我的网络上有 50 多台 Mac,我认为是时候实施一些控制措施了,因此我正在寻找将 Mac OS X 客户端集成到 Active Directory 的方法。主要目标是将 AD 中的 GPO 强制实施到 Mac OS X 客户端。我正在考虑以下解决方案:
- 将 Mac OS X Server 的目录服务与 AD 结合使用
- 使用 Centrify 等第三方解决方案直接控制或 Thursby's安迪麦克
您认为哪种解决方案是最好的方法?
答案1
这取决于您是否要在 AD 控制器上安装第三方软件。如果您使用 Thursby 或 Centrify,则必须这样做才能获得 GPO。这会将必要的属性添加到您的 AD 架构中,使其更能识别 OS X。我不确定它是否包含您想要的所有内容,因此您必须询问供应商。
如果您没有(很多人没有),您将需要 OS X 服务器并设置黄金三角配置。您将使 OS X 服务器成为 OD 主服务器(独立),将其加入 AD,然后使用 MCX 将“GPO”应用于 AD 中的计算机对象。然后,您将计算机本身加入 AD 和 OD。它无法从 AD 获得的东西,它会从 OD 获得(如果您正确配置了它)。密码策略等功能默认与 AD 配合使用,但有一些小问题(到期提醒)。访问系统偏好设置等功能将在 OD 中进行管理。如果您走黄金三角路线,您应该考虑获得两个服务器,分别用于主服务器和副本服务器。这不需要修改或安装 AD 中尚不存在的任何内容。
金三角配置的唯一缺点是 Lion 即将面世,我真的不确定它是否会继续支持这种东西。我不确定你还能购买 Snow Leopard Server 多久。此外,你再也无法购买全新的 Apple Xserve……你只能使用 Mac Pro 或 Mac Mini。
答案2
除了 @churnd 列出的选项之外,您还可以扩展 AD 架构以直接支持 Mac 风格的管理偏好设置。Apple 有白皮书介绍如何扩展架构以支持OS X 版本 10.5和OS X 10.6(差异并不重要——10.5 说明包括一堆没人使用的对象类和属性,在 10.6 中被删除/淘汰;10.6 说明包括一个您不需要的新计算机属性。tl;dr 两套说明都适用于任一 OS X 版本)。他们还有一个视频展示延伸过程。
我不知道最终的架构扩展与 OS X 10.7 (Lion) 的配合情况如何。
该过程中的一些注意事项和注意事项:
- 您需要设置一个 OS X 服务器,以便可以将其架构与您的 AD 域进行区分。
- 首先在测试系统上运行模式扩展,并确保其正常工作。
- 在 10.5 说明中,第 7 页顶部的 apple-computer-list 的设置是错误的(它们列出了两次 apple-computer-list-group),下面的文本也是如此(它列出了两次 apple-generateduid);您应该按照第 7 页底部的列表进行操作。
- AD Schema Analyzer 中的 UI 非常混乱。每个类旁边都有两个框:一个用于隐藏(减号)或显示(加号)相关属性,另一个用于在导出中排除(空白)或包含(重加号)。相关属性有一个框,可以隐式包含(灰色背景上的加号)或显式排除(重 X)它。您必须单击以选择要导出的类包括,然后在每个下单击以排除你的属性不想。
- 如果您从 PDF 中剪切并粘贴白皮书中的任何 LDIF(例如,auxiliaryClass 和 possSuperiors 内容),则粘贴的每一行开头和结尾可能会出现空格;必须删除这些空格,否则会出现导入错误。此外,请确保 LDIF 文件具有 DOS 样式的行尾(CR+LF),而不是 Unix 样式(仅 LF)。
- 白皮书描述了将某些 objectClasses 的 objectClassCategory 更改为 3;根据生成 LDIF 的 ADAM 工具版本,您可能还需要将其余的 objectClasses 设置为 1(出于某种原因,它可以将它们导出为 objectClassCategory 0,这是半无效的)。
- 白皮书没有详细说明如何索引 macAddress 和 apple-hwuuid 属性,这对于加快计算机记录查找速度是一个好主意。
这是我为执行扩展而想出的 LDIF 文件。这些文件基于现有的 Windows Server 2008 R2 AD 域和 OS X 10.6 服务器,并带有 Apple 的 10.6 说明和我自己添加的索引 macAddress 和 apple-hwuuid 属性。我认为这些相同的扩展将适用于 Windows 2003 R2 或更高版本(注意:它们将不是适用于 Windows Server 2003 架构;您确实需要 2003 R2 扩展),但它们在任何版本上都没有经过很好的测试。无论您使用这些还是生成自己的,在将任何内容导入到实时域控制器之前,请进行彻底测试。
# ==================================================================
#
# This file should be imported with the following command:
# ldifde -i -u -f AD-Schema-Win2k8-10.6.ldif -s server:port -b username domain password -j . -c "dc=X" "dc=example,dc=com"
# (replace "dc=example,dc=com" with your actual AD domain.)
# LDIFDE.EXE from AD/AM V1.0 or above must be used.
# This LDIF file should be imported into AD or AD/AM. It may not work for other directories.
#
# ==================================================================
# ==================================================================
# Attributes
# ==================================================================
# Attribute: apple-category
dn: cn=apple-category,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.10.4
ldapDisplayName: apple-category
attributeSyntax: 2.5.5.12
adminDescription: Category for the computer or neighborhood
oMSyntax: 64
systemOnly: FALSE
# Attribute: apple-computer-list-groups
dn: cn=apple-computer-list-groups,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.11.4
ldapDisplayName: apple-computer-list-groups
attributeSyntax: 2.5.5.12
adminDescription: groups
oMSyntax: 64
systemOnly: FALSE
# Attribute: apple-computers
dn: cn=apple-computers,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.11.3
ldapDisplayName: apple-computers
attributeSyntax: 2.5.5.12
adminDescription: computers
oMSyntax: 64
systemOnly: FALSE
# Attribute: apple-data-stamp
dn: cn=apple-data-stamp,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.12.2
ldapDisplayName: apple-data-stamp
attributeSyntax: 2.5.5.5
adminDescription: data stamp
oMSyntax: 22
isSingleValued: TRUE
systemOnly: FALSE
# Attribute: apple-group-homeowner
dn: cn=apple-group-homeowner,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.14.2
ldapDisplayName: apple-group-homeowner
attributeSyntax: 2.5.5.5
adminDescription: group home owner settings
oMSyntax: 22
isSingleValued: TRUE
systemOnly: FALSE
# Attribute: apple-group-homeurl
dn: cn=apple-group-homeurl,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.14.1
ldapDisplayName: apple-group-homeurl
attributeSyntax: 2.5.5.5
adminDescription: group home url
oMSyntax: 22
isSingleValued: TRUE
systemOnly: FALSE
# Attribute: apple-hwuuid
dn: cn=apple-hwuuid,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.19.7
ldapDisplayName: apple-hwuuid
attributeSyntax: 2.5.5.12
adminDescription: Hardware uuid of computer
oMSyntax: 64
isSingleValued: TRUE
systemOnly: FALSE
searchFlags: 1
# Attribute: apple-imhandle
dn: cn=apple-imhandle,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.21
ldapDisplayName: apple-imhandle
attributeSyntax: 2.5.5.12
adminDescription: IM handle (service:account name)
oMSyntax: 64
systemOnly: FALSE
# Attribute: apple-keyword
dn: cn=apple-keyword,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.19
ldapDisplayName: apple-keyword
attributeSyntax: 2.5.5.12
adminDescription: keywords
oMSyntax: 64
systemOnly: FALSE
# Attribute: apple-mcxflags
dn: cn=apple-mcxflags,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.10
ldapDisplayName: apple-mcxflags
attributeSyntax: 2.5.5.12
adminDescription: mcx flags
oMSyntax: 64
isSingleValued: TRUE
systemOnly: FALSE
# Attribute: apple-mcxsettings
dn: cn=apple-mcxsettings,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.16
ldapDisplayName: apple-mcxsettings
attributeSyntax: 2.5.5.12
adminDescription: mcx settings
oMSyntax: 64
systemOnly: FALSE
# Attribute: apple-networkview
dn: cn=apple-networkview,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.10.3
ldapDisplayName: apple-networkview
attributeSyntax: 2.5.5.12
adminDescription: Network view for the computer
oMSyntax: 64
systemOnly: FALSE
# Attribute: apple-service-url
dn: cn=apple-service-url,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.19.2
ldapDisplayName: apple-service-url
attributeSyntax: 2.5.5.5
adminDescription: URL of service
oMSyntax: 22
systemOnly: FALSE
# Attribute: apple-user-authenticationhint
dn: cn=apple-user-authenticationhint,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.15
ldapDisplayName: apple-user-authenticationhint
attributeSyntax: 2.5.5.12
adminDescription: password hint
oMSyntax: 64
isSingleValued: TRUE
systemOnly: FALSE
# Attribute: apple-user-class
dn: cn=apple-user-class,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.7
ldapDisplayName: apple-user-class
attributeSyntax: 2.5.5.5
adminDescription: user class
oMSyntax: 22
isSingleValued: TRUE
systemOnly: FALSE
# Attribute: apple-user-homequota
dn: cn=apple-user-homequota,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.8
ldapDisplayName: apple-user-homequota
attributeSyntax: 2.5.5.5
adminDescription: home directory quota
oMSyntax: 22
isSingleValued: TRUE
systemOnly: FALSE
# Attribute: apple-user-homesoftquota
dn: cn=apple-user-homesoftquota,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.17
ldapDisplayName: apple-user-homesoftquota
attributeSyntax: 2.5.5.5
adminDescription: home directory soft quota
oMSyntax: 22
isSingleValued: TRUE
systemOnly: FALSE
# Attribute: apple-user-mailattribute
dn: cn=apple-user-mailattribute,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.9
ldapDisplayName: apple-user-mailattribute
attributeSyntax: 2.5.5.12
adminDescription: mail attribute
oMSyntax: 64
isSingleValued: TRUE
systemOnly: FALSE
# Attribute: apple-user-picture
dn: cn=apple-user-picture,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.12
ldapDisplayName: apple-user-picture
attributeSyntax: 2.5.5.12
adminDescription: picture
oMSyntax: 64
isSingleValued: TRUE
systemOnly: FALSE
# Attribute: apple-user-printattribute
dn: cn=apple-user-printattribute,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.13
ldapDisplayName: apple-user-printattribute
attributeSyntax: 2.5.5.12
adminDescription: print attribute
oMSyntax: 64
isSingleValued: TRUE
systemOnly: FALSE
# Attribute: apple-webloguri
dn: cn=apple-webloguri,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.22
ldapDisplayName: apple-webloguri
attributeSyntax: 2.5.5.12
adminDescription: Weblog URI
oMSyntax: 64
isSingleValued: TRUE
systemOnly: FALSE
# Attribute: apple-xmlplist
dn: cn=apple-xmlplist,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.17.1
ldapDisplayName: apple-xmlplist
attributeSyntax: 2.5.5.12
adminDescription: XML plist data
oMSyntax: 64
isSingleValued: TRUE
systemOnly: FALSE
# Attribute: apple-mountDirectory
dn: cn=apple-mountDirectory,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.8.1
ldapDisplayName: apple-mountDirectory
attributeSyntax: 2.5.5.12
adminDescription: mount path
oMSyntax: 64
isSingleValued: TRUE
systemOnly: FALSE
# Attribute: apple-mountDumpFrequency
dn: cn=apple-mountDumpFrequency,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.8.4
ldapDisplayName: apple-mountDumpFrequency
attributeSyntax: 2.5.5.5
adminDescription: mount dump frequency
oMSyntax: 22
isSingleValued: TRUE
systemOnly: FALSE
# Attribute: apple-mountOption
dn: cn=apple-mountOption,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.8.3
ldapDisplayName: apple-mountOption
attributeSyntax: 2.5.5.5
adminDescription: mount options
oMSyntax: 22
systemOnly: FALSE
# Attribute: apple-mountPassNo
dn: cn=apple-mountPassNo,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.8.5
ldapDisplayName: apple-mountPassNo
attributeSyntax: 2.5.5.5
adminDescription: mount passno
oMSyntax: 22
isSingleValued: TRUE
systemOnly: FALSE
# Attribute: apple-mountType
dn: cn=apple-mountType,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.8.2
ldapDisplayName: apple-mountType
attributeSyntax: 2.5.5.5
adminDescription: mount VFS type
oMSyntax: 22
isSingleValued: TRUE
systemOnly: FALSE
dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
