How to retrieve LDAP attributes for logged in user

Showing results for 
Search instead for 
Do you mean 
Reply
Participant II
Posts: 2
Registered: ‎08-01-2018
#1 of 3 969

How to retrieve LDAP attributes for logged in user

We have a Mac application that is responsible for retrieving LDAP attributes of the logged in user.

This application is able to retrieve LDAP attributes successfully when Mac has been bound to active directory using Apple provided native approach (System Preferences -> Users & Groups -> Login Options -> Network Account Server)

To achieve this we are using OpenDirectory APIs provided in OS X SDK.

 

Since last few days, we have switched to Centrify to bind Mac to active directory instead of above mentioned native approach.

With this, our Mac application is unable to retrieve LDAP attributes using OpenDirectory APIs provided in OS X SDK.

 

Can this be resolved by integrating DirectManage SDK for Mac?

If yes, can you please tell us how can we get access to DirectManage SDK for Mac and steps to integrate it in our Mac application.

Otherwise, please let us know if there is any other way to resolve this issue.

Centrify Advisor I
Posts: 89
Registered: ‎09-23-2015
#2 of 3 949

Re: How to retrieve LDAP attributes for logged in user

Hi @Ninad,

 

Welcome to Centrify community!

 

May we know how the application is querying the information or what information is it looking for?

 

Do you have an example ldap search query that the application will run to retrieve the information?

 

It seems like the application has hardcoded the source to the native Apple directory, and therefore once the Mac is binded with Centrify, it's no longer able to see the information it needs.

 

If there is specific attribute that it's looking for, maybe we can work around it.

 

Please keep us posted. Thank you!

 

BR,

Ivan

Participant II
Posts: 2
Registered: ‎08-01-2018
#3 of 3 900

Re: How to retrieve LDAP attributes for logged in user

Hi Ivan,

 

Thanks for the reply.

 

Please find below the source code snippet (Objective-C) that deals with retrieving the value of the given LDAP attribute:

 

NSString *attributeValue = nil; 

NSError *error = nil;

ODSession *session = [ODSession defaultSession];

ODNode *node = [ODNode nodeWithSession:session type:kODNodeTypeAuthentication error:&error];

NSArray *desiredAttributes = [NSArray arrayWithObjects:kODAttributeTypeNativeOnly, nil];

NSString *userName = NSUserName();

error = nil;

ODQuery *query = [ODQuery queryWithNode:node

forRecordTypes:kODRecordTypeUsers

  attribute:kODAttributeTypeRecordName

  matchType:kODMatchEqualTo

queryValues:userName

  returnAttributes:desiredAttributes

maximumResults:0

  error:&error];

error = nil;

NSArray *records = [query resultsAllowingPartial:NO error:&error];

for (ODRecord *record in records) {

NSArray *values = [record valueForKey:_ldapAttribute]; // value of _ldapAttribute can be any LDAP attribute i.e. mail, name, etc

if(values.count > 0) {

attributeValue = values[0];

 

break;

}

}

 

As you can see, we are using OpenDirectory APIs provided by OS X SDK to retrieve the value of given LDAP attribute.

This is working fine when our Mac is bound to active directory using Apple's native way.

This is failing when active directory binding is done using Centrify.

 

We are not looking to search the value of a specific LDAP attribute.

The attribute can be any LDAP attribute (e.g. mail, name, etc).

 

Thanks & Regards,

Ninad Vartak