Help

bind script error

tlarkin
Honored Contributor

Posted on ‎08-11-2010 01:54 PM

hey everyone...

I am scrapping my separate bind scripts and integrating them into my post image script. Since the computer name is set by Casper, and each name is unique to it's building I figured I'd use that to script it... Here it is:

#!/bin/bash

# use computer name to set bind location to replica server

case `/usr/sbin/networksetup -getcomputername` in

WYA*) /usr/sbin/dsconfigldap -a xs106-a.kckps.org; /usr/bin/dscl localhost -create /Search SearchPolicy dsAttrTypeStandard:CSPSearchPath; /usr/bin/dscl localhost -merge /Search CSPSearchPath /LDAPv3/xs106-a.kckps.org; /usr/bin/dscl localhost -create /Contact SearchPolicy dsAttrTypeStandard:CSPSearchPath; /usr/bin/dscl localhost -merge /Contact CSPSearchPolicy /LDAPv3/xs106-a.kckps.org;

;;

HAR*) /usr/sbin/dsconfigldap -a xs101-a.kckps.org; /usr/bin/dscl localhost -create /Search SearchPolicy dsAttrTypeStandard:CSPSearchPath; /usr/bin/dscl localhost -merge /Search CSPSearchPath /LDAPv3/xs101-a.kckps.org; /usr/bin/dscl localhost -create /Contact SearchPolicy dsAttrTypeStandard:CSPSearchPath; /usr/bin/dscl localhost -merge /Contact CSPSearchPolicy /LDAPv3/xs101-a.kckps.org;

;;

WHS*) /usr/sbin/dsconfigldap -a xs104-a.kckps.org; /usr/bin/dscl localhost -create /Search SearchPolicy dsAttrTypeStandard:CSPSearchPath; /usr/bin/dscl localhost -merge /Search CSPSearchPath /LDAPv3/xs104-a.kckps.org; /usr/bin/dscl localhost -create /Contact SearchPolicy dsAttrTypeStandard:CSPSearchPath; /usr/bin/dscl localhost -merge /Contact CSPSearchPolicy /LDAPv3/xs104-a.kckps.org;

;;

SAS*) /usr/sbin/dsconfigldap -a xs102-a.kckps.org; /usr/bin/dscl localhost -create /Search SearchPolicy dsAttrTypeStandard:CSPSearchPath; /usr/bin/dscl localhost -merge /Search CSPSearchPath /LDAPv3/xs102-a.kckps.org; /usr/bin/dscl localhost -create /Contact SearchPolicy dsAttrTypeStandard:CSPSearchPath; /usr/bin/dscl localhost -merge /Contact CSPSearchPolicy /LDAPv3/xs102-a.kckps.org;

;;

SCH*) /usr/sbin/dsconfigldap -a xs100-a.kckps.org; /usr/bin/dscl localhost -create /Search SearchPolicy dsAttrTypeStandard:CSPSearchPath; /usr/bin/dscl localhost -merge /Search CSPSearchPath /LDAPv3/xs100-a.kckps.org; /usr/bin/dscl localhost -create /Contact SearchPolicy dsAttrTypeStandard:CSPSearchPath; /usr/bin/dscl localhost -merge /Contact CSPSearchPolicy /LDAPv3/xs100-a.kckps.org;

;;

esac

exit 0

These are vanilla binds, no authentication needed. When I run the script, it works and the client binds, but I get this error in terminal:

bash-3.2# sh bind_hs_client.sh attribute status: eDSReadOnly DS Error: -14121 (eDSReadOnly)
bash-3.2#

Upon inspecting the directory utility I see that it bound, and that the Search path is set to the replica server, but the contact path is not. I think this is causing the error out. Any ideas?

Once this is worked out, it will be added to my post image script, which I will update with other updates I have done to it and post it to the resource kit list.

Thanks

Tom

0 Kudos
Reply
5 REPLIES 5

bentoms
Release Candidate Programs Tester

Posted on ‎08-12-2010 03:11 AM

Those are the same errors I am seeing when running a script to remove network users from the admin group..

I wonder is they need to be run as an network admin account & not root?

Ben Toms
IT Support Analyst GREY Group
The Johnson Building, 77 Hatton Garden, London, EC1N 8JS
T: +44 (0) 20-3037-3819 Main: +44 (0) 20 3037 3000 | IT Helpdesk: +44 (0) 20 3037 3883

0 Kudos
Reply

tlarkin
Honored Contributor

Posted on ‎08-12-2010 06:08 AM

If you are forcing an unbind or removal you probably need the diradmin account. I am rewriting it as I think the variables may pass a space or something weird

0 Kudos
Reply

bentoms
Release Candidate Programs Tester

Posted on ‎08-12-2010 06:09 AM

Nothing like that.. I was just removing network users from the local admin group..

Ben Toms
IT Support Analyst GREY Group
The Johnson Building, 77 Hatton Garden, London, EC1N 8JS
T: +44 (0) 20-3037-3819 |
Main: +44 (0) 20 3037 3000 | IT Helpdesk: +44 (0) 20 3037 3883

0 Kudos
Reply

jarednichols
Honored Contributor

Posted on ‎08-12-2010 06:55 AM

Anything regarding directory-based accounts is going to require directory-based authority to do it.

j
--
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

0 Kudos
Reply

tlarkin
Honored Contributor

Posted on ‎08-17-2010 08:56 AM

I am still getting that error, rewrote it to make it slightly more efficient.....what is weird is the same code works in my teacher script but I don't have a case statement....

This is very frustrating.

#!/bin/bash

# use computer name to set OD server by naming scheme

case `/usr/sbin/networksetup -getcomputername` in WYA) ODSERVER=xs106-a.kckps.org;; HAR) ODSERVER=xs101-a.kckps.org;; WHS) ODSERVER=xs104-a.kckps.org;; SAS) ODSERVER=xs102-a.kckps.org;; SCH*) ODSERVER=xs100-a.kckps.org;;
esac

/usr/sbin/dsconfigldap -a ${ODSERVER}
/usr/bin/dscl /Search create / SearchPolicy dsAttrTypeStandard:CSPSearchPath
/usr/bin/dscl /Search merge / CSPSearchPath /LDAPv3/${ODSERVER}
/usr/bin/dscl localhost create /Contact SearchPolicy dsAttrTypeStandard:CSPSearchPath
/usr/bin/dscl localhost merge /Contact CSPSearchPolicy /LDAPv3/${ODSERVER}

exit 0

I've plugged it into textwrangler to ensure no white spaces or weird tabs or anything. It all looks legit, yet I still get that error....what is up with that? The only difference is that this year I am doing a instaDMG compiled image....

Guess I'll contact Enterprise support with Apple.

Casper runs a slightly modified version of this to bind all my Teacher clients and it works!

-Tom

0 Kudos
Reply