Backing up and restoring files, Backing up a password server, Backing up root and administrator user accounts – Apple Mac OS X Server (version 10.2.3 or later) User Manual

Users and Groups

209

To enable LDAP bind user authentication using Workgroup Manager:

1

Make sure the account for a user whose password you want to validate using LDAP bind
resides on an LDAPv3 server in the search path of the Mac OS X computer that needs to
validate the password.

See Chapter 2, “Directory Services,” for information about configuring LDAPv3 server
connections. Avoid mapping the password attribute when configuring the connection; bind
authentication will occur automatically. Also, set up the connection so it uses SSL in order to
protect the password, passed in clear text, while it is in transit.

2

In Workgroup Manager, open the account you want to work with if it is not already open.

To open an account, click the Accounts button, then use the At pop-up menu to open the
LDAPv3 directory domain where the user’s account resides. Click the lock to be
authenticated, then select the user in the user list.

3

On the Advanced tab, choose Basic from the “User Password Type” pop-up menu.

4

On the Basic tab, make sure the Password field is empty.

Backing Up and Restoring Files

Regularly back up your Password Server as well as your root and administrator user accounts.

Backing Up a Password Server

Back up your Password Server frequently. When you do so, also back up any directory
domain(s) that use the Password Server:

m To back up a Password Server, back up the folder /var/db/authserver. Make sure that your

Password Server backup files are as carefully secured as the computer hosting your
Password Server.

m See Chapter 2, “Directory Services,” for information on backing up directory domains.

If you restore the Password Server, make sure you also restore the corresponding directory
domains at the same time.

Backing Up Root and Administrator User Accounts

System files are owned by root or system administrator user IDs that exist at the time they
are created. Should you need to restore system files, the same IDs should exist on the server
so that the original permissions are preserved.

To ensure that you can re-create these user IDs, periodically export the server’s user and
group information to a file as “Importing and Exporting User and Group Information” on
page 181 describes.

LL0395.Book Page 209 Wednesday, November 20, 2002 11:44 AM