# ==================================================================
# Classes
# ==================================================================
# Class: apple-computer
dn: cn=apple-computer,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: classSchema
governsID: 1.3.6.1.4.1.63.1000.1.1.2.10
ldapDisplayName: apple-computer
adminDescription: computer
objectClassCategory: 3
systemOnly: FALSE
# subclassOf: top
subclassOf: 2.5.6.0
# rdnAttId: cn
rdnAttId: 2.5.4.3
# mayContain: apple-category
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.10.4
# mayContain: apple-computer-list-groups
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.11.4
# mayContain: apple-hwuuid
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.19.7
# mayContain: apple-keyword
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.19
# mayContain: apple-mcxflags
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.10
# mayContain: apple-mcxsettings
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.16
# mayContain: apple-networkview
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.10.3
# mayContain: apple-service-url
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.19.2
# mayContain: apple-xmlplist
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.17.1
# mayContain: macAddress
mayContain: 1.3.6.1.1.1.1.22
# Class: apple-computer-list
dn: cn=apple-computer-list,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: classSchema
governsID: 1.3.6.1.4.1.63.1000.1.1.2.11
ldapDisplayName: apple-computer-list
adminDescription: computer list
objectClassCategory: 1
systemOnly: FALSE
# subclassOf: top
subclassOf: 2.5.6.0
# rdnAttId: cn
rdnAttId: 2.5.4.3
# mayContain: apple-computer-list-groups
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.11.4
# mayContain: apple-computers
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.11.3
# mayContain: apple-keyword
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.19
# mayContain: apple-mcxflags
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.10
# mayContain: apple-mcxsettings
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.16
# possSuperiors: organizationalUnit, container
possSuperiors: organizationalUnit
possSuperiors: container
# Class: apple-configuration
dn: cn=apple-configuration,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: classSchema
governsID: 1.3.6.1.4.1.63.1000.1.1.2.12
ldapDisplayName: apple-configuration
adminDescription: configuration
objectClassCategory: 1
systemOnly: FALSE
# subclassOf: top
subclassOf: 2.5.6.0
# rdnAttId: cn
rdnAttId: 2.5.4.3
# mayContain: apple-data-stamp
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.12.2
# mayContain: apple-keyword
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.19
# mayContain: apple-xmlplist
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.17.1
# possSuperiors: organizationalUnit, container
possSuperiors: organizationalUnit
possSuperiors: container
# Class: apple-group
dn: cn=apple-group,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: classSchema
governsID: 1.3.6.1.4.1.63.1000.1.1.2.14
ldapDisplayName: apple-group
adminDescription: group account
objectClassCategory: 3
systemOnly: FALSE
# subclassOf: top
subclassOf: 2.5.6.0
# rdnAttId: cn
rdnAttId: 2.5.4.3
# mayContain: apple-group-homeowner
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.14.2
# mayContain: apple-group-homeurl
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.14.1
# mayContain: apple-keyword
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.19
# mayContain: apple-mcxflags
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.10
# mayContain: apple-mcxsettings
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.16
