For our application, we need to check whether a logged in user belongs to an active directory group or not. We use CBIdentityAuthority to check whether user belongs to domain but in one of the cases of open internet, it is occuring that CBIdentityAuthority is not able to fetch AD details.
managedIdentityAuthority authorities is not identifying the AD user record respectively. Instead, the record is found under localIdentityAuthority.
dscl utility on the terminal seems to be working fine though.
Could this be due to cache issue or the AD service being not reachable?
What could be another approach to find if an user belongs to AD?