Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: LDAP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LDAP

Subject: Re: LDAP
From: Martin Crane <email@hidden>
Date: Thu, 10 Nov 2005 14:48:57 +0000

Thanks, Quinn. I'll take a look.

-Martin

On 10 Nov 2005, at 14:40, Quinn wrote:

At 14:07 +0000 10/11/05, Martin Crane wrote:
I need to retrieve the LDAP search base programatically from a client computer. I see that the Internet Config API has kICLDAPSearchbase but given that this is old technology, is this the right thing to use?
No.
Specifically, can I expect the setting to updated when the search base is supplied via a DHCP offer, for example?
Very unlikely.
I am trying to find out whether the user is authenticated locally or remotely (via LDAP or any other remote authentication method) and in the latter case to know what server granted the authentication - its IP address or any other information would be useful too, but primarily I need the search base,
I suspect that the way you do this is as follows.
1. Use Directory Services to look up the user's record.
2. Get the "dsAttrTypeStandard:AppleMetaNodeLocation" attribute. This is a Directory Services path to the DS node that provided the record. For a local user, this is "/NetInfo/DefaultLocalNode" [1]. For a remote user, it will be a path to some sort of remote DS node. For an LDAP user, it will start with "/LDAPv3". For an Active Directory user (remember that AD is basically LDAP with extra stuff hung off the side), it will be "ActiveDirectory".

3. Once you have the Directory Service node, you can get attributes from that node. This will probably contain the information you need (although I don't have an LDAP user handy to test this assumption).

You can try this out without writing any code using the <x-man- page://1/dscl> command line tool.

For steps 1 and 2, check out my CryptNoMore sample on the developer web site.
<http://developer.apple.com/samplecode/CryptNoMore/CryptNoMore.html>
For step 3, investigate the dsGetDirNodeInfo routine.
[1] You shouldn't make assumptions about the default local DS node path (or, indeed, its type). Currently it's NetInfo, but that's likely to change one day.

S+E -- Quinn "The Eskimo!" <http://www.apple.com/ developer/> Apple Developer Technical Support * Networking, Communications, Hardware _______________________________________________ Do not post admin requests to the list. They will be ignored. Macnetworkprog mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: 40vicomsoft.com

This email sent to email@hidden


Regards,

Martin Crane Macintosh Software Engineer http://www.vicomsoft.com Policing For Productivity ________________________________________________________ Vicomsoft is a dynamic market leader in Content Filtering, Internet Connectivity and Firewall Software, with an award-winning portfolio specifically designed for Mac OS X and Windows ________________________________________________________


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden



References:  
  >Intercepting IPv6 ND packets (From: Jonathan Wood <email@hidden>)
  >Re: Intercepting IPv6 ND packets (From: "Peter Lovell" <email@hidden>)
  >Re: Intercepting IPv6 ND packets (From: Jonathan Wood <email@hidden>)
  >Re: Intercepting IPv6 ND packets (From: Josh Graessley <email@hidden>)
  >Re: Intercepting IPv6 ND packets (From: Jonathan Wood <email@hidden>)
  >LDAP (From: Martin Crane <email@hidden>)
  >Re: LDAP (From: Quinn <email@hidden>)




Prev by Date:
Re: LDAP

Next by Date:
Re: A call to 'CloseOpenTransportInContext' blocks forever - why?

Previous by thread:
Re: LDAP

Next by thread:
Re: LDAP

Index(es):

Date
Thread