToLive = Dict { native = timetolive }
τ:XMLPlist = Dict {
native = XMLPlist
}
}
native = config
}
dsRecTypeStandard:NetGroups = Dict {
attributetypes = Dict {
τ:GeneratedUID = Dict { native = generateduid }
τ:RecordName = Dict { native = name }
}
native = netgroups
}
dsRecTypeStandard:SharePoints = Dict {
attributetypes = Dict {
τ:GeneratedUID = Dict { native = generateduid }
τ:RecordName = Dict { native = name }
}
native = sharepoints
}
dsRecTypeStandard:RPC = Dict {
attributetypes = Dict {
τ:GeneratedUID = Dict { native = generateduid }
τ:RecordName = Dict { native = name }
}
native = rpc
}
}
}
module options = Dict {
PlistFile = Dict {
index = Dict {
people = Array { generateduid realname name mail }
protocols = Array { name }
computers = Array { altsecurityidentities hardwareuuid realname en_address generateduid ip_address ipv6_address
name smb_rid smb_sid uid }
users = Array { altsecurityidentities generateduid realname name smb_rid smb_sid uid mail }
networks = Array { en_address ipv6_address ip_address name }
computergroups = Array { mail realname generateduid groupmembers users nestedgroups gid name smb_rid smb_sid }
ethernets = Array { name }
automountmap = Array { name }
sharepoints = Array { name }
config = Array { name realname }
computerlists = Array { name }
automount = Array { name }
services = Array { name port }
mounts = Array { name }
groups = Array { realname generateduid groupmembers users nestedgroups gid mail name smb_rid smb_sid member }
hosts = Array { en_address ipv6_address ip_address name }
rpc = Array { name }
}
}
}
node name = /Local comment = Local Node
hide registration = true
modules = Dict {
default = Array {
Dict { module = PlistFile options = Dict { path = /var/db/dslocal/nodes/ } uuid = 3F0022F0-EAFC-4596-BDC7-9E75E3DD2C86 } }
authentication = Array {
Dict { module = AppleID options = Dict { } uuid = F68E780B-A1CA-466A-9E40-0116CBE7F981 } }
}
}
Command:
Configure.plist node name = /Configure comment = Configure node for legacy lookups
locked = true enabled = true mappings = Dict { } hide registration = true
modules = Dict {
default = Array { Dict { module = configure options = Dict { } uuid = 4A23C86D-BFF0-4E36-AE91-77704F6A8DA3 }
Dict { module = keychain options = Dict { } uuid = C8CA78D4-999E-4418-8202-BC7E817F54D6 } }
}
Active Directory.plist node name = /Active Directory comment = Top level generic Active Directory node
enabled = true locked = true module options = Dict { } options = Dict { } hide registration = true
modules = Dict {
default = Array { Dict { module = ActiveDirectory options = Dict { } uuid = 915C8529-71E2-44F9-80D2-704C33FFA2E6 } }
}
|
Search.plist
| |
NIS.plist
|
LDAPv3.plistnode name = /LDAPv3 comment = Top level generic LDAPv3 node
locked = true enabled = true mappings = Dict { }
hide registration = true
modules = Dict {
session = Array { Dict { module = ldap options = Dict { } uuid = A1621431-430E-4548-A77B-B6383E12106C }
}
| /System/Library/OpenDirectory/DynamicNodeTemplates/
597 Nov 27 18:58 LDAPv3.plist
| /System/Library/OpenDirectory/Mappings/ record/attribute mapping tables
18434 Nov 27 18:49 Open Directory.plist
3884 Nov 27 18:58 RFC2307.plist
