Posted on 04-13-2011 05:53 AM
Is this possible and if so does it work well?
Thanks
LC
Posted on 04-13-2011 05:53 AM
Binding in what way?
please expand what it is you hope to acheive
Criss Myers
Senior IT Analyst (Mac Services)
iPhone / iPad Developer
Apple Certified Technical Coordinator v10.5
LIS Development
Software Management Team
Adelphi Building AB28
University of Central Lancashire
Preston PR1 2HE
Ex 5050
01772 895050
Posted on 04-13-2011 05:54 AM
You can bind Casper to Ad and OD in order to login to Casper with AD / OD users, think you might also need it for Self Service login
Also you can then fill in the inventory with AD /OD users info and also email them from Casper based on their AD/OD email address
Criss Myers
Senior IT Analyst (Mac Services)
iPhone / iPad Developer
Apple Certified Technical Coordinator v10.5
LIS Development
Software Management Team
Adelphi Building AB28
University of Central Lancashire
Preston PR1 2HE
Ex 5050
01772 895050
Posted on 04-13-2011 05:55 AM
AND
You can also limit policies to OD/AD Groups but not nested groups or AD/OD Users
Criss Myers
Senior IT Analyst (Mac Services)
iPhone / iPad Developer
Apple Certified Technical Coordinator v10.5
LIS Development
Software Management Team
Adelphi Building AB28
University of Central Lancashire
Preston PR1 2HE
Ex 5050
01772 895050
Posted on 04-13-2011 06:37 AM
This is good to know, other then the nested groups. Any other gotchas?
Thanks
LC
Posted on 04-13-2011 09:29 AM
I hope I am not hijacking this but while on the subject, I would like to pick your brains... I am working on using Inventory Extension Attributes and populating them with AD data. One issue I have is that machine names are not necessarily the same as the binding account in my env. This creates a problem when I am trying to populate Container information from AD using something like
ComputerName=/usr/sbin/scutil --get ComputerName
attribDN=/usr/bin/dscl "/Active Directory/{my.domain.name}" read /Computers/${ComputerName} dn
...
This only works when binding name matches computer name . I need a way to get the ID used for binding and use that instead of 'ComputerName'.
Right now, I am thinking about using the following to get the name:
`dsconfigad -show |grep "computer Account" |cut -d '=' -f 2 `
Can anyone think of a better way of doing this?
Also, if I know the binding name 'partially', could I search and get the DN?
Say binding ids are always in the format of 'xxxxx123456', can I use what I know ('123456') to search the Distinguished Name (dn) from AD?
attribDN=/usr/bin/dscl "/Active Directory/{my.domain.name}" search /Computers/*123456 dn
would not work...
Thanks!