Post

Replies

Boosts

Views

Activity

determine if an account is a mobile account or Active directory account or local user account (non-mobile)
Is there a way to figure out from code if a user account is actually a mobile account or active directory account or local user account (non-mobile) on Mojave?Through following code i can distinguish between local user and AD user via attribute // 'dsAttrTypeStandard:AppleMetaNodeLocation': '/Local/Default' for Local user // 'dsAttrTypeStandard:AppleMetaNodeLocation': '/Active Directory/ABCD/abcd.in' for Domain userfunc checkForLocalUser(name: String) -> Bool { var records = [ODRecord]() let odsession = ODSession.default() do { let node = try ODNode.init(session: odsession, type: ODNodeType(kODNodeTypeAuthentication)) let query = try ODQuery.init(node: node, forRecordTypes: kODRecordTypeUsers, attribute: kODAttributeTypeRecordName, matchType: ODMatchType(kODMatchEqualTo), queryValues: name, returnAttributes: kODAttributeTypeAllAttributes, maximumResults: 0) records = try query.resultsAllowingPartial(false) as! [ODRecord] } catch { let errorText = error.localizedDescription return false } let isLocal = records.isEmpty ? false : true return isLocal}Not sure this is the correct way to achieve this. Also, I am not able to figure out whether the user is a mobile account user or not?Please help.
2
0
1.3k
Nov ’19
Determine if Active Directory user is admin or not
How to determine whether an Active Directory user is admin or not via code in swift ?Currently i am doing it this way which doesnot look correct. Please suggest a better approach. let session = ODSession() let node = try ODNode(session: session, type: ODNodeType(kODNodeTypeAuthentication)) let query = try ODQuery( node: node, forRecordTypes: kODRecordTypeUsers, attribute: nil, matchType: ODMatchType(kODMatchAny), queryValues: nil, returnAttributes: [ kODAttributeTypeRecordName, kODAttributeTypeEMailAddress ], maximumResults: 0 ) let records = try query.resultsAllowingPartial(false) as! [ODRecord] for record in records { let currRecordName = record.recordName if(currRecordName == username) { // 'dsAttrTypeStandard:AppleMetaNodeLocation': '/Local/Default' for Local user // 'dsAttrTypeStandard:AppleMetaNodeLocation': '/Active Directory/ABCD/abcd.in' for Domain user let localOrDomainUser = try? record.values(forAttribute: "dsAttrTypeStandard:AppleMetaNodeLocation"); let localOrDomainUserString = localOrDomainUser?[0] as! String if(localOrDomainUserString == "/Local/Default") { continue // Skip local user.. this is the case when we have both local and domain user with same name, but user has created a local user in the name "domainname\username" } let groupsAny = try? record.values(forAttribute: "memberOf"); let groups = groupsAny as? [String]; for currGroup in groups ?? [] { /* --- CN=Group Policy Creator Owners,CN=Users,DC=abcd,DC=ad,DC=def,DC=com --- CN=Domain Admins,CN=Users,DC=abcd,DC=ad,DC=def,DC=com --- CN=Enterprise Admins,CN=Users,DC=abcd,DC=ad,DC=def,DC=com --- CN=Schema Admins,CN=Users,DC=abcd,DC=ad,DC=def,DC=com --- CN=Administrators,CN=Builtin,DC=abcd,DC=ad,DC=def,DC=com */ var dnNames = currGroup.components(separatedBy: ",") // CN=Domain Admins if(dnNames.count > 0) { var groupNames = dnNames[0].components(separatedBy: "=") // Domain Admins let group = groupNames[1] if(group == "Domain Admins" || group == "Enterprise Admins" || group == "Schema Admins" || group == "DnsAdmins" || group == "Administrators") { return true } } } break } }
4
1
1.4k
Nov ’19
If we change the admin user to non-admin from the active directory, then how this change will be reflected in the mobile account
<body><p>I have a user in Active Directory named "alice" who is a Domain Admin. This AD is bound to mac machine.<br />I have logged in successfully with this user into my MAC machine and a mobile account has been created.<br />Now, from the Active Directory, if i make the user "alice" as non-admin, then how will this change get reflected in the mobile account?<br />Is there a way to sync between mobile account and Active Directory ?<br />What I see is that password change is getting synced with AD but not this change.<br />Please help<br /><br /><br /><br /></p> <p></p></body>
0
0
305
Nov ’19
Draw a Label like Sleep, restart, shutdown option in loginwindow of macos
I need to Draw a Label like Sleep, restart, shutdown option in loginwindow of macos, so that it will appear correctly on all 3 OS versions High Sierra, Mojave and Catalina.I need to do this in objective c dynamically at runtime for NSTextFieldPlease suggest some solution.I need to show a label on loginwindow of mac, I am able to manipulate that window using SFAuthorizationPluginView.
0
0
393
Jan ’20
SFAuthorizationPluginView | Catalina 10.15.2 |web Service not working on screensaver/Lock
Hi ,I am currenlty using sfauthorizationpluginview. The result is always nil for the URLData on calling the webservice on ScreenSaver or Lock Screen while the same code is working fine on accessing the login window .The issue is only lying with catalina. tested mojvae it was working fine.Code i am using :let session = URLSession.shared let ds = DispatchSemaphore( value: 0 ) let task = session.dataTask(with: theRequest, completionHandler: { data, response, error -> Void in AppLogger.writeLog(toFile: "Url Data from Task: \(String(describing: data))", with:Debug) if(data != nil) { let httpResponse = response as! HTTPURLResponse statusCode = httpResponse.statusCode if let urlData = data { responseData = String(data: urlData, encoding: .utf8) ?? "" } if(responseData.isEmpty) { AppLogger.writeLog(toFile: "Response data is empty.", with:Error) } } else { statusCode = 408 } // do my thing..., then unblock main thread ds.signal() }) task.resume() // block thread until semaphore is signaled ds.wait()same is happening on using the NSURLConnection.sendSynchronousRequest()
0
0
441
Jan ’20