Well, I’ve been reading this guys blog. He’s really smart, and alot of good working advice on his site.
He has a bunch of information that has been really helpful in my attempts at getting OS X to interoperate with my LDAP server. I’m now making users in LDAP that can login to my laptop, sans home directory, and OS X will make that for them, and everything. So, that is pretty great.
Now I just need to test various things, and answer various other interesting questions. Mostly concerning the legacy netinfo database, and how that impacts queries to the ldap server, and how the results form those queries impact user privileges.
It’s all pretty interesting.
Thanks for the compliments!
You can do some interesting things with the combo of a central LDAP directory service and the local NetInfo database. For example, if you log on as an LDAP user and then open the Accounts prefs pane, you can check the box that gives that user admin privileges. This actually adds the LDAP user to the admin group in the local NetInfo database. Therefore, the LDAP user has admin rights on _that machine only_.
You should look into Mobile Accounts - the problem with LDAP users and laptops is that when you are off the network, LDAP users can’t log in, even if they have local home dirs.