Apple, Inc. also publishes an API called the OpenDirectory framework, permitting macOS applications to interrogate and edit the Open Directory data.
[1] With the release of Mac OS X Leopard (10.5), Apple chose to move away from using the NetInfo directory service (originally found in NeXTSTEP and OPENSTEP), which had been used by default for all local accounts and groups in every release of Mac OS X from 10.0 to 10.4.
In addition to its local directory, this OpenLDAP-based LDAPv3 domain is designed to store centralized management data, user, group, and computer accounts, which other systems can access.
Either provides an authentication model and stores password information outside of the directory domain itself.
For services that are not Kerberized, the Password Server provides the following Simple Authentication and Security Layer-based authentication methods:[4] Any Mac OS X Server system prior to 10.7 (Lion) configured as an Active Directory Master can act as a Windows Primary Domain Controller (PDC), providing domain authentication services to Microsoft Windows clients.