2 Replies
      Latest reply: Jan 17, 2017 3:12 PM by packagesdev RSS
      packagesdev Level 1 Level 1 (10 points)

        Not sure this is the appropriate forum but I haven't seen a better one.

         

        Problem:

         

        The Identity Services Programming Guide details how to retrieve asynchronously identities:

         

        https://developer.apple.com/library/content/documentation/Networking/Conceptual/IdentityServices_ProgGuide/monitoring/monitoring.html#//apple_ref/doc/uid/TP40004490-CH6-SW1

         

        This works fine.

         

        The final chapter of the document also explains how to continually monitor identities asynchronously: you just need not to call CSIdentityQueryStop() and not release the query.

         

        As ar as I can tell, this does not work:

         

        - creating a new user account via the System Preferences "Users & Groups" pane does not trigger a kCSIdentityQueryEventResultsAdded or kCSIdentityQueryEventResultsChanged event.

        - removing a user account via the System Preferences "Users & Groups" pane does not trigger a kCSIdentityQueryEventResultsRemoved or kCSIdentityQueryEventResultsChanged event.

         

        Tested on OS X 10.7 and macOS 10.2.2. My project code is a copy and paste of the code from the documentation. I've just changed the query to look for every single user account (including the hidden ones).

         

        Question:

         

        Is this supposed to work as described in the official documentation? Is there somewhere an Apple sample project that show how to make this monitoring work?

        • Re: Asynchroneous Identity queries do not work as advertised?
          eskimo Apple Staff Apple Staff (5,995 points)

          Not sure this is the appropriate forum but I haven't seen a better one.

          Agreed.  And you chose wisely given that Identity Services is super obscure and I’m one of the few people familiar with it (-:

          The last time anyone asked me about Identity Services, it was pretty much this question.  I dug into it and came to a soft conclusion [1] that the local identity authority does not generate update events )-:

          The Apple code that I looked at as part of that investigation uses the various notifications in <notify_keys.h> to determine when to refresh it’s view of the user list.

          ps If I were in your shoes I’d skip Identity Services and go straight to Open Directory, and specifically the Objective-C API in the Open Directory framework.  Identity Services (and the related Objective-C API, Collaboration Services) is just a thin wrapper around OD.  It was cool back in the day, when OD had the most horrible API you’ve ever seen [2], but these days OD has a nice, high-level API, which pretty much obviates the need for Identity Services.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

          [1] I couldn’t get it to work.  I looked at the implementation and, AFAICT, it couldn’t possibly work.  I never got a definitive answer from the engineer who owns this code as to what’s what.

          [2] If you want to be scared, look at Directory Services framework!

            • Re: Asynchroneous Identity queries do not work as advertised?
              packagesdev Level 1 Level 1 (10 points)

              Thanks for the answer.

               

              I will have a look at the OD framework as the APIs seems to be available on 10.8 and later.

               

              I 've been using the Directory Services framework so far because I needed to support OS X 10.5. As long as I can stop using it, I'm happy.

               

              I suppose it is worth to file a bug report regarding the Identity Services documentation to request that the documentation mentions it does not work as advertised when it comes to monitoring.