Apple Open Directory

Apple Open Directory is the LDAP directory service model implementation from Apple Inc. A directory service is software which stores and organizes information about a computer network's users and network resources and which allows network administrators to manage users' access to the resources.

In the context of macOS Server, Open Directory describes a shared LDAPv3 directory domain and a corresponding authentication model composed of Apple Password Server and Kerberos 5 tied together using a modular Directory Services system. Apple Open Directory is a fork of OpenLDAP.

The term Open Directory can also be used to describe the entire directory services framework used by macOS and macOS Server. In this context, it describes the role of a macOS or macOS Server system when it is connected to an existing directory domain, in which context it is sometimes referred to as Directory Services.

Apple, Inc. also publishes an API called the OpenDirectory framework, permitting macOS applications to interrogate and edit the Open Directory data.^[1]

With the release of Mac OS X Leopard (10.5), Apple chose to move away from using the NetInfo directory service (originally found in NeXTSTEP and OPENSTEP), which had been used by default for all local accounts and groups in every release of Mac OS X from 10.0 to 10.4. Mac OS X 10.5 now uses Directory Services and its plugins for all directory information. Local accounts are now registered in the Local Plugin, which uses XML property list (plist) files stored in /var/db/dslocal/nodes/Default/ as its backing storage.^[2]

^ "OpenDirectory Release Notes at developer.apple.com". Retrieved 2010-04-21.
^ "Directory Services source code at www.opensource.apple.com". Retrieved 2009-09-02.

[1] "OpenDirectory Release Notes at developer.apple.com". Retrieved 2010-04-21.

[2] "Directory Services source code at www.opensource.apple.com". Retrieved 2009-09-02.

[1]

[2]