Open Directory is a shared repository of users, groups, computers, and groups of computers. Open Directory has a number of options that local accounts do not have, such as a shared Kerberos repository providing single sign on (which means that when users authenticate to one service, they are authenticated to all servers and services in a given Kerberos realm). The first server in the Open Directory environment is known as the Master. Subsequent servers are then Replicas, also providing authentication and authorization services for systems that have been configured to work with Open Directory.

If you will be enabling a service that requires Open Directory, then Open Directory can be configured by that service during setup. Otherwise, if you wish to use Open Directory (e.g., you want to use mobile home folders, or user home folders that roam between machines when users log in), it can be set up manually. To do so, open Server Admin from /Applications/Server and click on the name of the server in the SERVERS sidebar. Then, click on the Settings button in the Server Admin toolbar and the Services tab. At the list of services, check the box for Open Directory and click on Save to show it in the list of services under the server name (Figure 2-15).

Figure 2-15. Enabling the Open Directory service

Click on Open Directory in the list of services under the server ...