Re: LDAP
Re: LDAP
- Subject: Re: LDAP
- From: Quinn <email@hidden>
- Date: Thu, 10 Nov 2005 14:40:18 +0000
At 14:07 +0000 10/11/05, Martin Crane wrote:
I need to retrieve the LDAP search base programatically from a
client computer. I see that the Internet Config API has
kICLDAPSearchbase but given that this is old technology, is this the
right thing to use?
No.
Specifically, can I expect the setting to updated when the search
base is supplied via a DHCP offer, for example?
Very unlikely.
I am trying to find out whether the user is authenticated locally or
remotely (via LDAP or any other remote authentication method) and in
the latter case to know what server granted the authentication - its
IP address or any other information would be useful too, but
primarily I need the search base,
I suspect that the way you do this is as follows.
1. Use Directory Services to look up the user's record.
2. Get the "dsAttrTypeStandard:AppleMetaNodeLocation" attribute.
This is a Directory Services path to the DS node that provided the
record. For a local user, this is "/NetInfo/DefaultLocalNode" [1].
For a remote user, it will be a path to some sort of remote DS node.
For an LDAP user, it will start with "/LDAPv3". For an Active
Directory user (remember that AD is basically LDAP with extra stuff
hung off the side), it will be "ActiveDirectory".
3. Once you have the Directory Service node, you can get attributes
from that node. This will probably contain the information you need
(although I don't have an LDAP user handy to test this assumption).
You can try this out without writing any code using the
<x-man-page://1/dscl> command line tool.
For steps 1 and 2, check out my CryptNoMore sample on the developer web site.
<http://developer.apple.com/samplecode/CryptNoMore/CryptNoMore.html>
For step 3, investigate the dsGetDirNodeInfo routine.
[1] You shouldn't make assumptions about the default local DS node
path (or, indeed, its type). Currently it's NetInfo, but that's
likely to change one day.
S+E
--
Quinn "The Eskimo!" <http://www.apple.com/developer/>
Apple Developer Technical Support * Networking, Communications, Hardware
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
- Follow-Ups:
- Re: LDAP
- From: Martin Crane <email@hidden>
- Re: LDAP
- From: Martin Crane <email@hidden>