TweetFollow Us on Twitter

Looking for Open Directory

Volume Number: 20 (2004)
Issue Number: 11
Column Tag: Programming

Looking for Open Directory

by Dean Shavit

In the Beginning, there was NetInfo

I remember being awed and mystified by NetInfo at Apple Presentations by former NeXT System Engineers of Mac OS X Server version 1 in 1999. The idea of hierarchies and domains, administrator accounts and authentication, entries and attributes seemed downright weird to a Mac OS devotee like myself. Growing into the UNIX-y side of things with OS X Server as it evolved, I found myself more and more intrigued with the control a Directory Service brought to a group of Mac users, the mount records, machine accounts, and URLs visible in NetInfo Manager provided a valuable head-scratching and learning experience, to say the least.

Initially, NetInfo was a brilliant solution to a common UNIX problem--how to distribute and consolidate user, group, and host information over a network without having to maintain copies of /etc/passwd /etc/users, /etc/groups and /etc/hosts over multiple machines. As a matter of fact, extracting and capturing valid host, passwd, and group flat files for use on a UNIX system is as easy as:

$ nidump passwd . > mypasswds.txt
$ nidump hosts  . > myhosts.txt
$ nidump group  . > mygroup.txt

The real magic came in having applications, not just users, access authentication information in a central repository--without having to duplicate flat files all over the network. Mail Services, HTTP Services, FTP Services and file services can all share the same source of authentication. NetInfo, as implemented in NeXTSTEP (the ancestor to OS X), also allowed for a hierarchical arrangement of NetInfo "Domains" or databases of information, where defining administrator accounts at the top (or root) of the hierarchy allowed for them to authenticate at any point on all of its branches, as in the illustration below, where an administrator who had an account in the Corporate domain could authenticate any workstation in either the Sales or Marketing domain, while a user with an account in Sales wouldn't be able to authenticate at a workstation in the Marketing domain.


Netinfo Domain Hierarchy

Each OS X system up to OS X 10.3, either server or client, still has a local NetInfo database that's consulted first by services and applications in need of authentication, regardless of whether the OS X workstation or server is configured to consult shared directories or foreign directories, such as Microsoft's Active Directory or Novell's eDirectory. With NetInfo as a directory service, things got much more interesting with an additional shared NetInfo database created on OS X 10.1 or 10.2 (thereby becoming a directory server), then offered up to other OS X computers on a network via a process of "binding, " which took place at reboot by automatic configuration (DHCP), static configuration (specifying the IP address of the server which hosted the shared Network NetInfo database, along with the "tag" or name of the database) or by broadcast binding (which required the creation of machine records in the shared NetInfo and was widely ignored in OS X Server, a legacy from when NexTSTEP didn't support DHCP services).

With OS X Server 10.1, configuring a shared NetInfo domain could be a hit or miss proposition for all but the most learned gurus or the most patient and stalwart administrators, with the process of creating and populating a shared domain at times resulting in a spinning disc of death. Destroying a shared NetInfo database was sometimes cause for a reinstall of the whole server. OS X Server 10.1 relied heavily on a properly configured DNS server (which is still a requirement for most OS X Servers) but with many Mac professionals just getting into UNIX (myself included) DNS configuration was a black art, soon mastered with long nights of hair-pulling.


NetInfo Manager in OS X Server 10.1

OS X Server 10.1 stored a lot of system and service configuration information in NetInfo that would be moved to XML property list (.plist) files in OS X Server 10.2 and 10.3, notably settings for the IP Firewall Service, Mail Server, and Apple File Server.

NetInfo Becomes Open Directory, with Its Apprentice, OpenLDAP

Open Directory (I), which premiered with OS X Server 10.2, was Apple's new moniker for the collection of properties and values it had previously collected in NetInfo. It had some significant enhancements other than its capability to serve up directory information through LDAP via the OpenLDAP slapd daemon. Open Directory had new features that allowed for preference management by workgroup and computer accounts with presets that made creation of users and groups more efficient. With the release of OS X Server 10.2, NetInfo was still the default method for storing shared directory data, but it had been extended into something much more interesting. Previous to the release of OS X Server 10.2, there were rumblings that NetInfo has been thrown under the bus in favor of OpenLDAP or "slapd." In reality, OS X 10.2, which ushered in the Open Directory era, was an evolutionary step towards OpenLDAP. OS X 10.2 used NetInfo for its directory storage, or "domains" which is Apple's term for the actual databases that contain the directory information, but did integrate OpenLDAP so that the shared NetInfo domains could be accessed through an LDAPv3 plug-in to the Directory Access application, via a pre-defined set of Open Directory LDAP mappings, allowing for a smoother transition to Open Directory II in OS X Server 10.3. Also a significant advance of Open Directory was the addition of the Password Server which supported multiple authentication protocols based on the Simple Authentication and Security Layer (SASL) Standard which superseded the deprecated and insecure crypt password algorithm, that OS X 10.1 (not OS 9!) clients are still forced to use to this day.


Netinfo Manger: Shared NetInfo Domain in OS X Server 10.2

Open Directory services in OS X 10.2 also introduced the Workgroup Manager Application, which allowed for the easy insertion and editing of mcx (managed user and workgroup settings) but offered no real interface for adding LDAP attributes for populating such entries as email address, phone number, department, and title that would make the LDAP support useful with clients such as Apple's Address Book or Microsoft Entourage. Insertion of such data could easily be done with good 'ol NetInfo Manager, by creating the requisite properties and values within the user records.


LDAP Contact Information in NetInfo Manager

One of the best tools for populating user records with contact and organizational information is the open-source X Windows application Directory Administrator (available at fink.sourceforge.net ) that provide pre-set fields that makes entering personal data a pleasure.

Another nice touch was the Open Directory Assistant, which guided admins through the setup of directory domains and the password server and came in handy as a troubleshooting tool for those who forgot that the password server was necessary for authenticating Windows clients and gave themselves a "Basic" (now labeled "Crypt") password in Workgroup Manager denying them the privilege to set password server passwords for other users. With OS X Server 10.3, it's done by deleting the .AppleSetupDone file in /var/db and rebooting, which forces the Server Setup Assistant to run, allowing the administrator to reset their password and become a password server administrator once again. Upon setting up Open Directory, the personal installing OS X Server had three basic choices for a directory. First, they could store user account information in a local directory (single local NetInfo Domain). Second, they could connect to a directory on another server either by NetInfo or LDAP or NIS. Third, they could choose to host a directory that other computers and servers could access over the network (shared NetInfo domain) and could enable LDAP support for NetInfo. Each change or session of the Open Directory Assistant required a reboot, but it was a vast improvement over the riskiness of adding or deleting directory domains in OS X Server 10.1. Jaguar Server also proved the value of Apple's Workgroup Management scheme, modeled loosely on the interface and features of Macintosh Manager, the Classic Mac Managed Workgroup solution, but delivered with the robustness and reliability that Macintosh Manager administrators could only dream of.

Open Directory II: The Apprentice is now the Master

They went ahead and did it, they really did! It's extremely unusual, in the spirit of NIH (not invented here), that a computer company with as rich of a tradition as Apple (and NeXT) would dump its home-brewed network directory structure in favor of an open-source replacement, but that's exactly what happened in OS X Server 10.3. Shared NetInfo domains were no more, replaced by Open Directory Masters that used OpenLDAP exclusively and BerkleyDB as the back-end storage for the directory domain. An Open Directory Master with sufficient memory and storage can operate smoothly with 100,000 user accounts and can handle 250 simultaneous LDAP connections! For larger networks, this meant that it might no longer be necessary to arrange servers in hierarchies, as with NetInfo, allowing more flexibility in management and authentication.

Setting up and installing OS X Server is still relatively straightforward, the Open Directory Assistant morphed into the new Server Setup Assistant and gave up some of its capabilities to the new Server Admin application. On first look, Open Directory II appears little changed from Open Directory for Jaguar Server. However, the nomenclature has changed significantly. A shared domain is now an "Open Directory Master." A local directory is labeled a "Standalone Server." With these shades of Microsoft-speak, Apple accomplished once again what the others dared not to imagine: with Panther Server, an administrator could change the structure (role) of Open Directory without rebooting. Try that on a Windows Server! How did Apple do it? Well, OpenLDAP is quite a different beast than NetInfo. While NetInfo domains bound together at boot time, Open Directory II acts as an external directory domain connected locally at /LDAPv3/127.0.0.1, which is the same as a connection to an LDAP directory running on a different server at another IP address.


Choosing Directory Domain in WorkGroup Manager


Custom Search Path on Open Directory Master

Note that the Server Admin or Server Assistant adds the Open Directory Master LDAP node with the "Custom path" as if it were manually connected computer. As a matter of fact, aside from a few very important differences, which I'll get to later, there's really little difference between the way an OS X client would connect to an Open Directory II Master and the way the OS X Server that hosts it actually connects.

Connecting an OS X Server to another Open Directory Server is also accomplished through the LDAPv3 plug-in in Directory Access, using the "Open Directory Server" built-in mappings. There's a plug-in for Active Directory that doesn't require editing the Active Directory Schema to leverage accounts on a Windows 2000 or 2003 Server. Open Directory Masters can emulate Windows Domain Controllers for Windows Workstations allowing a single OS X Server to act as both home directory host and authentication server to mixed environments.

In addition to Apple's Password Server, Open Directory II features a new authentication authority: Kerberos. Given a properly configured DNS Server on the network or on the Open Directory Server itself, an Open Directory Master auto-configures itself as a KDC (Key Distribution Center) for OS X 10.3 clients (without additional configuration) and OS X 10.2 clients configured with the proper /etc/authorization edits, /etc/ krb5.keytab files, and edu.mit.Kerberos preference files. All OS X 10.3 clients receive their edu.mit.Kerberos preferences through the kerberosautoconfig command. The following from the man page describes the process:

the kerberosautoconfig command creates the 
edu.mit.Kerberos file from information stored in the open 
directory config record named KerberosClient. The existing 
edu.mit.Kerberos file is only replaced if the autogenerated 
header is present and the generation_id in the KerberosClient 
config record is greater than that within the file. The default 
location of the output file is /Library/Preferences/edu.mit.Kerberos.

This addition to Kerberos is Apple's unique method of simplifying the configuration of an authentication protocol that typically requires much work at the command-line. Even the task of adding other OS X Servers to the Kerberos Realm is a relatively simple process that allows multiple servers connected to a an Open Directory Master to grant access to services like ssh, afp, ftp, pop and imap without having users re-authenticate. When I first got single-sign on going here at our training lab, I was startled to be able to ssh into a server without authenticating again! It's easy to get used to, though! With Kerberos being the main authentication protocol for Windows Servers, and being supported by every major OS (even OS 9!), it's great to see Apple embracing an open standard and improving on it....wait did I just say that? Let me repeat myself, and repeat....

Only once an administrator starts scratching the surface of the Panther Server's Workgroup Manager application, specifically by going to its Preferences dialog and checking the "All Records" tab and inspector, does it becomes clear how much Apple has enriched Open Directory II.


Enabling "All Records" and Inspector in Workgroup Manager

Of course, such enrichment can't come without a requisite warning:


Danger Will Robinson!

Looking at the raw directory data is an interesting way to twiddle an evening or two away.


