Asynchroneous Identity queries do not work as advertised?

Not sure this is the appropriate forum but I haven't seen a better one.


Problem:


The Identity Services Programming Guide details how to retrieve asynchronously identities:


https://developer.apple.com/library/content/documentation/Networking/Conceptual/IdentityServices_ProgGuide/monitoring/monitoring.html#//apple_ref/doc/uid/TP40004490-CH6-SW1


This works fine.


The final chapter of the document also explains how to continually monitor identities asynchronously: you just need not to call CSIdentityQueryStop() and not release the query.


As ar as I can tell, this does not work:


- creating a new user account via the System Preferences "Users & Groups" pane does not trigger a kCSIdentityQueryEventResultsAdded or kCSIdentityQueryEventResultsChanged event.

- removing a user account via the System Preferences "Users & Groups" pane does not trigger a kCSIdentityQueryEventResultsRemoved or kCSIdentityQueryEventResultsChanged event.


Tested on OS X 10.7 and macOS 10.2.2. My project code is a copy and paste of the code from the documentation. I've just changed the query to look for every single user account (including the hidden ones).


Question:


Is this supposed to work as described in the official documentation? Is there somewhere an Apple sample project that show how to make this monitoring work?

Up vote post of packagesdev Down vote post of packagesdev
416 views
Posted by
packagesdev
Reply
Add a Comment

Accepted Reply

Not sure this is the appropriate forum but I haven't seen a better one.

Agreed. And you chose wisely given that Identity Services is super obscure and I’m one of the few people familiar with it (-:

The last time anyone asked me about Identity Services, it was pretty much this question. I dug into it and came to a soft conclusion [1] that the local identity authority does not generate update events )-:

The Apple code that I looked at as part of that investigation uses the various notifications in 

<notify_keys.h>
to determine when to refresh it’s view of the user list.

ps If I were in your shoes I’d skip Identity Services and go straight to Open Directory, and specifically the Objective-C API in the Open Directory framework. Identity Services (and the related Objective-C API, Collaboration Services) is just a thin wrapper around OD. It was cool back in the day, when OD had the most horrible API you’ve ever seen [2], but these days OD has a nice, high-level API, which pretty much obviates the need for Identity Services.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"

[1] I couldn’t get it to work. I looked at the implementation and, AFAICT, it couldn’t possibly work. I never got a definitive answer from the engineer who owns this code as to what’s what.

[2] If you want to be scared, look at Directory Services framework!

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Replies

Not sure this is the appropriate forum but I haven't seen a better one.

Agreed. And you chose wisely given that Identity Services is super obscure and I’m one of the few people familiar with it (-:

The last time anyone asked me about Identity Services, it was pretty much this question. I dug into it and came to a soft conclusion [1] that the local identity authority does not generate update events )-:

The Apple code that I looked at as part of that investigation uses the various notifications in 

<notify_keys.h>
to determine when to refresh it’s view of the user list.

ps If I were in your shoes I’d skip Identity Services and go straight to Open Directory, and specifically the Objective-C API in the Open Directory framework. Identity Services (and the related Objective-C API, Collaboration Services) is just a thin wrapper around OD. It was cool back in the day, when OD had the most horrible API you’ve ever seen [2], but these days OD has a nice, high-level API, which pretty much obviates the need for Identity Services.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"

[1] I couldn’t get it to work. I looked at the implementation and, AFAICT, it couldn’t possibly work. I never got a definitive answer from the engineer who owns this code as to what’s what.

[2] If you want to be scared, look at Directory Services framework!

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Thanks for the answer.


I will have a look at the OD framework as the APIs seems to be available on 10.8 and later.


I 've been using the Directory Services framework so far because I needed to support OS X 10.5. As long as I can stop using it, I'm happy.


I suppose it is worth to file a bug report regarding the Identity Services documentation to request that the documentation mentions it does not work as advertised when it comes to monitoring.

Posted by
packagesdev
Up vote reply of packagesdev Down vote reply of packagesdev
Add a Comment