page2

Page 2

Being able to establish a stable user experience is the core definition of client management. Managed Client for Mac OS X, or MCX, is a subset of Open Directory, the Apple directory service. The policies set for client systems are stored within a directory as part of either a computer, group, or user record. Using centralized management to store management policies on a network database, system administrators can easily define the user experience for a large number of computers owned by the institution. MCX settings are actively cached onto the client computers, allowing the management settings to stick to the system when away from the network, a very useful practice in the growing use of digital learning environments. Being part of a directory, more specifically an LDAP (lightweight directory access protocol) directory, MCX is considered as the follow-on portion of the user experience when accessing a client computer. The first thing a user generally has to do is authenticate to a directory, whether that directory is stored locally or on the network. This authentication portion of the directory contains, at a minimum, the user’s name and password. Once the user has authenticated to the directory, the user’s authorization, or policy, is checked to see what items that user actually has permission to use. Directory Services—Authentication to Authorization For a Leopard client, there are numerous methods to provide the necessary authentication and authorization databases. The three most common network directories are OpenLDAP (Apple’s default on Mac OS X Server), Active Directory (Microsoft), and eDirectory (Novell). Although the entire process of login and policy management can easily be performed using Apple’s directory services, some sites choose to use one of the other directories to provide user account information. They sometimes even extend their directory schema, or mappings, to include the MCX settings. This document will briefly discuss how a client may need to be configured to support a non-Apple directory focus. For detailed information about these foreign directories, see the Mac OS X Server Open Directory Administration guide available on the Apple website. This is how the services fit together: Being able to establish a stable user experience is the core definition of client management. Managed Client for Mac OS X, or MCX, is a subset of Open Directory, the Apple directory service. The policies set for client systems are stored within a directory as part of either a computer, group, or user record. Using centralized management to store management policies on a network database, system administrators can easily define the user experience for a large number of computers owned by the institution. MCX settings are actively cached onto the client computers, allowing the management settings to stick to the system when away from the network, a very useful practice in the growing use of digital learning environments. Being part of a directory, more specifically an LDAP (lightweight directory access protocol) directory, MCX is considered as the follow-on portion of the user experience when accessing a client computer. The first thing a user generally has to do is authenticate to a directory, whether that directory is stored locally or on the network. This authentication portion of the directory contains, at a minimum, the user’s name and password. Once the user has authenticated to the directory, the user’s authorization, or policy, is checked to see what items that user actually has permission to use. Directory Services—Authentication to Authorization For a Leopard client, there are numerous methods to provide the necessary authentication and authorization databases. The three most common network directories are OpenLDAP (Apple’s default on Mac OS X Server), Active Directory (Microsoft), and eDirectory (Novell). Although the entire process of login and policy management can easily be performed using Apple’s directory services, some sites choose to use one of the other directories to provide user account information. They sometimes even extend their directory schema, or mappings, to include the MCX settings. This document will briefly discuss how a client may need to be configured to support a non-Apple directory focus. For detailed information about these foreign directories, see the Mac OS X Server Open Directory Administration guide available on the Apple website. This is how the services fit together:

Being able to establish a stable user experience is the core definition of client management. Managed Client for Mac OS X, or MCX, is a subset of Open Directory, the Apple directory service. The policies set for client systems are stored within a directory as part of either a computer, group, or user record. Using centralized management to store management policies on a network database, system administrators can easily define the user experience for a large number of computers owned by the institution. MCX settings are actively cached onto the client computers, allowing the management settings to stick to the system when away from the network, a very useful practice in the growing use of digital learning environments. Being part of a directory, more specifically an LDAP (lightweight directory access protocol) directory, MCX is considered as the follow-on portion of the user experience when accessing a client computer. The first thing a user generally has to do is authenticate to a directory, whether that directory is stored locally or on the network. This authentication portion of the directory contains, at a minimum, the user’s name and password. Once the user has authenticated to the directory, the user’s authorization, or policy, is checked to see what items that user actually has permission to use. Directory Services—Authentication to Authorization For a Leopard client, there are numerous methods to provide the necessary authentication and authorization databases. The three most common network directories are OpenLDAP (Apple’s default on Mac OS X Server), Active Directory (Microsoft), and eDirectory (Novell). Although the entire process of login and policy management can easily be performed using Apple’s directory services, some sites choose to use one of the other directories to provide user account information. They sometimes even extend their directory schema, or mappings, to include the MCX settings. This document will briefly discuss how a client may need to be configured to support a non-Apple directory focus. For detailed information about these foreign directories, see the Mac OS X Server Open Directory Administration guide available on the Apple website. This is how the services fit together: