Mac OS X and RIT Directory Services
Logging into your computer
At this point in time, we do not recommend using Mac OS X with RIT's Microsoft Active Directory. We have not yet completed testing on how Mac OS X 10.3 Panther and 10.4 Tiger computers interact with our Active Directory, and the other pieces of RIT's directory services infrastructure. Several parts of our environment are different than Active Directory implementations elsewhere, and we want to make sure we account for as many situations where those differences could affect you as we can.
The native Active Directory support in Mac OS X Panther and Tiger is essentially limited to allowing authentication at the login window, and performing some lookups in the Address Book application. In Tiger, the support has been expanded to improve nested group membership support, so that you can make use of RIT's deeply hierarchical security groups. Tiger also provides related capabilities, such as integration with SMB/CIFS home directories and Microsoft Windows XP/2003 file system Access Control Lists (ACLs). Our understanding is that there is no support for login scripts and very limited usefulness for Group Policy Objects (GPOs), unless they directly affect login authentication. (GPO-like capabilities can be obtained in other ways in Mac OS X.)
If you are testing Active Directory bindings to the campus directory on your own and need to troubleshoot a problem, please:
- Capture the data traffic between your test system and the directory, using a utility such as tcpdump, while you are trying to perform the action you are testing
- Capture the debugging logs for the Mac OS X DirectoryServices layer (see the DirectoryService man page for details)
Due to our current lack of support for Active Directory bindings on Mac OS X, we suggest that you ask questions about your testing/troubleshooting on the MacTech mailing list, rather than contacting the ITS HelpDesk.
Looking up information
Mac OS X, with its support for LDAP, is fully capable of looking up information from RIT's directories, including the RIT OpenLDAP Directory and the RIT Microsoft Active Directory.
You are likely to see these lookup capabilities within e-mail applications such as Microsoft Entourage and Apple Mail. Therefore, a good place to look for more information is in our Macintosh e-mail FAQ and Macintosh Exchange FAQ.