Jamf Nation Community

Yes. Ben Toms has done the script and as long as your LDAP server is configured correctly it all works beautifully, it's what I use.

The info and script can be found here:-

https://macmule.com/2014/05/04/submit-user-information-from-ad-into-the-jss-at-login-v2/

Hi,

The main command is sudo jamf recon -endUsername $3. I've used the same method as Ben, creating a login policy that runs the command once per computer.

If you want it to keep up to date you could use "ongoing" for the execution frequency, although this will cause it to perform the lookup on every Mac for every login so "once per week" or "once per month" might be a better.

See this thread @kingscollege

LDAP User Info

I tried to use the script on the MacMule page, but it kept returning a syntax error regarding the first ` in the code.

I used this instead:

#!/bin/sh
loggedInUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");'`
/usr/sbin/jamf recon -endUsername $loggedInUser

It seemed to have worked for some, but not others. We have 185 users who are assigned to a department in AD that is also added to the JSS, but the script won't add any of them to their groups.

Any ideas?

I was able to figure out how to get this working using the MacMule's page. This is game changing for me...im now going to be able to scope things based off LDAP groups.

Thanks @triding for adding that info!

For us (JSS 9.101 / macOS Sierra) we had to substitute the "loggedInUser" line with this:

loggedInUser= $(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + " ");')