Skip to main content
Question

bind by smart configuration [ feature request ]

T
Forum|alt.badge.img+31
  • tlarkin
  • Honored Contributor
  • 2721 replies

I have been looking for a feature, but I do not see it in Casper anywhere. So, I did some creative scripting instead. However, I can see how this would benefit many different organizations. We have about 6,000 Macbooks in my environment and when we first rolled them out, all 6,000 users were set to change their password at first log in in OD. Well, lets just say that one server did not like 6,000 users trying to change passwords at the same time. This also goes for authentication as well. So, I wrote a script that will bind the client based off of naming convention. However, if I could just bind a client based on smart configuration in say Casper Admin, I would not have to do such things.

Often times you need to load balance how many clients authenticate against one server. Here where I work we allow about 1,000 clients per a server. Here is the example of my script, which I have now incorporated into my post image script.

#!/bin/bash

# use computer name to set OD server by naming scheme

case `/usr/sbin/networksetup -getcomputername` in WYA) ODSERVER=xs106-a.kckps.org;; HAR) ODSERVER=xs101-a.kckps.org;; WHS) ODSERVER=xs104-a.kckps.org;; SAS) ODSERVER=xs102-a.kckps.org;; SCH*) ODSERVER=xs100-a.kckps.org;; esac

/usr/sbin/dsconfigldap -a ${ODSERVER} /usr/bin/dscl /Search -create / SearchPolicy dsAttrTypeStandard:CSPSearchPath /usr/bin/dscl /Search/Contacts -create / SearchPolicy dsAttrTypeStandard:CSPSearchPath /usr/bin/dscl /Search -append / CSPSearchPath "/LDAPv3/${ODSERVER}" /usr/bin/dscl /Search/Contacts -append / CSPSearchPath "/LDAPv3/${ODSERVER}"

exit 0

    4 replies

    E
    Forum|alt.badge.img+21
    • ernstcs
    • Contributor
    • 1028 replies
    • August 30, 2010

    I think you can do this if I’m reading right.

    You would like systems to bind to a particular OD server based on their membership to a Smart Group, which is based on name? And you would like this performed at imaging time?

    You can create as many different BINDS for the JSS to use as you want.

    Create your smart groups based on what you have for names, and perhaps this is where you need it to do some sort of dummy receipt or other extended attribute to make sure the system is bound.

    If the system isn’t bound and exists in that smart group a policy would then bind it based on which BIND settings you specify in the JSS on the accounts tab in policy.

    Is that making sense? Maybe I’m missing something.

    Craig E

    T
    Forum|alt.badge.img+31
    • tlarkin
    • Author
    • Honored Contributor
    • 2721 replies
    • August 30, 2010

    If I have to use attributes or dummy receipts why not just keep the
    script? I would like to have a tab in the Smart Configuration window
    that allows me to set that smart configuration's bindings. I am looking
    for a place I can put this. I guess I could make manual trigger
    policies as well? I see where I can add LDAP servers and I have a few
    in there, but when I go to create a policy it says no directory
    bindings. I have three servers in the JSS for testing, but I can never
    see where you actually tell the client to bind to the specific one
    during imaging.

    Unless I am missing something?

    Thanks,

    Tom

    E
    Forum|alt.badge.img+21
    • ernstcs
    • Contributor
    • 1028 replies
    • August 30, 2010

    Objects added as directory bindings in the JSS show up as objects in Casper Admin, much like packages now, use to be a little different. So, now you can just drag and drop the BIND you want to use for that particular configuration. See attached. Granted...mine are all AD bindings so I can only assume this is the same for OD, LikeWise, ADmitMac, or Centrify. See attached.

    Those options, if added through the Directory Bindings section in Management, should also be options within Policies on the Accounts Tab, see attached, so you can do anything you want with them in a policy as well using smart groups, etc.

    Like I said, if you wanted to make it truly dynamic based on machine name patterns you still need a way to say, hey, this box isn’t bound so put it in my smart group and have a policy bind it. I’m seeing in Smart Groups options under OS Configuration Information that I can specify if systems are bound to my domains or not for AD. Again, I can’t relate if there would be OD options there.

    Helping?

    Craig E

    bentoms
    Forum|alt.badge.img+35
    • bentoms
    • Legendary Contributor
    • 4331 replies
    • August 30, 2010

    We've added different od bindings in the jss web page (under maintenance I think)..

    I then add these bindings to my smart config's as appropriate. Both ad & od binds are done this way with both bindings being different per business units build.

    Is this the kind of thing?

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings