Playing with Mac OS X 10.5 Leopard local directory service

New with Mac OS X 10.5 is the replacement of the old NetInfo architecture. The new component, Directory Services, is a highly configurable service that can use many back-ends to store, retrieve and abstract concepts like users, groups, machines or mount points.

Directory Services sports LDAP, Active Directory and Open Directory support, and also local files. Local files seem to be stored directly in the root volume, in the /var/db/dslocal/nodes/Default/ directory. Within this subdirectory, we can found others that create a tree-like, hierarchical structure:

  • aliases/. Contains a one pList for every account alias that is registered in the Local directory service. There are some built-in aliases, plus additional aliases that can be created from the Accounts preference pane.
  • config/. Contains several configuration files for components like Kerberos KDC (in a pretty funny format, that basically looks like XML-syntax wrapper that contains the traditional kdc.conf text-based configuration file as a string), Share points and so on.
  • groups/. Contains one pList file for every known local group. The format is pretty straightforward and almost resembles the traditional UNIX /etc/group file, but expressed using XML.
  • machines/. Contains one pList file for every known machine. It seems to me this is the equivalent of the /etc/hosts UNIX file where each machine entry is stored in as a single pList file. For a default Mac OS X installation, you will find a localhost.plist and a broadcasthost.plist entry.
  • mounts/. Contains one pList for every automount point. By default, there are no automount points defined, and they can be created using the Directory Utility application, dscl or by manually creating or changing pList files.
  • networks/. Contains one pList file for every known network. This seems like the equivalent of /etc/ethers in UNIX systems. By default, only a single pList file exists: loopback.plist, which lists 127.0.0.0/8 as a known network.
  • users/. Contains one pList file for every known local user. This is the equivalent of /etc/passwd in any UNIX system. As in modern UNIX systems, the password is stored somewhere else (does anybody know where?).

By tweaking these files and restarting the Directory Service, it is possible to emulate the behavior of a UNIX-like system, with the difference that access to these entities is mediated by a service, as is not exposed via a POSIX API that, when configured to use local files, parses the contents of local files. In Mac OS X, it is necessary to notify the Directory Service when the contents of any of the pList files changes.

Another way of editing some of these components without having to use dscl or editing pList files by hand is by right-clicking a user or a group in the Accounts preference pane, then choosing Advanced Options ... from the menu.

Advertisements

11 thoughts on “Playing with Mac OS X 10.5 Leopard local directory service

  1. Pingback: John-line » Blog Archive » Moving from NetInfo Manager to Directory Services on a Leopard Workstation

  2. Hi there,
    Thank you for your good article. I m interested and i learned something about it. I ll try to follow all articles as much as i can.
    The world is growing up with sharing. 🙂

  3. After study a few of the blog posts on your website now, and I truly like your way of blogging. I bookmarked it to help my bookmark website list and will also be checking back soon. Pls check out my web site as well and well then, i’ll know what you believe.

  4. Houttar, I am sorry to hear about your misfortunes but I am unable to proceed with any activities that may be, in any way, illegal. I think you should look into some ninja like assassination techniques to rid your kingdom of the betrayer.

  5. Some really excellent info , Gladiola I discovered this. “The outer conditions of a person’s life will always be found to reflect their inner beliefs.” by James Allen.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s