Skip to main content

hey everyone...



I am scrapping my separate bind scripts and integrating them into my post image script. Since the computer name is set by Casper, and each name is unique to it's building I figured I'd use that to script it... Here it is:



#!/bin/bash



# use computer name to set bind location to replica server



case `/usr/sbin/networksetup -getcomputername` in



WYA*)
/usr/sbin/dsconfigldap -a xs106-a.kckps.org;
/usr/bin/dscl localhost -create /Search SearchPolicy dsAttrTypeStandard:CSPSearchPath;
/usr/bin/dscl localhost -merge /Search CSPSearchPath /LDAPv3/xs106-a.kckps.org;
/usr/bin/dscl localhost -create /Contact SearchPolicy dsAttrTypeStandard:CSPSearchPath;
/usr/bin/dscl localhost -merge /Contact CSPSearchPolicy /LDAPv3/xs106-a.kckps.org;



;;



HAR*)
/usr/sbin/dsconfigldap -a xs101-a.kckps.org;
/usr/bin/dscl localhost -create /Search SearchPolicy dsAttrTypeStandard:CSPSearchPath;
/usr/bin/dscl localhost -merge /Search CSPSearchPath /LDAPv3/xs101-a.kckps.org;
/usr/bin/dscl localhost -create /Contact SearchPolicy dsAttrTypeStandard:CSPSearchPath;
/usr/bin/dscl localhost -merge /Contact CSPSearchPolicy /LDAPv3/xs101-a.kckps.org;



;;



WHS*)
/usr/sbin/dsconfigldap -a xs104-a.kckps.org;
/usr/bin/dscl localhost -create /Search SearchPolicy dsAttrTypeStandard:CSPSearchPath;
/usr/bin/dscl localhost -merge /Search CSPSearchPath /LDAPv3/xs104-a.kckps.org;
/usr/bin/dscl localhost -create /Contact SearchPolicy dsAttrTypeStandard:CSPSearchPath;
/usr/bin/dscl localhost -merge /Contact CSPSearchPolicy /LDAPv3/xs104-a.kckps.org;



;;



SAS*)
/usr/sbin/dsconfigldap -a xs102-a.kckps.org;
/usr/bin/dscl localhost -create /Search SearchPolicy dsAttrTypeStandard:CSPSearchPath;
/usr/bin/dscl localhost -merge /Search CSPSearchPath /LDAPv3/xs102-a.kckps.org;
/usr/bin/dscl localhost -create /Contact SearchPolicy dsAttrTypeStandard:CSPSearchPath;
/usr/bin/dscl localhost -merge /Contact CSPSearchPolicy /LDAPv3/xs102-a.kckps.org;



;;



SCH*)
/usr/sbin/dsconfigldap -a xs100-a.kckps.org;
/usr/bin/dscl localhost -create /Search SearchPolicy dsAttrTypeStandard:CSPSearchPath;
/usr/bin/dscl localhost -merge /Search CSPSearchPath /LDAPv3/xs100-a.kckps.org;
/usr/bin/dscl localhost -create /Contact SearchPolicy dsAttrTypeStandard:CSPSearchPath;
/usr/bin/dscl localhost -merge /Contact CSPSearchPolicy /LDAPv3/xs100-a.kckps.org;



;;



esac



exit 0



These are vanilla binds, no authentication needed. When I run the script, it works and the client binds, but I get this error in terminal:



bash-3.2# sh bind_hs_client.sh
attribute status: eDSReadOnly
DS Error: -14121 (eDSReadOnly)
bash-3.2#



Upon inspecting the directory utility I see that it bound, and that the Search path is set to the replica server, but the contact path is not. I think this is causing the error out. Any ideas?



Once this is worked out, it will be added to my post image script, which I will update with other updates I have done to it and post it to the resource kit list.



Thanks



Tom

Those are the same errors I am seeing when running a script to remove network users from the admin group..



I wonder is they need to be run as an network admin account & not root?



Ben Toms
IT Support Analyst GREY Group
The Johnson Building, 77 Hatton Garden, London, EC1N 8JS
T: +44 (0) 20-3037-3819
Main: +44 (0) 20 3037 3000 | IT Helpdesk: +44 (0) 20 3037 3883

If you are forcing an unbind or removal you probably need the diradmin account. I am rewriting it as I think the variables may pass a space or something weird

Nothing like that.. I was just removing network users from the local admin group..



Ben Toms
IT Support Analyst GREY Group
The Johnson Building, 77 Hatton Garden, London, EC1N 8JS
T: +44 (0) 20-3037-3819 |
Main: +44 (0) 20 3037 3000 | IT Helpdesk: +44 (0) 20 3037 3883

Anything regarding directory-based accounts is going to require directory-based authority to do it.



j
--
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

I am still getting that error, rewrote it to make it slightly more efficient.....what is weird is the same code works in my teacher script but I don't have a case statement....



This is very frustrating.



#!/bin/bash



# use computer name to set OD server by naming scheme



case `/usr/sbin/networksetup -getcomputername` in
WYA) ODSERVER=xs106-a.kckps.org;;
HAR) ODSERVER=xs101-a.kckps.org;;
WHS) ODSERVER=xs104-a.kckps.org;;
SAS) ODSERVER=xs102-a.kckps.org;;
SCH*) ODSERVER=xs100-a.kckps.org;;
esac



/usr/sbin/dsconfigldap -a ${ODSERVER}
/usr/bin/dscl /Search create / SearchPolicy dsAttrTypeStandard:CSPSearchPath
/usr/bin/dscl /Search merge / CSPSearchPath /LDAPv3/${ODSERVER}
/usr/bin/dscl localhost create /Contact SearchPolicy dsAttrTypeStandard:CSPSearchPath
/usr/bin/dscl localhost merge /Contact CSPSearchPolicy /LDAPv3/${ODSERVER}



exit 0



I've plugged it into textwrangler to ensure no white spaces or weird tabs or anything. It all looks legit, yet I still get that error....what is up with that? The only difference is that this year I am doing a instaDMG compiled image....



Guess I'll contact Enterprise support with Apple.



Casper runs a slightly modified version of this to bind all my Teacher clients and it works!



-Tom

Reply


Terms & ConditionsCookie settings