(Objective-c/Mac OSX)如何在Mac OSX上将托管AD用户(AD用户创建移动卡)与本地用户区分开 [英] (Objective-c/Mac OSX) How to distinguish managed AD users (AD user create mobile card) from local users on Mac OSX

查看:95
本文介绍了(Objective-c/Mac OSX)如何在Mac OSX上将托管AD用户(AD用户创建移动卡)与本地用户区分开的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

< \ RESOLVED>,请参阅第一个答复

我的mac(10.9)已加入AD域.在我的程序中,我试图识别当前登录用户是本地帐户还是AD用户.通过使用以下代码,我可以成功地区分它们.

My mac(10.9) has joined into a AD domain. In my program, I tried to recognize whether the current login user is local account or AD user. I can successfully distinguish them by using the following code.

+ (bool)isLocalUser:(NSString*)user
{
    NSError *dirSearchError = nil;
    ODRecord *foundUser = findUser(user, &dirSearchError);
    if(foundUser !=nil)
    {
        return YES;
    }else
    {
        return NO;
    }
}

ODRecord *findUser(NSString *user, NSError **error)

{
    NSLog(@"[MacLogonUI] findUser");
    ODNode *searchNode = [ODNode nodeWithSession: [ODSession defaultSession]
                                        type: kODNodeTypeLocalNodes
                                       error: error];

    if (searchNode == nil) {
        return nil;
    }

    NSDictionary *nodeInfo = [searchNode nodeDetailsForKeys:nil error:error];

    /* query this node for the user record we're interested in.
     * We only need one result, which is why maximumResults is set to 1.
     */
    ODQuery *userSearch = [ODQuery queryWithNode: searchNode
                              forRecordTypes: kODRecordTypeUsers
                                   attribute: kODAttributeTypeRecordName
                                   matchType: kODMatchEqualTo
                                 queryValues: user
                            returnAttributes: kODAttributeTypeStandardOnly
                              maximumResults: 1
                                       error: error];

    if (userSearch == nil) {
        return nil;
    }

    /* For this example we'll use a synchronous search. This could take a while
     * so asynchronous searching is preferable.
     */

    NSArray *foundRecords = [userSearch resultsAllowingPartial: NO error: error];

    if (foundRecords == nil || [foundRecords count] == 0) {
        return nil;
    }

    ODRecord *userRecord = [foundRecords objectAtIndex: 0];
   return [[userRecord retain] autorelease];
}

当AD用户创建移动卡时,它被视为托管用户(从系统"偏好设置->用户和组"中).该代码还将此类AD用户识别为本地用户.如何处理这种情况?

While when the AD user create a mobile card, it is viewed as a managed user(from the System preference -> Users & Groups). The code also recognize this kind of AD user as local. How to deal with this kind of situation?

你们对这个问题有任何想法吗?

Do you guys have any idea of this problem?

推荐答案

我自己解决了这个问题.希望以下代码有帮助: 

#import "DasUser.h"
#import <OpenDirectory/OpenDirectory.h>
#import <Collaboration/Collaboration.h>

@implementation DasUser


+ (bool)isLocalUser:(NSString*)user
{
    NSError *dirSearchError = nil;
    ODRecord *foundUser = findUser(user, &dirSearchError);
    if(foundUser !=nil)
    {
        return YES;
    }else
    {
        return NO;
    }
}

ODRecord *findUser(NSString *user, NSError **error)

{
    NSLog(@"[MacLogonUI] findUser");

    CSIdentityAuthorityRef defaultAuthority = CSGetManagedIdentityAuthority();
    CSIdentityClass identityClass = kCSIdentityClassUser;

    CSIdentityQueryRef query = CSIdentityQueryCreate(NULL, identityClass,                defaultAuthority);

    CFErrorRef err = NULL;
    CSIdentityQueryExecute(query, 0, &err);

    CFArrayRef results = CSIdentityQueryCopyResults(query);

    int numResults = CFArrayGetCount(results);

    NSMutableArray * managedUsers = [NSMutableArray array];
    for (int i = 0; i < numResults; ++i) {
        CSIdentityRef identity = (CSIdentityRef)CFArrayGetValueAtIndex(results, i);
        CBIdentity * identityObject = [CBIdentity identityWithCSIdentity:identity];
        NSString* posixName = [identityObject posixName];
        [managedUsers addObject:posixName];
    }

    CFRelease(results);
    CFRelease(query);

    ODNode *searchNode = [ODNode nodeWithSession: [ODSession defaultSession]
                                        type: kODNodeTypeLocalNodes
                                       error: error];

    if (searchNode == nil) {
        return nil;
    }

    /* query this node for the user record we're interested in.
     * We only need one result, which is why maximumResults is set to 1.
     */
    ODQuery *userSearch = [ODQuery queryWithNode: searchNode
                              forRecordTypes: kODRecordTypeUsers
                                   attribute: kODAttributeTypeRecordName
                                   matchType: kODMatchEqualTo
                                 queryValues: user
                            returnAttributes: kODAttributeTypeStandardOnly
                              maximumResults: 1
                                       error: error];

    if (userSearch == nil) {
        return nil;
    }

    /* For this example we'll use a synchronous search. This could take a while
     * so asynchronous searching is preferable.
     */

    NSArray *foundRecords = [userSearch resultsAllowingPartial: NO error: error];

    if([foundRecords count]>0)
    {
        NSString *nameStr = [foundRecords[0] recordName];

        NSLog(@"[MacLogonUI] findUser nameStr %@", nameStr);

        int j;
        for( j = 0; j<[managedUsers count]; j++)
        {
            if([nameStr isEqualToString:managedUsers[j]])
            {
                break;
            }
        }

        if(j<[managedUsers count])
        {
            foundRecords = nil;
        }
    }

    if (foundRecords == nil || [foundRecords count] == 0) {
        return nil;
    }

    ODRecord *userRecord = [foundRecords objectAtIndex: 0];
    return [[userRecord retain] autorelease];
}    

@end

当mac的网络断开连接时.无法列出受管理的用户.有没有人对此有任何想法?

这篇关于(Objective-c/Mac OSX)如何在Mac OSX上将托管AD用户(AD用户创建移动卡)与本地用户区分开的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
移动开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