Raw LDAP Data in Workgroup Manager

Clicking on the "New Attribute..." button brings up a window with a popup of all supported Open Directory attributes. However, Workgroup Manager falls way short of NetInfo Manager in one significant way. It does not allow the person editing the directory data to see the hierarchy, structure, or relationships between much the attributes. NetInfo Manager still exists, but none of the Open Directory Data is really visible there on an Open Directory Master anymore. For instance, it is possible to add a KDCConfigData attribute, but it is not possible, without working with the command-line dscl tool, to get a sense of where in the LDAP directory it should go.

rclark:~ rclark$ dscl -u rclark -p /LDAPv3/127.0.0.1/ -list /Config                 
Password: 
KerberosClient
KerberosKDC
ldapreplicas
macosxodconfig
mcx_cache
passwordserver

Mcx_cache and passwordserver are familiar holdovers from Open Directory II. KerberosClient and KerberosKDC are new additions to the family. A closer look at the KerberosClient attribute reveals the magic of Apple's Kerberos implementation:

dscl -u rclark -p /LDAPv3/127.0.0.1/ -read /Config/KerberosClient

cn: KerberosClient
objectClass: apple-configuration top
AppleMetaNodeLocation: /LDAPv3/127.0.0.1
PasswordPlus: ********
RecordName: KerberosClient
XMLPlist: <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" 
     "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>edu.mit.kerberos</key>
        <dict>
                <key>domain_realm</key>
                <dict>
                        <key>.most.com</key>
                        <string>RCLARK.MOST.COM</string>
                        <key>most.com</key>
                        <string>RCLARK.MOST.COM</string>
                </dict>
                <key>libdefaults</key>
                <dict>
                        <key>default_realm</key>
                        <string>RCLARK.MOST.COM</string>
                </dict>
                <key>realms</key>
                <dict>
                        <key>RCLARK.MOST.COM</key>
                        <dict>
                                <key>KADM_List</key>
                                <array>
                                        <string>rclark.most.com</string>
                                </array>
                                <key>KDC_List</key>
                                <array>
                                        <string>rclark.most.com</string>
                                </array>
                        </dict>
                </dict>
        </dict>
        <key>generationID</key>
        <integer>1114977345</integer>
</dict>
</plist>

Here's the property list (.plist) used to automatically generate the edu.mit.Kerberos file when an OS X 10.3 client logs into an Open Directory Master with a running Kerberos KDC (Key Distribution Center).

Open Directory II also allows setting the passwords of multiple users simultaneously, as well as setting other attributes, such as home directory path. Just make a multiple selection of user accounts in Workgroup Manager and set a password for all of the users, check the option to "change password at next login" and with the correct password policies in place, there's no more need to worry about setting unique passwords and recording them. Password policies have expanded to include password length, composition of number and letters, difference from account name, and difference from last x number of passwords used when a change of password is required, though Open Directory still lacks an allow/deny schedule for users and groups.


Password Properties in Server Admin

The ldapreplicas attribute is a new addition to Open Directory as well. With two unique serial numbers (don't try it without them), an Open Directory Master will replicate the directory, password server, and Kerberos KDC to another OS X 10.3 Server in its entirety, and quickly. It takes just a few minutes to replicate an Open Directory Master on a 100-megabit Ethernet network with a few hundred users and a KDC. This is great for large educational institutions and enterprises concerned about downtime. Replication can occur on a schedule, or whenever the Open Directory Master is changed. Failover occurs naturally and the client logs into the first available replica.

Searching for the "Look"

OS X Server 10.3 is certainly one beast of a Directory server, but it does share one unfortunate characteristic with Windows 2000 and 2003 Server that its predecessors didn't. Though Workgroup Manager gives administrators access to all LDAP attributes and values, it doesn't allow for the hierarchical view that NetInfo manager provided in previous iterations of OS X Server. As with Windows Servers, administrators can see parts of the directory in certain applications, but never the "whole" thing. Certain important elements, such as the /Config container, aren't readily visible, even from using the command-line utilities. I, for one, despite have been dipped in the river of UNIX, am still a very visual person--things tend to make more sense to me if I can visualize them, eyeball them. GUIs make me smile.

