• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: LDAP
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LDAP

  • Subject: Re: LDAP
  • From: Quinn <email@hidden>
  • Date: Thu, 10 Nov 2005 14:40:18 +0000
At 14:07 +0000 10/11/05, Martin Crane wrote:
I need to retrieve the LDAP search base programatically from a client computer. I see that the Internet Config API has kICLDAPSearchbase but given that this is old technology, is this the right thing to use? 

No.

Specifically, can I expect the setting to updated when the search base is supplied via a DHCP offer, for example? 

Very unlikely.

I am trying to find out whether the user is authenticated locally or remotely (via LDAP or any other remote authentication method) and in the latter case to know what server granted the authentication - its IP address or any other information would be useful too, but primarily I need the search base, 

I suspect that the way you do this is as follows.

1. Use Directory Services to look up the user's record.

2. Get the "dsAttrTypeStandard:AppleMetaNodeLocation" attribute. This is a Directory Services path to the DS node that provided the record. For a local user, this is "/NetInfo/DefaultLocalNode" [1]. For a remote user, it will be a path to some sort of remote DS node. For an LDAP user, it will start with "/LDAPv3". For an Active Directory user (remember that AD is basically LDAP with extra stuff hung off the side), it will be "ActiveDirectory".

3. Once you have the Directory Service node, you can get attributes from that node. This will probably contain the information you need (although I don't have an LDAP user handy to test this assumption).

You can try this out without writing any code using the <x-man-page://1/dscl> command line tool.

For steps 1 and 2, check out my CryptNoMore sample on the developer web site.

<http://developer.apple.com/samplecode/CryptNoMore/CryptNoMore.html>

For step 3, investigate the dsGetDirNodeInfo routine.

[1] You shouldn't make assumptions about the default local DS node path (or, indeed, its type). Currently it's NetInfo, but that's likely to change one day.

S+E
--
Quinn "The Eskimo!"                    <http://www.apple.com/developer/>
Apple Developer Technical Support * Networking, Communications, Hardware
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: LDAP

      • From: Martin Crane <email@hidden>
      • 

    • Re: LDAP

      • From: Martin Crane <email@hidden>
      • 





References: 


 >Intercepting IPv6 ND packets (From: Jonathan Wood <email@hidden>)


 >Re: Intercepting IPv6 ND packets (From: "Peter Lovell" <email@hidden>)


 >Re: Intercepting IPv6 ND packets (From: Jonathan Wood <email@hidden>)


 >Re: Intercepting IPv6 ND packets (From: Josh Graessley <email@hidden>)


 >Re: Intercepting IPv6 ND packets (From: Jonathan Wood <email@hidden>)


 >LDAP (From: Martin Crane <email@hidden>)






    

  • Prev by Date:
LDAP

    • 

  • Next by Date:
Re: LDAP

    • 

  • Previous by thread:
LDAP

    • 

  • Next by thread:
Re: LDAP

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •