Use system-defined OD search policy to find users #1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Querying /Local/Default only finds local users
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Open Directory is configured with a Search Policy on OD clients (configured in Directory Utility.app). The search policy is a list of directories to search in order, which normally includes the local directory /Local/Default, but may also include Open Directory servers and Active Directory servers. The search policy is used by the system when authenticating and looking up users, groups, etc.
Querying /Local/Default only finds local users, so if I'm logged in to Mac OS using a network account from Active Directory, for example, my user won't be found. This leads to a crash in get_shell_env() when the shell returned from get_user_login_shell() is None.
Querying /Search seems to fix this as it instructs the OD client to search using the search policy for users, so it finds both local user accounts and network accounts.