- Jamf Nation Community
- Products
- Jamf Pro
- bind by smart configuration [ feature request ]
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
bind by smart configuration [ feature request ]
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-30-2010 07:09 AM
I have been looking for a feature, but I do not see it in Casper anywhere. So, I did some creative scripting instead. However, I can see how this would benefit many different organizations. We have about 6,000 Macbooks in my environment and when we first rolled them out, all 6,000 users were set to change their password at first log in in OD. Well, lets just say that one server did not like 6,000 users trying to change passwords at the same time. This also goes for authentication as well. So, I wrote a script that will bind the client based off of naming convention. However, if I could just bind a client based on smart configuration in say Casper Admin, I would not have to do such things.
Often times you need to load balance how many clients authenticate against one server. Here where I work we allow about 1,000 clients per a server. Here is the example of my script, which I have now incorporated into my post image script.
#!/bin/bash
# use computer name to set OD server by naming scheme
case `/usr/sbin/networksetup -getcomputername` in WYA) ODSERVER=xs106-a.kckps.org;; HAR) ODSERVER=xs101-a.kckps.org;; WHS) ODSERVER=xs104-a.kckps.org;; SAS) ODSERVER=xs102-a.kckps.org;; SCH*) ODSERVER=xs100-a.kckps.org;; esac
/usr/sbin/dsconfigldap -a ${ODSERVER} /usr/bin/dscl /Search -create / SearchPolicy dsAttrTypeStandard:CSPSearchPath /usr/bin/dscl /Search/Contacts -create / SearchPolicy dsAttrTypeStandard:CSPSearchPath /usr/bin/dscl /Search -append / CSPSearchPath "/LDAPv3/${ODSERVER}" /usr/bin/dscl /Search/Contacts -append / CSPSearchPath "/LDAPv3/${ODSERVER}"
exit 0
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-30-2010 07:22 AM
I think you can do this if I’m reading right.
You would like systems to bind to a particular OD server based on their membership to a Smart Group, which is based on name? And you would like this performed at imaging time?
You can create as many different BINDS for the JSS to use as you want.
Create your smart groups based on what you have for names, and perhaps this is where you need it to do some sort of dummy receipt or other extended attribute to make sure the system is bound.
If the system isn’t bound and exists in that smart group a policy would then bind it based on which BIND settings you specify in the JSS on the accounts tab in policy.
Is that making sense? Maybe I’m missing something.
Craig E
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-30-2010 07:57 AM
If I have to use attributes or dummy receipts why not just keep the
script? I would like to have a tab in the Smart Configuration window
that allows me to set that smart configuration's bindings. I am looking
for a place I can put this. I guess I could make manual trigger
policies as well? I see where I can add LDAP servers and I have a few
in there, but when I go to create a policy it says no directory
bindings. I have three servers in the JSS for testing, but I can never
see where you actually tell the client to bind to the specific one
during imaging.
Unless I am missing something?
Thanks,
Tom
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-30-2010 09:44 AM
Objects added as directory bindings in the JSS show up as objects in Casper Admin, much like packages now, use to be a little different. So, now you can just drag and drop the BIND you want to use for that particular configuration. See attached. Granted...mine are all AD bindings so I can only assume this is the same for OD, LikeWise, ADmitMac, or Centrify. See attached.
Those options, if added through the Directory Bindings section in Management, should also be options within Policies on the Accounts Tab, see attached, so you can do anything you want with them in a policy as well using smart groups, etc.
Like I said, if you wanted to make it truly dynamic based on machine name patterns you still need a way to say, hey, this box isn’t bound so put it in my smart group and have a policy bind it. I’m seeing in Smart Groups options under OS Configuration Information that I can specify if systems are bound to my domains or not for AD. Again, I can’t relate if there would be OD options there.
Helping?
Craig E
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-30-2010 10:38 AM
We've added different od bindings in the jss web page (under maintenance I think)..
I then add these bindings to my smart config's as appropriate. Both ad & od binds are done this way with both bindings being different per business units build.
Is this the kind of thing?
