Binding Clients to the Shared Domain

You share the directory by creating a binding between the client and the Open Directory domain. Binding creates a connection between the server and the client, enabling the client to read the LDAP database, send authentication requests, and interact with the Kerberos realm for service tickets. Regarding authentication, you see this interaction most frequently from the login window in Mac OS X, and most of that interaction is transparent to the user.

Any version newer than Mac OS X 10.2 can bind to Open Directory running on Lion Server. Your Mac OS X 10.7 client systems should not be bound to versions of Mac OS X Server previous to 10.7 in order to best support the newest enhancements of Mac OS X.

Binding Mac OS X 10.6 clients

Unlike with previous versions of Mac OS X, you can bind Mac OS X 10.6 and 10.7 clients by using System Preferences. These steps are good for binding both versions of the Mac client:

  1. Select the Apple menu and choose System Preferences and then click the Users & Groups icon in Mac OS X 10.7 (or Accounts in Mac OS X 10.6).
  2. Click Login Options.

    If the client has never previously bound to a directory, you see a Join button next to Network Account Server at the bottom of the Login Options window. If a current binding exists, you see an Edit button.

  3. Click the Join or Edit button and enter the Open Directory master's fully qualified hostname in the Server field, as shown in Figure 6-15.

    If you've previously enabled service discovery ...

Get Mac OS X Lion Server For Dummies® now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.