So, my search for a utility (Directory Administrator, despite being a great editor, doesn't have a hierarchical mode) to view Open Directory II was on. I toyed around with phpldapadmin (http://phpldapadmin.sourceforge.net/) other web-based utilities, frankly I wanted something I could run on an iBook or Powerbook without having to configure a web server. Eventually, I stumbled upon a great utility called LBE.jar (short for LDAP Browser/Editor), a Java applet that finally gave me that "look" I'd been missing from previous version of OS X Server. LBE (http://www-unix.mcs.anl.gov/~gawor/ldap/) is old software (it hasn't been updated since 2002), but seems to work perfectly with Open Directory, which is either a testament to Open Directory's adherence to the OpenLDAP standard, or LBE's adherence to it, or both.

Downloading and unpacking LBE is simple, and requires no further tweaking to work on OS X 10.3.5. It launches with a double-click on the LBE.jar file. Configuring LBE to connect to Open Directory isn't very straightforward--it took me a few tries to get it right, as in the screenshot below:


Configure LDAP Connection in LBE.jar

Browsing Open Directory with LBE is certainly an eye-opening experience! Finally, I have a hierarchical tool that not only reveals all of the attributes, but shows them in proper relation to their container, sub containers, and organizational units. LBE is a great learning tool for connecting the "LDAP dots", but I'm not about to start editing Open Directory attributes with it...I'm a little concerned that it might not write the data properly, so I'd have to recommend that any editing be done on a test server, rather than a production server. I'm also a little concerned that it may be sending my account and password in the clear, so I'm careful not to run it over any network I'm unsure about, especially WAPs (Wireless Access Points).


Hierarchical View of Open Directory LDAP Master

Just about everything's connecting to LDAP these days, and not just address books. Soon, even freeware content management systems may have the ability to connect directly to and OS X Server for user and group information, ecommerce accounts created at online stores will live in LDAP on OS X Servers. Some of the latest builds of the PHP (Pre Hypertext Processor) library have LDAP support rolled in. And who knows what Apple will have up its sleeve for Open Directory III due out in mid-2005 with Tiger Server? Given the pre-announcement of several features, I can safely guestimate that new attributes will appear for access control lists (ACLs), Windows Group and User Policies (yes, there'll probably be registry information living, like alien larvae, in Open Directory), and new Kerberos Features that allow Windows clients authenticated by Windows Server KDCs to access services on an OS X Server, not to mention some new home directory options. It's great to see Apple embracing an open standard and improving on it....wait did I just say that again? Let me repeat myself, and repeat....and repeat.


Dean Shavit is an ACSA (Apple Certified System Administrator) who leads training sessions and manages consulting projects for MOST (Mac OS Training & Consulting) in Chicago. If you have questions or feedback you can contact him at dean@macworkshops.com.

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

Final Cut Pro 10.6.4 - Professional vide...
Redesigned from the ground up, Final Cut Pro combines revolutionary video editing with a powerful media organization and incredible performance to let you create at the speed of thought.... Read more
iMovie 10.3.4 - Edit personal videos and...
With a streamlined design and intuitive editing features, iMovie lets you create Hollywood-style trailers and beautiful movies like never before. Browse your video library, share favorite moments,... Read more
Motion 5.6.2 - Create and customize Fina...
Motion is designed for video editors, Motion 5 lets you customize Final Cut Pro titles, transitions, and effects. Or create your own dazzling animations in 2D or 3D space, with real-time feedback as... Read more
iMazing 2.15.8 - Complete iOS device man...
iMazing is the world’s favourite iOS device manager for Mac and PC. Millions of users every year leverage its powerful capabilities to make the most of their personal or business iPhone and iPad.... Read more
VueScan 9.7.90 - Scanner software with a...
VueScan is a scanning program that works with most high-quality flatbed and film scanners to produce scans that have excellent color fidelity and color balance. VueScan is easy to use, and has... Read more
Compressor 4.6.2 - Adds power and flexib...
Compressor adds power and flexibility to Final Cut Pro X export. Customize output settings, work faster with distributed encoding, and tap into a comprehensive set of delivery features. Features:... Read more
Capture One 15.3.2.11 - RAW workflow sof...
Capture One is a professional RAW converter offering you ultimate image quality with accurate colors and incredible detail from more than 400 high-end cameras - straight out of the box. It offers... Read more
Vivaldi 5.4.2753.28 - An advanced browse...
Vivaldi is a browser for our friends. We live in our browsers. Choose one that has the features you need, a style that fits and values you can stand by. From the look and feel, to how you interact... Read more
Parallels Desktop 18.0.0 - Run Windows a...
Parallels allows you to run Windows and Mac applications side by side. Choose your view to make Windows invisible while still using its applications, or keep the familiar Windows background and... Read more
TechTool Pro 16.0.1 - Hard drive and sys...
TechTool Pro has long been one of the foremost utilities for keeping your Mac running smoothly and efficiently. With the release of this version, it has become more proficient than ever. Main... Read more

Latest Forum Discussions

See All

Turn-Based RPG ‘Avatar: Generations’ Sof...
Square Enix London Mobile, Navigator Games, and Paramount Consumer Products just announced that the turn-based RPG Avatar: Generations based on Nickelodeon’s Avatar: The Last Airbender is soft launching this month for mobile. Avatar: Generations is... | Read more »
Tower of Fantasy launches today and brin...
Level Infinite and Hotta Studio have announced the release of their very ambitious looking shared open world MMORPG Tower of Fantasy. With its cross-platform functionality between PC and mobile, it looks to be one to roll the dice on and enjoy at... | Read more »
‘Genshin Impact’ Version 3.0 Gets a New...
After HoYoverse released Genshin Impact (Free) version 2.8 on all platforms, the company has slowly been teasing the major upcoming 3.0 update. This update features the Sumeru region with many characters. While details on the update including a... | Read more »
Out Now: ‘Tower of Fantasy’, ‘Tightrope...
Each and every day new mobile games are hitting the App Store, and so each week we put together a big old list of all the best new releases of the past seven days. Back in the day the App Store would showcase the same games for a week, and then... | Read more »
SwitchArcade Round-Up: ‘Book Quest’, ‘Cl...
Hello gentle readers, and welcome to the SwitchArcade Round-Up for August 10th, 2022. In today’s article, we’ve got a little news about an update to a game I really like, a few new releases to summarize, and some sales to look at. A bit of a quiet... | Read more »
‘Pine Tar Poker’ is an Otherworldly Poke...
Developer BJ Malicoat, who put out the well-received and former Apple Game of the Day pick Downwordly in June of last year, is back working on another mobile game project called Pine Tar Poker, and it has caught my attention. Why? Because it’s a... | Read more »
Darkness Rises celebrates four years of...
Four years of uptime for a mobile game is akin to eternity, and this is exactly the milestone that Darkness Rises has reached. It is important for developers to keep updating to keep the game fresh, and NEXON has announced a massive anniversary... | Read more »
Keep Your Smatphone’s Case On When Using...
The original Gamevice was born as a sort of offshoot of the weird Wikipad gaming tablet/controller/hybrid thing way back in 2014. Interestingly, the first Gamevice controller for iOS only supported the iPad mini and launched in 2015, with versions... | Read more »
SwitchArcade Round-Up: A ‘Splatoon 3’ Ni...
Hello gentle readers, and welcome to the SwitchArcade Round-Up for August 9th, 2022. In today’s article, we’ve got some news about a Splatoon 3 Nintendo Direct, a review of QUByte’s Thunderbolt Collection, a single new release summary, and the usual... | Read more »
Orangepixel’s Pacifist Survival Game ‘Re...
Back in June we learned that long-time mobile developer Orangepixel, who also makes games for PC and consoles (including the Atari VCS!), would be bringing the unique survival game Residual to mobile devices sometime this year. Originally launched... | Read more »

Price Scanner via MacPrices.net

Apple has 24-inch M1 iMacs available starting...
Apple has 24-inch M1 iMacs with M1 CPUs (8-core CPU/7-core GPU) available today in their Certified Refurbished store for $1099 shipped. Their price is $200 off standard MSRP. Each iMac is in like-new... Read more
13″ M1 MacBook Airs in stock today for $799,...
QuickShip Electronics has open-box return 13″ M1 MacBook Airs in stock and on sale for $200 off MSRP on their eBay store right now, each with free express delivery. According to QuickShip, “The item... Read more
In stock today: Mac Studio models for up to $...
Apple retailer Expercom has Mac Studio models in stock today and on sale for up to $400 off Apple’s MSRP, depending on configuration. Their prices are the lowest price available for a Mac Studio from... Read more
Mac mini with M1 CPU and 512GB of storage on...
Amazon has the M1 Mac mini with a 512GB SSD in stock today on sale for $749.99 including free shipping. Their price is $150 off Apple’s MSRP, and it’s the lowest price available for this... Read more
Need a Mac or iPad for school? Get a free App...
Apple’s Back to School promotion for 2022 continues to run through September 26, 2022. As part of this promotion, Apple will include a free $150 Apple Gift Card with the purchase of any MacBook Air,... Read more
Apple Watch SE on sale for $50 off MSRP
Amazon has Apple Watch SE GPS models on sale for $50 off MSRP for a limited time, each including free shipping. Their prices are the lowest currently available for SE Watches: – 40mm Apple Watch SE... Read more
Save $310 on a 14″ 24-core GPU M1 Max MacBook...
Save $310 on 14″ MacBook Pros with 24-core M1 Max processors at Apple (32GB RAM/1TB SSD) with these Certified Refurbished models in stock today for $2789 in Space Gray or Silver colors. Regular price... Read more
14″ M1 Pro MacBook Pros available today at Ap...
Apple has Certified Refurbished standard-configuration 14″ MacBook Pros with M1 Pro CPUs available today for up to $250 off original MSRP, starting at $1799. Each model features a new outer case,... Read more
13″ MacBook Air with M2 CPU, in Starlight, on...
Apple retailer Expercom has the new Starlight 13″ MacBook Air with an M2 CPU (8GB RAM/256GB SSD) on sale for $1135.05, shipped, through August 12, 2022. Their price is $64 off Apple’s MSRP, and it’s... Read more
14″ M1 Pro MacBook Pro with 1TB SSD on sale f...
Expercom is offering a $200 instant discount on the 14″ M1 Pro MacBook Pro with a 1TB SSD through August 12, 2022. Their discount reduces the price of this configuration to $1999 shipped — the lowest... Read more

Jobs Board

Solutions Engineering Manager - *Apple* - S...
…in our Hardware and Advanced Solutions group leading and developing our Apple technical practice to increase revenue and profitability. The ideal candidate would Read more
Operations Associate - *Apple* Blossom Mall...
Operations Associate - Apple Blossom Mall Location:Winchester, VA, United States (https://jobs.jcp.com/jobs/location/191170/winchester-va-united-states) - Apple Read more
Cashier - *Apple* Blossom Mall - JCPenney (...
Cashier - Apple Blossom Mall Location:Winchester, VA, United States (https://jobs.jcp.com/jobs/location/191170/winchester-va-united-states) - Apple Blossom Mall Read more
Omnichannel Associate - *Apple* Blossom Mal...
Omnichannel Associate - Apple Blossom Mall Location:Winchester, VA, United States (https://jobs.jcp.com/jobs/location/191170/winchester-va-united-states) - Apple Read more
Sephora Beauty Advisor - *Apple* Blossom Ma...
Sephora Beauty Advisor - Apple Blossom Mall Location:Winchester, VA, United States (https://jobs.jcp.com/jobs/location/191170/winchester-va-united-states) - Apple Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.