Command line to give Search Policy from Directory Utility?

mfcfadmin
Contributor II

Looked at dsconfigad hoping it would point upward to dsconfig.
Looked at dscl which I think just lists them in alphabetical order.
Looked at odutil which seems to only list connections and statistics.

Any help appreciated.

1 ACCEPTED SOLUTION

mfcfadmin
Contributor II

dscl /Search -read / CSPSearchPath

That was buried under a rock.

View solution in original post

3 REPLIES 3

mfcfadmin
Contributor II

dscl /Search -read / CSPSearchPath

That was buried under a rock.

Thank you!   It seems so easy and yet it took a while to find this again...  It turns out the Internet is a big place...

In an attempt to be helpful, here is what I did with this information:

I created an extension attribute - 

#!/usr/bin/env zsh
RESULT=""
authSearchPolicy=$(dscl /Search -read / SearchPolicy | awk '{print $NF}' | awk -F':' '{print $NF}')
if [ "$authSearchPolicy" = "LSPSearchPath" ]; then
	RESULT="local"
fi
if [ "$authSearchPolicy" = "NSPSearchPath" ]; then
	RESULT="auto"
fi
if [ "$authSearchPolicy" = "CSPSearchPath" ]; then
	RESULT="custom"
fi
echo "<result>$RESULT</result>"

And I used this bit of shell script to change the Directory Services configuration in the ways I wanted. 

#!/usr/bin/env zsh

# Change it from Custom to Local
searchPathCheck=$(dscl /Search -read / SearchPolicy | grep "CSPSearchPath")
if [ "$searchPathCheck" != "" ]; then 
    dscl /Search -change / SearchPolicy "dsAttrTypeStandard:CSPSearchPath" "dsAttrTypeStandard:LSPSearchPath"
    echo "Switched from the Custom Search Path to Local Search Path in Directory Services Authentication."
    searchPathCheck=""
fi 

And here are some notes I captured during testing. 

 

# Key = SearchPolicy
# Value options: 
#   dsAttrTypeStandard:CSPSearchPath = custom search Path 
#   dsAttrTypeStandard:LSPSearchPath = local search path
#   dsAttrTypeStandard:NSPSearchPath = automatic search path

# delete AD from the custom search path 
# dscl /Search -delete / CSPSearchPath "/Active Directory/YOURDOMAIN/All Domains"