Cocoa Directory Services Wrapper

Dirservices Sample

Mac OS X uses the Directory Service for user authentication and more. The service can be configured to communicate with an Active Directory installation or a LDAP installation to get user information.

There is also a framework to get access to the functionality of this service. So far so good. Unfortunately this framework is a very very very low level framework and for whatever reason it has some very strange naming conventions for functions and data structures.

Searchlight authenticates a user through a Ruby on Rails application to give the user the correct Spotlight results. So I needed the help of Directory Services which cost me a lot of time.

That’s one of the problems when you have to deal with a not so hype framework. It does not have as much documentation, sample code, tutorials like those cool image, animation, … stuff.

The Cocoa Directory Services Wrapper is the result of my adventures in Directory Service land. The wrapper consists of two Cocoa classes that make life easier when you want to do one of the following:

  1. get access to a value in a specific node of Directory Services
  2. authenticate a user by username and password
  3. get basic information (real name, admin y/n, uid, …) about an user
  4. find out if a given user is allowed to access a specific file

It’s as easy as…

User* user = [User userWithUsername: username password: password];
// or User* user = [User userWithUsername: username];
NSString* realName = [user realName];
BOOL admin = [user admin];

The wrapper provides a way to find out if a given user (not the one that has started the current process) is allowed to access a specific file. I have searched for days for a unix function but the only thing I found was changing the effective user id of the process. This is a bit of a problem in the case of web application and parallel users on the same process.

So I came up with my own solution which simply checks the access rights for each element in the directory path of a given file. It does not support ACLs right now.

BOOL accessAllowed = [user accessAllowedToFile: @"/Users/martin/somefile.txt"];

Is there really no easier way to do that on Unix? Have I missed something here? If you know of an easier way I would appreciate any hint.

You can download the source code of the wrapper classes and an example project from the source code page.

Comments are closed.