# mayContain: apple-user-picture
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.12
# Class: apple-user
dn: cn=apple-user,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: classSchema
governsID: 1.3.6.1.4.1.63.1000.1.1.2.1
ldapDisplayName: apple-user
adminDescription: apple user account
objectClassCategory: 3
systemOnly: FALSE
# subclassOf: top
subclassOf: 2.5.6.0
# rdnAttId: cn
rdnAttId: 2.5.4.3
# mayContain: apple-imhandle
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.21
# mayContain: apple-keyword
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.19
# mayContain: apple-mcxflags
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.10
# mayContain: apple-mcxsettings
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.16
# mayContain: apple-user-authenticationhint
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.15
# mayContain: apple-user-class
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.7
# mayContain: apple-user-homequota
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.8
# mayContain: apple-user-homesoftquota
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.17
# mayContain: apple-user-mailattribute
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.9
# mayContain: apple-user-picture
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.12
# mayContain: apple-user-printattribute
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.13
# mayContain: apple-webloguri
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.22
# Class: apple-mount
dn: cn=apple-mount,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: classSchema
governsID: 1.3.6.1.4.1.63.1000.1.1.2.8
ldapDisplayName: apple-mount
objectClassCategory: 1
systemOnly: FALSE
# subclassOf: top
subclassOf: 2.5.6.0
# rdnAttId: cn
rdnAttId: 2.5.4.3
# mayContain: apple-mountDirectory
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.8.1
# mayContain: apple-mountDumpFrequency
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.8.4
# mayContain: apple-mountOption
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.8.3
# mayContain: apple-mountPassNo
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.8.5
# mayContain: apple-mountType
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.8.2
# possSuperiors: organizationalUnit, container
possSuperiors: organizationalUnit
possSuperiors: container
dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
# ==================================================================
# Updating present elements
# ==================================================================
# Add the new class to the user object
dn: CN=User,CN=Schema,CN=Configuration,DC=X
changetype: modify
add: auxiliaryClass
auxiliaryClass: apple-user
-
# Add the new class to the computer object
dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
changetype: modify
add: auxiliaryClass
auxiliaryClass: apple-computer
-
# Add the new class to the group object
dn: CN=Group,CN=Schema,CN=Configuration,DC=X
changetype: modify
add: auxiliaryClass
auxiliaryClass: apple-group
-
# Index the macAddress attribute for faster searches
dn: CN=macAddress,CN=Schema,CN=Configuration,DC=X
changetype: modify
replace: searchFlags
searchFlags: 1
-
答案3
“您认为哪种解决方案是最好的?”
Xserve 已停产。Apple 不再提供服务器级机器,因此 Open Directory / Magic Triangle 并不是真正可行的企业解决方案。从论坛流量来看,许多组织都在努力部署和维护各种原生方法,尤其是更新和升级。Apple 提供的 OS X AppleCare 支持也相当昂贵。
Centrify 和 Thursby 都提供免费试用。我会在您的环境中试用它们,而不是轻信任何人的说辞。
Centrify 的业务模式基于 Windows AD 服务器软件,这使其与 UNIX AD 市场领导者 Likewise 一起在 UNIX/Linux 集成方面具有优势。在 Centrify 的合作伙伴材料中,暗示他们不想要拥有少于 2-300 台机器的帐户。
Thursby 是 Mac 专家,不需要 Windows AD 服务器软件(另一位回答者搞错了这一点)。它还包括部署工具和存储集成支持(DFS 和 CIFS),这些是 Centrify 的附加功能(分别是 Absolute 和 ZIP)。
再次强调,最好的方法是要求进行审判并验证索赔。
莎士比亚:格伦多尔——我可以从茫茫深渊召唤灵魂!
霍茨普尔——为什么,我也能,或者任何人都能;但是当你呼唤他们时,他们会来吗?