Apple Mac Server OS X Bedienungsanleitung

Open Directory Programming GuideNetworking > Mac OS X Server2007-01-08

Figure 1-1 Flow of an Open Directory requestRequestResponseOpen Directory clientDirectoryServices daemonOpen Directory plug-insThe Open Directory prog

Figure 1-2 An Open Directory request over a networkRequestResponseService-specific protocolover the Internet or intranetOpen Directory clientDirectory

Note:An Open Directory plug-in is not required to return information that conforms exactly to the informationthat the directory service maintains. A p

Table 1-1 Standard record typesDescriptionConstantStandard record for describing userskDSStdRecordTypeUsersStandard record for describing groupskDSStd

DescriptionConstantStandard record for storing quota usage for a user in thelocal nodekDSStdRecordTypePrintServiceUserStandard record for storing boot

DescriptionConstantStandard attribute for storing the port number at which a service isavailable; commonly found in kDSStdRecordTypeAFPServer,kDSStdRe

Kerberos Version 5 authentication, which is used to authenticate users to Kerberos v5 systems. For moreinformation, see “Kerberos Version 5 Authent

an appropriate network-based authentication method, such as CRAM-MD5, APOP, NT, LAN Manager, DHX,or Web-DAV Digest. Note that the Password Server’s ad

Local Windows Hash AuthenticationThe Local Windows Hash authentication type was used on Mac OS X v10.2 in combination with Basicauthentication, but it

Local Cached User AuthenticationLocal Cached User authentication is used for mobile home directories. The authority data field must bepresent. Its for

Apple Inc.© 2007 Apple Inc.All rights reserved.No part of this publication may be reproduced,stored in a retrieval system, or transmitted, inany form

Disabled User AuthenticationThe Disabled User authentication is used to indicate that an account has been disabled. The complete previousauthenticatio

Other directory services store authorization information outside of the service. By providing an interfacebetween clients of directory services and th

Directory function that requires such a reference. Once a remote Open Directory session is successfullyopened, Open Directory automatically sends all

Figure 1-3 lookupd and NetInfo interaction when using SSHtjoneslocal.nidbSSHlookupdlookupdcacheNetInfoagent1. 2.RequestPositive responsetjonesDSAgentN

In this example, lookupd queries its local cache and NetInfo, and gets negative responses — “tjones” couldnot be found in either location. Now, lookup

This chapter provides sample code that shows how to work with nodes. Finding a specific node, opening asession with the node, and authenticating a use

tContextData context = NULL;dirStatus = dsGetDirNodeCount( gDirRef, &nodeCount );printf( "Registered node count is: %lu\n", nodeCount );

} // PrintNodeNameFinding a NodeThe sample code in Listing 2-2 (page 27) demonstrates how to find the node for a specific pathname. Thesample code ope

dirStatus = dsFindDirNodes( gDirRef, dataBuffer, nodeName,eDSContains, &bufferCount, &context );if ( dirStatus == eDSNoErr ){for ( index = 1;

if ( dirStatus == eDSNoErr ){dirStatus = MyOpenDirNode( &nodeRef );if ( dirStatus == eDSNoErr ){dsCloseDirNode( nodeRef );}}if ( gDirRef != NULL )

ContentsIntroductionIntroduction 7Organization of This Document 7See Also 7Chapter 1Concepts 9Open Directory Overview 9Nodes 10Search Policies and Sea

If the authentication methods that an authentication authority implements are known, the authenticationauthority may be used to deduce those authentic

::memcpy(&(anAuthDataBuf->fBufferData[aCurLength]), &aTempLength,sizeof(long));aCurLength += sizeof(long);::memcpy(&(anAuthDataBuf->

32Authenticating a User to a Node2007-01-08 | © 2007 Apple Inc. All Rights Reserved.CHAPTER 2Working with Nodes

Using records is an essential part of using Open Directory. This chapter covers basic examples of how tointeract with records.Listing RecordsThe sampl

When the GetRecordList routine returns, the sample code in Listing 3-1 calls dsCloseDirNode to closethe node that it opened in order to get the record

dirStatus = dsGetRecordList( nodeRef, dataBuffer, &recNames,eDSExact, &recTypes, &attrTypes, false, &recCount, &context );for ( i

The sample code then calls its GetRecInfo routine and passes to it the node reference (nodeRef) obtainedby calling its MyOpenDirNode routine.The GetRe

if ( dirStatus == eDSNoErr ){attrType = dsDataNodeAllocateString(gDirRef,kDS1AttrPrimaryGroupID );if ( attrType != NULL ){dirStatus = dsGetRecordAttri

Listing 3-3 Setting the name of a recordvoid main ( ){long dirStatus = eDSNoErr;tDirNodeReference nodeRef = NULL;dirStatus = dsOpenDirService( &gD

Note that for this example to work, it would have to be run by a root process on the local NetInfo domain,or by a user process that has called dsDoDir

42007-01-08 | © 2007 Apple Inc. All Rights Reserved.CONTENTS

}}void CreateRecord ( const tDirNodeReference inDirNodeRef ){long dirStatus = eDSNoErr;tDataNodePtr recName = NULL;tDataNodePtr recType = NULL;tDataNo

Deleting a RecordThe sample code in Listing 3-5 demonstrates how to delete a record. The sample code opens an OpenDirectory session and gets an Open D

dirStatus = dsOpenRecord( nodeRef, recType, recName, &recRef );if ( dirStatus == eDSNoErr ){dirStatus = dsDeleteRecord( recRef );if (dirStatus !=

This table describes the changes to Open Directory Programming Guide.NotesDateFixed code listing in Working With Records.2007-01-08Moved reference doc

442007-01-08 | © 2007 Apple Inc. All Rights Reserved.REVISION HISTORYDocument Revision History

Figures, Tables, and ListingsChapter 1Concepts 9Figure 1-1 Flow of an Open Directory request 10Figure 1-2 An Open Directory request over a network 11F

62007-01-08 | © 2007 Apple Inc. All Rights Reserved.FIGURES, TABLES, AND LISTINGS

This manual describes the Open Directory application programming interface for Mac OS X v10.4. OpenDirectory is a directory service architecture whose

8See Also2007-01-08 | © 2007 Apple Inc. All Rights Reserved.INTRODUCTIONIntroduction

Open Directory is a directory service architecture whose programming interface provides a centralized wayfor applications and services to retrieve inf