Home Forums OS X Server and Client Discussion Open Directory Third-party LDAP and UUIDs

Viewing 1 post (of 1 total)
  • Author
    Posts
  • April 28, 2009 at 2:28 pm #376074
    dblezard
    Participant

    I’m hoping that someone who has delved deeper into the guts of Open Directory can help out with this.

    The setup:
    Mac OS X Server 10.5.6
    Golden-triangle Open Directory configuration where the third-party is OpenLDAP running on Linux
    Open LDAP provides user accounts only. They contain cn, uid, First Name, Last Name, uidNumber, shell, e-mail address, etc. These are all mapped to the appropriate attributes using Directory Utility. The LDAP directory is part of the Authentication and Contacts search paths.
    Authentication for these remote users works fine. I can login. I can put them in groups. Everything is basically happy. Except….

    UUID values.

    Why do I care? Because I’m trying to setup Podcast Producer and it uses UUID values to resolve user information (short name, e-mail address, etc).

    With a user that is stored in the Open Directory on the server, that user gets a GeneratedUID value. This is the UUID for that user.

    For users in the LDAP directory, there is no GeneratedUID. Open Directory generates a UUID value for those users from the uidNumber. For example, I’m user number 1138. That becomes UUID “FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000472”. (1138 decimal equals 00000472 hex.) That’s what’s reported by “dsmemberutil”:

    [code]
    $ dsmemberutil getuuid -u 1138
    FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000472
    [/code]

    The problem is that Open Directory doesn’t seem to be able to go the other way around. Both when workflows in Podcast Producer setup and when I try to do things form the command line, there doesn’t seem to be a way to lookup a record by this concocted UUID value. For example, while I can use dscl to search for a record in the local Open Directory just fine:

    [code]
    $ dscl /LDAPv3/127.0.0.1 -search /Users GeneratedUID BDD52E2C-8802-41DC-AA50-451DB204016D
    localuser GeneratedUID = (
    “BDD52E2C-8802-41DC-AA50-451DB204016D”
    )
    [/code]

    Trying to do the same thing in the remote LDAP directory doesn’t work:

    [code]
    $ dscl /LDAPv3/ldap.unh.edu -search /Users GeneratedUID FFFEEEE-DDDD-CCCC-BBBB-AAAA00000472
    search: DS error: eDSNullParameter
    DS Error: -14200 (eDSNullParameter)
    [/code]

    That kind of make sense since there really isn’t a GeneratedUID value in the directory to search on, but something else must kind of, sort of be there somehow.

    Also, while dsmemberutil is happy to return me the UUID if I have the username or numeric ID of a user, it doesn’t seem to go the other way around.

    Does anyone have any insight here as to how to work around this issue and make these lookups work in both directions?

  • Author
    Posts
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.