Looked at dsconfigad hoping it would point upward to dsconfig.
Looked at dscl which I think just lists them in alphabetical order.
Looked at odutil which seems to only list connections and statistics.
Any help appreciated.
Solved
Command line to give Search Policy from Directory Utility?
+9Best answer by mfcfadmin
dscl /Search -read / CSPSearchPath
That was buried under a rock.
+4dscl /Search -read / CSPSearchPath
That was buried under a rock.
Thank you! It seems so easy and yet it took a while to find this again... It turns out the Internet is a big place...
+4Thank you! It seems so easy and yet it took a while to find this again... It turns out the Internet is a big place...
In an attempt to be helpful, here is what I did with this information:
I created an extension attribute -
#!/usr/bin/env zsh
RESULT=""
authSearchPolicy=$(dscl /Search -read / SearchPolicy | awk '{print $NF}' | awk -F':' '{print $NF}')
if [ "$authSearchPolicy" = "LSPSearchPath" ]; then
RESULT="local"
fi
if [ "$authSearchPolicy" = "NSPSearchPath" ]; then
RESULT="auto"
fi
if [ "$authSearchPolicy" = "CSPSearchPath" ]; then
RESULT="custom"
fi
echo "<result>$RESULT</result>"And I used this bit of shell script to change the Directory Services configuration in the ways I wanted.
#!/usr/bin/env zsh
# Change it from Custom to Local
searchPathCheck=$(dscl /Search -read / SearchPolicy | grep "CSPSearchPath")
if [ "$searchPathCheck" != "" ]; then
dscl /Search -change / SearchPolicy "dsAttrTypeStandard:CSPSearchPath" "dsAttrTypeStandard:LSPSearchPath"
echo "Switched from the Custom Search Path to Local Search Path in Directory Services Authentication."
searchPathCheck=""
fi And here are some notes I captured during testing.
# Key = SearchPolicy
# Value options:
# dsAttrTypeStandard:CSPSearchPath = custom search Path
# dsAttrTypeStandard:LSPSearchPath = local search path
# dsAttrTypeStandard:NSPSearchPath = automatic search path
# delete AD from the custom search path
# dscl /Search -delete / CSPSearchPath "/Active Directory/YOURDOMAIN/All Domains"Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.