Provide Open Directory service with macOS Server
Open Directory provides a central repository for information about users and resources in an organization. Centralizing information about users and resources reduces the system administrator’s burden and provides each user with a centralized account for logging in on any authorized computer on the network. Use the Open Directory pane of the Server app to create an Open Directory domain, join an Open Directory domain, add and remove Open Directory replicas, add and remove users and groups, set password policies, add, remove, and edit locales, and create Open Directory archives.
Open Directory requires that DNS be available on the network and be correctly configured to resolve the fully qualified DNS name of the Open Directory server to its IP address. DNS must also be configured to resolve the IP address to the server’s fully qualified DNS name.
Note: If you are upgrading to macOS Server 5.8 and Open Directory is turned on on your Mac, it will keep running. If this is a new installation of macOS Server 5.8, you can enable Open Directory in the View menu.
Set up Open Directory
When you start Open Directory service for the first time, use the assistant to set up an Open Directory domain to join an Open Directory domain as a replica.
In the Server app
, select Open Directory in the View menu.Turn on Open Directory.
In the assistant dialog, you can create a new Open Directory domain or join an existing domain as a replica.
Add a replica
You can add replicas of your Open Directory domain. These replicas provide the same directory and authentication information as your Open Directory server to other computers. Replicas provide failover and load balancing for Open Directory clients.
You can have 32 replicas of your master Open Directory domain. Each replica can have 32 of its own replicas (also known as relays).
The replica server you’re adding must have remote administration access enabled before you can add it as a replica. See Allow remote access to macOS Server.
In order to set up a replica, it must be running the same major version of macOS as the master.
In the Server app
sidebar, select Open Directory.Click
at the bottom of the Servers list.Enter the following information:
Server Address: Enter the IP address or DNS name of the replica server.
Server Admin Name: Enter the name of the local administrator account of the replica.
Password: Enter the password for the replica server.
Parent Server: Click the pop-up menu, then choose the parent server.
Directory Admin Name: Enter the name of the directory domain administrator for the parent server.
Password: Enter the password for the parent server.
Click Next.
Confirm your settings, then click Set Up.
Promote a replica to Open Directory master
If an Open Directory master fails and you can’t recover it from a backup, you can promote a replica to be a master. The new master (promoted replica) uses the directory and authentication databases of the replica.
In the Server app
sidebar, select Open Directory.In the list of servers, select a replica.
Click
and choose Promote Replica to Master.Enter the directory administrator name and password.
If you archived Open Directory data with certificate authority keys, you can restore them by entering the Open Directory archive location or by clicking Choose to locate the archive.
Click Next.
Enter the user name and password for the replica that’s being promoted, then click Connect.