site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Jason, Any suggestions? Thanks, --Matthew. ------------------------------ Message: 2 Date: Mon, 1 Nov 2004 18:58:07 -0800 From: Jason Townsend <jtownsend@apple.com> Subject: Re: DS Help To: darwin-dev@lists.apple.com Message-ID: <243F654C-9808-4301-8EE8-7882F48FF8A3@apple.com> Content-Type: text/plain; charset=US-ASCII; format=flowed From: "Mr. Wong" <keilinw@hotmail.com> In general we encourage developers to use standard types. Native types should only be used as a last resort when a standard type is not available. In the case of LDAP, native record types are currently not supported. The mappings set up in Directory Access determine the search base, scope, and optionally a list of object classes to filter on, so it wasn't quite as straightforward to pass all that information through the native record type name as it is in NetInfo. Native attributes are supported on LDAP, these are simply the native prefix followed by the name of the attribute in LDAP (for example, what you would see in the output of ldapsearch). In the case of cn=Persons, I suspect that either you want to use the People record type which is for storing inetOrgPerson/Address Book types of information, or you want the Users record type which can include login information as well as the inetOrgPerson/Address Book information. I would recommend you map one of these record type. I'm not sure what you mean by "custom" attributes... the standard vs. native distinction is fairly straightforward. The standard attribute types are defined in the Directory Services headers and documentation, and represent a namespace which can be used across multiple directory systems. The native attributes are specific to a particular directory system (or even a particular node), and represent that specific namespace as it is actually stored. The various plug-ins have to map between the standard and native types. For LDAP, any attribute which has the native prefix is interpreted to mean exactly the attribute name that follows the prefix. Directory Access is the best tool to set up/inspect LDAP mappings at the moment. Is that what you were asking? Hope that helps, -Jason _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... Yes that helps very much....I do, however, have one more question. You are saying that my "directory access" mapping settings enable me to view specified nodes from the LDAP server. With this info in mind I tried "browsing" the LDAP server with dscl. To my dismay I was NOT able to browse the node of interest (cn = Persons). I tweaked the directory access mappings to my hearts conent and still haven't been able to browse the desired node.... I am looking for some help with DS....I've been in contact with Finlay Dobie and he suggested I look here for Jason Townsend. Here is my problem... I've managed to do a dsDoAttributeValueSearch and pull some custom records / attributes of interest from the local NetInfo directory (by modifying the DSTestTool that came with the DS SDK). I've also managed to get "SOME" results from a a full blown LDAP server, but I'm having trouble specifying custom NODES with custom attributes.... .... I need to search a node with a cn = Persons... is there any easy way of doing this? Also how can I search for Custom attributes as opposed to standard or native. P.S. Where is the easiest source for the mapping between Directory Services and LDAP.... I've been usiing the "Directory Access" utility.. This email sent to site_archiver@lists.apple.com