Open Directory and the dscl Tool
Open Directory is the built-in Mac OS X directory system that system and application processes can use to store and find administrative information about resources and users. Open Directory includes components such as OpenLDAP and Kerberos for providing local and remote authentication.
By default, each Mac OS X computer runs client and server processes, but the server only serves to the local client. You can also bind client computers to servers other than the local server over a number of protocols including LDAP. Information is then accessed in a hierarchical scheme. In such a scheme, each client computer accesses the union of the information provided first by its local server and then by any higher-level servers it is bound to.
Directory Services is the default way that Mac OS X stores user and some network information. When a user is added, the system automatically adds their information to a local database using Open Directory. Traditional tools such as adduser either do not exist or do not work as you might expect. You can add users and groups in several ways:
Through the Users pane of System Preferences
Through
/Applications/Utilities/Directory(for adding groups)From the command line (see “Example: Adding a User From the Command Line”)
You can find more information on NetInfo in the manual pages for netinfo, netinfo, nidump, nicl, nifind, niload, niutil, and nireport on a computer running Mac OS X v10.4 or earlier. NetInfo is no longer supported in Mac OS X v10.5 and later. You should use Directory Service functionality instead.
You can find more information on Directory Service in Open Directory Programming Guide, Mac OS X Server Open Directory Administration, and the manual pages DirectoryService, dscl, dsconfigldap, dsexport, dsimport, and dsperfmonitor.
Example: Adding a User From the Command Line
This section shows a simple example of using the Directory Service command-line tool, dscl, to add a user to the system. The example specifies some of the properties that you would normally associate with any user.
Note: These commands must be run as the root user. If you are executing them from the command line manually, you should do this with sudo. If you are using them in a script, you should use sudo when running the script.
Create a new entry in the local (
/) domain under the category/users.dscl / -create /Users/portingunixCreate and set the shell property to
bash.dscl / -create /Users/portingunix UserShell /bin/bashCreate and set the user’s full name.
dscl / -create /Users/portingunix RealName "Porting Unix Applications To Mac OS X"Create and set the user’s ID.
dscl / -create /Users/portingunix UniqueID 503Create and set the user’s group ID property.
dscl / -create /Users/portingunix PrimaryGroupID 1000Create and set the user home directory. (Despite the name
NFSHomeDirectory, this can also be used for a path to a home directory on a local volume.)dscl / -create /Users/portingunix NFSHomeDirectory /Network/Servers/techno/Users/portingunixor
dscl / -create /Users/portingunix NFSHomeDirectory /Users/portingunixSet the password.
dscl / -passwd /Users/portingunix PASSWORDor
passwd portingunixTo make that user useful, you might want to add them to the admin group.
dscl / -append /Groups/admin GroupMembership portingunix
This is essentially what System Preferences does when it makes a new user, but the process is presented here so you can see more clearly what is going on behind the scenes with the database. A look through the hierarchies using dscl interactively also helps you understand how the database is organized.
Last updated: 2008-04-08
  |
||
|
|
|
|
| ||
Get information on Apple products.
Visit the Apple Store online or at retail locations. 1-800-MY-APPLE Copyright © 2007 Apple Inc. All rights reserved. | Terms of use | Privacy Notice |