Open Directory

In the previous guide I did not cover Open Directory (OD) as it’s not needed for syncing contacts, calendars etc. on the local network. With a server that’s accessible over the internet or a much larger network I have found that Open Directory is convenient. It allows different ways of authenticating, password requirements can be set for all accounts and if you decide to run more services in the future, OD may be required. Converting all your local accounts to network (OD) accounts is something you really do not want so to be prepared, even if you’ll never need it, setting up OD is a good idea. Setting it up is pretty straight forward, at this time we will not be creating user accounts yet.

To get started, open the Open Directory settings in the Server app and flip the switch to ‘On’. A configuration window will pop up, select the first option.
OD1
If you have multiple Open Directory servers you’d want to set up a replica, this balances load on the network and acts as a failover in case the Master goes down. For my porposes a new OD domain (master) will do just fine.
Next, set a Directory Administrator name and password. I left the default name and selected a strong password that differs from my main admin password. Defaults or changed, remember the name and password for this account as it’s a rather important one.
OD2

OD3

OD4
The setup is done and you’ll be shown the Server app window again. Not much to see here but click on the gear button down at the bottom of the window and select “Edit Global Password Policy”.
OD5

A new window will open where you can set the requirements passwords used on your server must meet. After setting these values they will be forced on current and new users.
OD6
As you are the server admin, you are responsible for it’s security. A strong (but reasonable) password policy should be enforced. In this case you’ll be the only user, maybe some friends and family, so you can go as crazy as you’d like. In an office or larger environment you must strike a balance between good security and happy users, not an easy task. In the screenshot above I configured it as I would my own server. The password must differ from the account name, have at least one letter and number, be at least 10 characters long and can’t be the same as the last password used. Also, I force the user to change the password when they connect to the server for the first time. If you are the only user there is no need for this but if you allow others to access your server and it’s services this is a good option to check. It will give the users the ability to set a password they can remember and it will ensure that they are the only ones with the password to their account. Sure the users may trust you but this will make them feel better never the less.

Your server is now running Open Directory, next we’ll set up Caching.

<- Page 4, Certificates || Page 6, Caching ->

(Page 5)


1 thought on “Open Directory”

  • 1
    HerrBerDus on May 30, 2017 Reply

    Thanks a lot for this great tutortial!

    At the moment I got stuck while trying to find ‘Edit Global Password Policy’…
    The reason might be, that I’m using OS X Server 5.0.15, which is the maximum version for Yosemite 10.10.5 …
    OS X Server ‘help’ still mentions this submenu … *confused*

Leave a Reply

Your email address will not be published. Required fields are marked *

*