Silly question: getting a user's email address(es)

Over the year’s macOS has limited access to the user’s email address because it’s very private information. You mentioned Active Directory, which suggests you’re working in a managed environment. Is that right?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

We might be. The specific thing we're doing is logging in via OIDC, and we can try to check various email addresses before asking the user.

I think we only really care if the user is part of a network directory, though.

OK. So, if you do the equivalent of this:

% dscl
Entering interactive mode... (type "help" for commands)
 > cd /Search/Users/quinn
/Search/Users/quinn > read
… lots of stuff …

does it print the email address you need? If so, in which attribute?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Annoyingly, we don't have anything set up internally, and of course I never set up LDAP at home... (I tried once. Too annoying. Anyone got pointers?)

I'm also, as of right now, trying to figure out if there's a difference between the account name and an email address.

Took a while, but this looks like it would do it:

AltSecurityIdentities:
 X509:<T>CN=Apple Root CA,OU=Apple Certification Authority,O=Apple Inc.,C=US<S>CN=com.apple.idms.appleid.prd.001006-08-6e1a760f-f653-4f65-b28d-2d5dd5ff9582
 PlatformSSO:foo@kithrup.com

So that's the key AltSecurityIdentities, and it looks like that then has a dictionary or array?

Now how would I get that programmatically...

That’s the kODAttributeTypeAltSecurityIdentities attribute. For an example of how to fetch such a thing using the Open Directory framework, see this post.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

That link doesn't work...

That link doesn't work...

Indeed. AFAICT the thread is still valid, but DevForums won’t display it for some reason. I’ve escalated that internally (i. 097560124).

In the meantime, here’s the relevant code snippet:

func isLocal(username: String) throws -> Bool {
    let session = ODSession()
    let node = try ODNode(session: session, type: ODNodeType(kODNodeTypeAuthentication))
    let record = try node.record(
        withRecordType: kODRecordTypeUsers,
        name: username,
        attributes: [kODAttributeTypeMetaNodeLocation] as NSArray
    )
    let locationsAny = try record.values(forAttribute: kODAttributeTypeMetaNodeLocation)
    guard
        let locations = locationsAny as? [String],
        let location = locations.first
    else {
        // … throw an error …
    }
    return location.hasPrefix("/Local/")
}

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"