(Objective

本文介绍了(Objective-c/Mac OSX)如何在Mac OSX上将托管AD用户(AD用户创建移动卡)与本地用户区分开的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

< \ RESOLVED>，请参阅第一个答复

我的mac(10.9)已加入AD域.在我的程序中，我试图识别当前登录用户是本地帐户还是AD用户.通过使用以下代码，我可以成功地区分它们.

My mac(10.9) has joined into a AD domain. In my program, I tried to recognize whether the current login user is local account or AD user. I can successfully distinguish them by using the following code.

+ (bool)isLocalUser:(NSString*)user { NSError *dirSearchError = nil; ODRecord *foundUser = findUser(user, &dirSearchError); if(foundUser !=nil) { return YES; }else { return NO; } } ODRecord *findUser(NSString *user, NSError **error) { NSLog(@"[MacLogonUI] findUser"); ODNode *searchNode = [ODNode nodeWithSession: [ODSession defaultSession] type: kODNodeTypeLocalNodes error: error]; if (searchNode == nil) { return nil; } NSDictionary *nodeInfo = [searchNode nodeDetailsForKeys:nil error:error]; /* query this node for the user record we're interested in. * We only need one result, which is why maximumResults is set to 1. */ ODQuery *userSearch = [ODQuery queryWithNode: searchNode forRecordTypes: kODRecordTypeUsers attribute: kODAttributeTypeRecordName matchType: kODMatchEqualTo queryValues: user returnAttributes: kODAttributeTypeStandardOnly maximumResults: 1 error: error]; if (userSearch == nil) { return nil; } /* For this example we'll use a synchronous search. This could take a while * so asynchronous searching is preferable. */ NSArray *foundRecords = [userSearch resultsAllowingPartial: NO error: error]; if (foundRecords == nil || [foundRecords count] == 0) { return nil; } ODRecord *userRecord = [foundRecords objectAtIndex: 0]; return [[userRecord retain] autorelease]; }

当AD用户创建移动卡时，它被视为托管用户(从系统"偏好设置->用户和组"中).该代码还将此类AD用户识别为本地用户.如何处理这种情况?

While when the AD user create a mobile card, it is viewed as a managed user(from the System preference -> Users & Groups). The code also recognize this kind of AD user as local. How to deal with this kind of situation?

你们对这个问题有任何想法吗?

Do you guys have any idea of this problem?

推荐答案

我自己解决了这个问题.希望以下代码有帮助:

#import "DasUser.h" #import <OpenDirectory/OpenDirectory.h> #import <Collaboration/Collaboration.h> @implementation DasUser + (bool)isLocalUser:(NSString*)user { NSError *dirSearchError = nil; ODRecord *foundUser = findUser(user, &dirSearchError); if(foundUser !=nil) { return YES; }else { return NO; } } ODRecord *findUser(NSString *user, NSError **error) { NSLog(@"[MacLogonUI] findUser"); CSIdentityAuthorityRef defaultAuthority = CSGetManagedIdentityAuthority(); CSIdentityClass identityClass = kCSIdentityClassUser; CSIdentityQueryRef query = CSIdentityQueryCreate(NULL, identityClass, defaultAuthority); CFErrorRef err = NULL; CSIdentityQueryExecute(query, 0, &err); CFArrayRef results = CSIdentityQueryCopyResults(query); int numResults = CFArrayGetCount(results); NSMutableArray * managedUsers = [NSMutableArray array]; for (int i = 0; i < numResults; ++i) { CSIdentityRef identity = (CSIdentityRef)CFArrayGetValueAtIndex(results, i); CBIdentity * identityObject = [CBIdentity identityWithCSIdentity:identity]; NSString* posixName = [identityObject posixName]; [managedUsers addObject:posixName]; } CFRelease(results); CFRelease(query); ODNode *searchNode = [ODNode nodeWithSession: [ODSession defaultSession] type: kODNodeTypeLocalNodes error: error]; if (searchNode == nil) { return nil; } /* query this node for the user record we're interested in. * We only need one result, which is why maximumResults is set to 1. */ ODQuery *userSearch = [ODQuery queryWithNode: searchNode forRecordTypes: kODRecordTypeUsers attribute: kODAttributeTypeRecordName matchType: kODMatchEqualTo queryValues: user returnAttributes: kODAttributeTypeStandardOnly maximumResults: 1 error: error]; if (userSearch == nil) { return nil; } /* For this example we'll use a synchronous search. This could take a while * so asynchronous searching is preferable. */ NSArray *foundRecords = [userSearch resultsAllowingPartial: NO error: error]; if([foundRecords count]>0) { NSString *nameStr = [foundRecords[0] recordName]; NSLog(@"[MacLogonUI] findUser nameStr %@", nameStr); int j; for( j = 0; j<[managedUsers count]; j++) { if([nameStr isEqualToString:managedUsers[j]]) { break; } } if(j<[managedUsers count]) { foundRecords = nil; } } if (foundRecords == nil || [foundRecords count] == 0) { return nil; } ODRecord *userRecord = [foundRecords objectAtIndex: 0]; return [[userRecord retain] autorelease]; } @end

当mac的网络断开连接时.无法列出受管理的用户.有没有人对此有任何想法?