Re: LDAP
Re: LDAP
- Subject: Re: LDAP
- From: Martin Crane <email@hidden>
- Date: Fri, 11 Nov 2005 09:16:23 +0000
Sorry, maybe I phrased my original question badly. I don't want to
authenticate the user, as seems to be the requirement in the
CryptNoMore sample. I simply want to find out the server which
already authenticated the user at the Login Window and retrieve its
LDAP search base - that which is set either in the Directory Access
app or supplied via a DHCP offer.
For our uses, we require an app on each computer which will run after
login time, and that should determine the logged in user name and the
LDAP search base of the server which authenticated the user. This
information will then be sent to our own proprietary server on the
network and used for our own authentication purposes.
Thanks,
Martin
On 10 Nov 2005, at 14:40, Quinn wrote:
At 14:07 +0000 10/11/05, Martin Crane wrote:
I need to retrieve the LDAP search base programatically from a
client computer. I see that the Internet Config API has
kICLDAPSearchbase but given that this is old technology, is this
the right thing to use?
No.
Specifically, can I expect the setting to updated when the search
base is supplied via a DHCP offer, for example?
Very unlikely.
I am trying to find out whether the user is authenticated locally
or remotely (via LDAP or any other remote authentication method)
and in the latter case to know what server granted the
authentication - its IP address or any other information would be
useful too, but primarily I need the search base,
I suspect that the way you do this is as follows.
1. Use Directory Services to look up the user's record.
2. Get the "dsAttrTypeStandard:AppleMetaNodeLocation" attribute.
This is a Directory Services path to the DS node that provided the
record. For a local user, this is "/NetInfo/DefaultLocalNode" [1].
For a remote user, it will be a path to some sort of remote DS
node. For an LDAP user, it will start with "/LDAPv3". For an
Active Directory user (remember that AD is basically LDAP with
extra stuff hung off the side), it will be "ActiveDirectory".
3. Once you have the Directory Service node, you can get attributes
from that node. This will probably contain the information you
need (although I don't have an LDAP user handy to test this
assumption).
You can try this out without writing any code using the <x-man-
page://1/dscl> command line tool.
For steps 1 and 2, check out my CryptNoMore sample on the developer
web site.
<http://developer.apple.com/samplecode/CryptNoMore/CryptNoMore.html>
For step 3, investigate the dsGetDirNodeInfo routine.
[1] You shouldn't make assumptions about the default local DS node
path (or, indeed, its type). Currently it's NetInfo, but that's
likely to change one day.
S+E
--
Quinn "The Eskimo!" <http://www.apple.com/
developer/>
Apple Developer Technical Support * Networking, Communications,
Hardware
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40vicomsoft.com
This email sent to email@hidden
Regards,
Martin Crane
Macintosh Software Engineer
http://www.vicomsoft.com
Policing For Productivity
________________________________________________________
Vicomsoft is a dynamic market leader in Content Filtering, Internet
Connectivity and Firewall Software, with an award-winning portfolio
specifically designed for Mac OS X and Windows
________________________________________________________
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden