Hello,
I am running into a strange issue with the ODQueryCreateWithNode() call on an account that has Mobile Login switched on a Mac OS Big Sur system.
AFAIK, the issue does not occur on Mac OS Catalina or below.
Somehow, OD/DS are reporting more than 1 Primary Group for the account.
The setup is,
Mac OS Big Sur.
Machine bound to AD Server.
Mobile Login checkbox checked in Directory Services.
The tool queries via ODQueryCreateWithNode() call passing in the given uid_t and next on its results, it iterates and ask for items with Attribute kODAttributeTypePrimaryGroupID via the ODRecordCopyValues() call for each item.
Strangely, the result is more than 1 unique Primary Group being reported among the results of ODQueryCreateWithNode call.
The tool reports:
user belongs to primary Group: 20
user belongs to primary Group: 110233109
Also, the id command when run from Terminal on the same system reports,
>id -gn
staff
> id
uid=110233109 gid=20(staff) .....
The tool links OpenDirectory Framework and Directory Services Framework.
#import <OpenDirectory/OpenDirectory.h>
#import <DirectoryService/DirectoryService.h>
QUESTION
As per the internet, a user can belong to ONLY 1 primary group.
Even if this is theoretically possible, why is the code reporting the issue only on Big Sur ?
Also, if there are multiple values reported for Primary group, which is the value that should take effect ? Is it the first reported value in the Array of results ?
Regards,
Vikram.
I am running into a strange issue with the ODQueryCreateWithNode() call on an account that has Mobile Login switched on a Mac OS Big Sur system.
AFAIK, the issue does not occur on Mac OS Catalina or below.
Somehow, OD/DS are reporting more than 1 Primary Group for the account.
The setup is,
Mac OS Big Sur.
Machine bound to AD Server.
Mobile Login checkbox checked in Directory Services.
The tool queries via ODQueryCreateWithNode() call passing in the given uid_t and next on its results, it iterates and ask for items with Attribute kODAttributeTypePrimaryGroupID via the ODRecordCopyValues() call for each item.
Strangely, the result is more than 1 unique Primary Group being reported among the results of ODQueryCreateWithNode call.
The tool reports:
user belongs to primary Group: 20
user belongs to primary Group: 110233109
Also, the id command when run from Terminal on the same system reports,
>id -gn
staff
> id
uid=110233109 gid=20(staff) .....
The tool links OpenDirectory Framework and Directory Services Framework.
#import <OpenDirectory/OpenDirectory.h>
#import <DirectoryService/DirectoryService.h>
QUESTION
As per the internet, a user can belong to ONLY 1 primary group.
Even if this is theoretically possible, why is the code reporting the issue only on Big Sur ?
Also, if there are multiple values reported for Primary group, which is the value that should take effect ? Is it the first reported value in the Array of results ?
Regards,
Vikram.