Page 3 - Contents; Introduction; Introduction 7; Chapter 1; Concepts 9; Chapter 2; Working with Nodes 25; Chapter 3; Working with Records 33
Contents Introduction Introduction 7 Organization of This Document 7 See Also 7 Chapter 1 Concepts 9 Open Directory Overview 9 Nodes 10 Search Policies and Search Nodes 12 Record Types 12 Standard Attribute Types 14 Native Attribute Types 15 Authentication 15 Directory Proxy 21 Open Directory, looku...
Page 7 - Organization of This Document; This book contains the following chapters:; See Also; Refer to the following reference document for Open Directory:
This manual describes the Open Directory application programming interface for Mac OS X v10.4. OpenDirectory is a directory service architecture whose programming interface provides a centralized way forapplications and services to retrieve information stored in directories. The Open Directory archi...
Page 9 - Open Directory Overview; Open Directory Plug-ins; Concepts
Open Directory is a directory service architecture whose programming interface provides a centralized wayfor applications and services to retrieve information stored in directories. Often, the information that is beingsought is configuration information stored in a NetInfo database or in flat files,...
Page 10 - Nodes
Figure 1-1 Flow of an Open Directory request RequestResponse Open Directory client DirectoryServices daemon Open Directory plug-ins The Open Directory programming interface identifies the basic features that are common to many directoryservices and provides the functions necessary to support the dev...
Page 11 - An Open Directory request over a network; The first part of the node name (; in this example) is the name of the plug-in that handles
Figure 1-2 An Open Directory request over a network Request Response Service-specific protocol over the Internet or intranet Open Directory client DirectoryService daemon Local System Remote System LDAP plug-in NetInfo plug-in public.example.com private.example.com Publications Engineering Marketing...
Page 12 - Search Policies and Search Nodes; authentication search node; contacts search node; network search node; locally hosted nodes; Record Types
Note: An Open Directory plug-in is not required to return information that conforms exactly to the information that the directory service maintains. A plug-in can generate information “on the fly.” In addition, a plug-inmay not return information about certain nodes; the plug-in's behavior in this r...
Page 14 - Standard Attribute Types; Description
Description Constant Standard record for storing quota usage for a user in thelocal node kDSStdRecordTypePrintServiceUser Standard record for storing bootp information kDSStdRecordTypeBootp Standard record for storing net domains kDSStdRecordTypeNetDomains Standard record for storing Ethernets kDSSt...
Page 15 - , and other service discovery records; Native Attribute Types
Description Constant Standard attribute for storing the port number at which a service isavailable; commonly found in kDSStdRecordTypeAFPServer , kDSStdRecordTypeFTPServer, kDSStdRecordTypeLDAPServer , kDSStdRecordTypeWebServer , and other service discovery records kDS1AttrPort Standard attribute fo...
Page 16 - Basic Authentication
■ Kerberos Version 5 authentication, which is used to authenticate users to Kerberos v5 systems. For moreinformation, see “Kerberos Version 5 Authentication” (page 19). ■ Disabled User authentication, which prevents any authentication from taking place. For more information,see “Disabled User Authen...
Page 18 - If the value of the authority data field is; Other valid hash types are
Local Windows Hash Authentication The Local Windows Hash authentication type was used on Mac OS X v10.2 in combination with Basicauthentication, but its use is superseded by Shadow Hash authentication in this version of Mac OS X. WithLocal Windows Hash authentication, hashes for NT and LAN Manager a...
Page 19 - Local Cached User Authentication; DS Nodename; Kerberos Version 5 Authentication; user
Local Cached User Authentication Local Cached User authentication is used for mobile home directories. The authority data field must bepresent. Its format is DS Nodename : DS Recordname : DS GUID where the colon ( : ) character delimits the three individual strings. All three strings are required. T...
Page 20 - Authentication Versus Authorization; authentication
Disabled User Authentication The Disabled User authentication is used to indicate that an account has been disabled. The complete previousauthentication attribute value is retained in the authority data field and is enclosed by left and right anglebrackets. If the authority data field is absent, Bas...
Page 21 - Directory Native Authentication; Directory Proxy; is responsible for opening local
Other directory services store authorization information outside of the service. By providing an interfacebetween clients of directory services and the directory services themselves, authorization information thatis stored outside of the directory service can be shared. For example, you could design...
Page 23 - NetInfo interaction when using SSH; , NetInfo, and Open Directory interaction when using SSH
Figure 1-3 lookupd and NetInfo interaction when using SSH tjones local.nidb SSH lookupd lookupd cache NetInfo agent 1. 2. RequestPositive response tjones DSAgent Negative response In Figure 1-3, the user’s record is located on the local system. Figure 1-4 shows what happens when the user’srecord is ...
Page 24 - Directory Service Command Line Utility
In this example, lookupd queries its local cache and NetInfo, and gets negative responses — “tjones” could not be found in either location. Now, lookupd tells its DSAgent to query Open Directory. Searching the local NetInfo database is the first step in every Open Directory search, so Open Directory...
Page 25 - Listing Registered Nodes; Working with Nodes
This chapter provides sample code that shows how to work with nodes. Finding a specific node, opening asession with the node, and authenticating a user to the node are fundamental Open Directory tasks. Listing Registered Nodes The sample code in Listing 2-1 demonstrates how to get a list of all regi...
Page 27 - Finding a Node
} // PrintNodeName Finding a Node The sample code in Listing 2-2 (page 27) demonstrates how to find the node for a specific pathname. The sample code opens an Open Directory session and gets an Open Directory reference. Then it calls its own FindNodes routine and passes to it the pathname for the no...
Page 28 - Opening and Closing a Node
dirStatus = dsFindDirNodes( gDirRef, dataBuffer, nodeName, eDSContains, &bufferCount, &context ); if ( dirStatus == eDSNoErr ){ for ( index = 1; index <= bufferCount; index++ ) { dirStatus = dsGetDirNodeName( gDirRef, dataBuffer, index, &nodeName ); if ( dirStatus == eDSNoErr ){ print...
Page 29 - function handles; for the node and; Authenticating a User to a Node
if ( dirStatus == eDSNoErr ){ dirStatus = MyOpenDirNode( &nodeRef );if ( dirStatus == eDSNoErr ){ dsCloseDirNode( nodeRef ); } }if ( gDirRef != NULL ){ dirStatus = dsCloseDirService( gDirRef ); } } long MyOpenDirNode ( tDirNodeReference *outNodeRef ){ long dirStatus = eDSNoErr;char nodeName[ 256...
Page 33 - Listing Records; “Opening and Closing a Node”; Working with Records
Using records is an essential part of using Open Directory. This chapter covers basic examples of how tointeract with records. Listing Records The sample code in Listing 3-1 (page 34) demonstrates how to list all records in a node. The sample code opens an Open Directory session and gets an Open Dir...
Page 34 - When the; routine returns, the sample code in Listing 3-1 calls; to close
When the GetRecordList routine returns, the sample code in Listing 3-1 calls dsCloseDirNode to close the node that it opened in order to get the record list. Listing 3-1 Listing records in a node void main ( ){ long dirStatus = eDSNoErr;tDirNodeReference nodeRef = NULL;dirStatus = dsOpenDirService( ...
Page 35 - Getting Information About a Record’s Attribute; The sample code in; routine and passes to it the address of the node reference (; The; routine is described in the section
dirStatus = dsGetRecordList( nodeRef, dataBuffer, &recNames, eDSExact, &recTypes, &attrTypes, false, &recCount, &context ); for ( i = 1; i <= recCount; i++ ){ dirStatus = dsGetRecordEntry( nodeRef, dataBuffer, i, &attrListRef, &pRecEntry ); for ( j = 1; j <= pRecEnt...
Page 37 - Setting the Name of a Record
if ( dirStatus == eDSNoErr ){ attrType = dsDataNodeAllocateString(gDirRef, kDS1AttrPrimaryGroupID ); if ( attrType != NULL ){ dirStatus = dsGetRecordAttributeInfo(recRef, attrType, &pAttrInfo ); if ( pAttrInfo != NULL ){ dirStatus = dsDeallocAttributeEntry( gDirRef, pAttrInfo ); pAttrInfo = NULL...
Page 39 - Creating a Record and Adding an Attribute
Note that for this example to work, it would have to be run by a root process on the local NetInfo domain,or by a user process that has called dsDoDirNodeAuth with the inDirNodeAuthOnlyFlag parameter set to FALSE to get permission to make this change. Creating a Record and Adding an Attribute The sa...
Page 40 - with the; parameter set; to get permission to make this change.
} }void CreateRecord ( const tDirNodeReference inDirNodeRef ){ long dirStatus = eDSNoErr;tDataNodePtr recName = NULL;tDataNodePtr recType = NULL;tDataNodePtr attrName = NULL;tDataNodePtr attrValue = NULL;tRecordReference recRef = NULL;recName = dsDataNodeAllocateString( gDirRef, "NewUserRecordNa...
Page 41 - Deleting a Record
Deleting a Record The sample code in Listing 3-5 demonstrates how to delete a record. The sample code opens an OpenDirectory session and gets an Open Directory reference. Then it calls its MyOpenDirNode routine and passes to it the address of the node reference ( nodeRef ) that it has allocated. The...
Page 43 - Notes; Fixed code listing in Working With Records.; Document Revision History
This table describes the changes to Open Directory Programming Guide . Notes Date Fixed code listing in Working With Records. 2007-01-08 Moved reference documentation to become a separate document. 2006-04-04 Updated for Mac OS X v10.4. Changed "Rendezvous" to "Bonjour." Changed titl...
