First, you need to have your server in Workgroup mode - NOT advanced mode. Yes, you read it right - you can only use this very advanced technology when the server is in non-advanced mode.
First, connect your server to another Open Directory server via the Directory Utility. At UMich, I tried this procedure using our non-Mac OpenLDAP server, and it didn't work, so I found an Mac-based Open Directory server in the Math department to use, which did work.
Next, in the Server Preferences app, you need to import at least one user to create all of the augment records infrastructure. There are two ways to do it - you can import a user, or you can import all the users in a group.
The above shows importing a user from directory, the below, importing users from groups.
In my case, I imported all of the users in the Math Staff group. In this example, that importanted only one user - the "Kiosk User". Once you import the user(s), you'll notice what looks like another local account, but with a blue arrow icon.
The users list after the import:
Next, I opened Workgroup Manager and enabled the Inpsector from the Preferences menu. Then I selected the "Augmented" group, and found the "kiosk" user that I had just imported. The contents look just like a regular user record, but it isn't in the Users tree - it's in the Augmented tree. Additionally, note that the Record name is "Users:kiosk" rather than "kiosk" as it would be in the Users tree.
That's all well and good, but how does a system then know to use an Augment record? Inside the "Config" branch of LDAP, a new record will be created called "augmentconfiguration"...
Clicking the Edit... button for XMLPlist will reveal the goodies. In this case, it identifies the Augment Directory Node Name as being lsa-mac-roccos (this is my OD server that I imported the user on), as well as the Augmented Directory Node Name as being ldap.math.umich.edu. This was the original source of the user that I imported. This means that the client will get the primary user data from ldap.math.lsa.umich.edu, and any extra data from lsa-mac-roccos. I haven't done enough testing to determine if this is actually true - since there appears to be a full copy of the user record on lsa-mac-roccos, it may just get everything from there. Additionally, you'll notice that the XMLPlist record shown below lists just a few fields - my assumption is that it will only look for these fields on the Augment Directory Node rather than "any extra data" as I had originally assumed. Again, that aspect is yet untested.
The contents of that directory blurb are then copied down to a file
locally at /Library/Preferences/DirectoryService/SearchNodeConfig.plist. This implies that the configuration is not actually queried live by
clients that are bound to your directory, but rather this file is
queried. The file is probably just generated based on the contents of that
LDAP record when the client first binds to the server.
Here's a snippet from the LDAPv3 Plugin Config. This is just the field mapping of where to find the Augements record shown above.