| /System/Library/OpenDirectory/Modules/ | to be loaded on demand
|
102 Jun 20 2012 proxy.bundle/
102 Jun 20 2012 FDESupport.bundle/
102 Jul 26 2012 ActiveDirectory.bundle/
102 Jul 26 2012 NetLogon.bundle/
102 Aug 23 23:15 ldap.bundle/
102 Aug 23 23:15 legacy.bundle/
102 Aug 23 23:15 nis.bundle/
102 Aug 23 23:15 PlistFile.bundle/
102 Aug 23 23:15 search.bundle/
102 Aug 23 23:15 configure.bundle/
102 Aug 23 23:15 statistics.bundle/
102 Aug 23 23:15 SystemCache.bundle/
102 Aug 23 23:15 Kerberosv5.bundle/
102 Aug 23 23:15 keychain.bundle/
102 Aug 23 23:22 AppleODClientLDAP.bundle/
102 Aug 23 23:22 AppleODClientPWS.bundle/
102 Aug 24 04:28 ConfigurationProfiles.bundle/
./ActiveDirectory.bundle/Contents:
1141 Nov 27 18:49 Info.plist
477 Nov 27 18:49 version.plist
./ActiveDirectory.bundle/Contents/MacOS: 172704 Nov 27 18:49 ActiveDirectory
./ActiveDirectory.bundle/Contents/Resources: 102 Jul 26 2012 English.lproj
./ActiveDirectory.bundle/Contents/Resources/English.lproj: 42 Nov 27 18:49 InfoPlist.strings
./ActiveDirectory.bundle/Contents/_CodeSignature: 2104 Nov 27 18:49 CodeResources
./AppleODClientLDAP.bundle/Contents:
1145 Nov 27 18:49 Info.plist
466 Nov 27 18:49 version.plist
./AppleODClientLDAP.bundle/Contents/MacOS: 177056 Nov 27 18:49 AppleODClientLDAP
./AppleODClientLDAP.bundle/Contents/Resources: 507 Nov 27 18:49 AppleODClientLDAP-Info.plist
./AppleODClientLDAP.bundle/Contents/_CodeSignature: 1847 Nov 27 18:49 CodeResources
./AppleODClientPWS.bundle/Contents:
1142 Nov 27 18:49 Info.plist
466 Nov 27 18:49 version.plist
./AppleODClientPWS.bundle/Contents/MacOS: 179792 Nov 27 18:49 AppleODClientPWS
./AppleODClientPWS.bundle/Contents/Resources: 507 Nov 27 18:49 AppleODClientPWS-Info.plist
./AppleODClientPWS.bundle/Contents/_CodeSignature: 1846 Nov 27 18:49 CodeResources
./ConfigurationProfiles.bundle/Contents:
1194 Nov 27 18:54 Info.plist
102 Aug 24 04:29 _CodeSignature
463 Nov 27 18:54 version.plist
./ConfigurationProfiles.bundle/Contents/MacOS: 30960 Nov 27 18:54 ConfigurationProfiles
./ConfigurationProfiles.bundle/Contents/Resources: 102 Aug 24 04:29 English.lproj
…
./ConfigurationProfiles.bundle/Contents/Resources/English.lproj: 42 Nov 27 18:54 InfoPlist.strings
…
2104 Nov 27 18:54 CodeResources
./FDESupport.bundle/Contents:
1124 Nov 27 18:54 Info.plist
460 Nov 27 18:54 version.plist
./FDESupport.bundle/Contents/MacOS: 21232 Nov 27 18:54 FDESupport
./FDESupport.bundle/Contents/_CodeSignature: 1745 Nov 27 18:54 CodeResources
./Kerberosv5.bundle/Contents:
1130 Nov 27 18:58 Info.plist
467 Nov 27 18:58 version.plist
./Kerberosv5.bundle/Contents/MacOS: 23936 Nov 27 18:58 Kerberosv5
./Kerberosv5.bundle/Contents/_CodeSignature: 1745 Nov 27 18:58 CodeResources
./NetLogon.bundle/Contents:
1120 Nov 27 18:49 Info.plist
477 Nov 27 18:49 version.plist
./NetLogon.bundle/Contents/MacOS: 22576 Nov 27 18:49 NetLogon
./NetLogon.bundle/Contents/_CodeSignature: 1745 Nov 27 18:49 CodeResources
./PlistFile.bundle/Contents:
1127 Nov 27 18:48 Info.plist
467 Nov 27 18:48 version.plist
./PlistFile.bundle/Contents/MacOS: 166176 Nov 27 18:48 PlistFile
./PlistFile.bundle/Contents/_CodeSignature: 1745 Nov 27 18:48 CodeResources
./SystemCache.bundle/Contents:
1133 Nov 27 18:58 Info.plist
467 Nov 27 18:58 version.plist
./SystemCache.bundle/Contents/MacOS: 324192 Nov 27 18:58 SystemCache
./SystemCache.bundle/Contents/_CodeSignature: 1745 Nov 27 18:58 CodeResources
./configure.bundle/Contents:
1127 Nov 27 18:48 Info.plist
467 Nov 27 18:48 version.plist
./configure.bundle/Contents/MacOS: 49552 Nov 27 18:48 configure
./configure.bundle/Contents/_CodeSignature: 1745 Nov 27 18:48 CodeResources
./keychain.bundle/Contents:
1124 Nov 27 18:58 Info.plist
467 Nov 27 18:58 version.plist
./keychain.bundle/Contents/MacOS: 21328 Nov 27 18:58 keychain
./keychain.bundle/Contents/_CodeSignature: 1745 Nov 27 18:58 CodeResources
./ldap.bundle/Contents:
1112 Nov 27 18:58 Info.plist
467 Nov 27 18:58 version.plist
./ldap.bundle/Contents/MacOS: 113408 Nov 27 18:58 ldap
./ldap.bundle/Contents/_CodeSignature: 1745 Nov 27 18:58 CodeResources
./legacy.bundle/Contents:
1118 Nov 27 18:58 Info.plist
467 Nov 27 18:58 version.plist
./legacy.bundle/Contents/MacOS: 29680 Nov 27 18:58 legacy
./legacy.bundle/Contents/_CodeSignature: 1745 Nov 27 18:58 CodeResources
./nis.bundle/Contents:
1109 Nov 27 18:58 Info.plist
467 Nov 27 18:58 version.plist
./nis.bundle/Contents/MacOS: 58192 Nov 27 18:58 nis
./nis.bundle/Contents/_CodeSignature: 1745 Nov 27 18:58 CodeResources
./proxy.bundle/Contents:
1111 Nov 27 18:58 Info.plist
457 Nov 27 18:58 version.plist
./proxy.bundle/Contents/MacOS: 34864 Nov 27 18:58 proxy
./proxy.bundle/Contents/_CodeSignature: 1745 Nov 27 18:58 CodeResources
./search.bundle/Contents:
1118 Nov 27 18:58 Info.plist
467 Nov 27 18:58 version.plist
./search.bundle/Contents/MacOS: 59200 Nov 27 18:58 search
./search.bundle/Contents/_CodeSignature: 1745 Nov 27 18:58 CodeResources
./statistics.bundle/Contents:
1130 Nov 27 18:58 Info.plist
467 Nov 27 18:58 version.plist
./statistics.bundle/Contents/MacOS: 21008 Nov 27 18:58 statistics
./statistics.bundle/Contents/_CodeSignature: 1745 Nov 27 18:58 CodeResources
| /System/Library/OpenDirectory/Templates/ 12222 Nov 27 18:49 Active Directory.plist
545 Nov 27 18:49 Open Directory Server.plist
253 Nov 27 18:58 LDAPv3.plist
| /System/Library/OpenDirectory/record-schema.plist | record/attribute schema
| /System/Library/OpenDirectory/permissions.plist | global record/attribute permissions
| | User defined files:
| /Library/OpenDirectory/Templates/ | used for node styles (module layout and mappings)
| /Library/OpenDirectory/Mappings/ | record/attribute mapping tables
| | Files that change periodically are located in:
| /Library/Preferences/OpenDirectory/Configurations/ | by node
| /Library/Preferences/OpenDirectory/DynamicData/ | stored by nodes
| /Library/Preferences/OpenDirectory/.LogDebugAtStartOnce | enables debug logging until process exits or system is rebooted (reboot required)
| /var/log/opendirectoryd.log* |
| | Legacy locations:
| /Library/DirectoryServices/PlugIns/ | third party DirectoryService plugins loaded by dspluginhelperd
| | | | | | | | | | | | | | | | | | |
SEE ALSO
odutil, dspluginhelperd, slapd
BSD March 3, 2011
Replaces "DirectoryService" as a core part of the Open Directory technology.
Several modules are provided that allow access to existing directory systems: