Jamf Nation Community

tkimpton · ‎10-29-2014

Is it possible for the JSS to also do computers AD group membership LDAP lookups not just the users AD group membership?

For example

Bob has access in Self Service to install Photoshop because he is part of the AD group Photoshop

There is nothing preventing Bob going around all the computers in the building and installing Photoshop for his mates.

The ideal solution is to also assign Bobs computer also to the AD group Photoshop and scope a computer smart group based on the computers group membership.

(Also have to deal with multiple AD plugins so extension attributes are out of the question)

tkimpton · ‎10-29-2014

please also keep in mind i know smart & static computers groups etc and that is not what i want.

need JSS also doing Computer group membership LDAP lookups

wyip · ‎03-06-2015

Did you ever try this out to see what happens? It looks like currently the JSS only honors LDAP User Groups but I haven't tried it yet. We're in a similar situation as what you described and want to manage this via LDAP Computer Groups in AD, and not static groups in Casper. Sounds like this might need to be a feature request.

davidacland · ‎03-07-2015

That is a current feature request. Its under review so probably worth voting up: https://jamfnation.jamfsoftware.com/featureRequest.html?id=1063
You could replicate the feature with extension attributes to determine which OUs or groups the computers are in and have that filter down to smart groups in Casper, but it would be tedious and slow.

GaToRAiD · ‎03-08-2015

@tkimpton I have create a tool to do just this in JSS. Currently it is designed for user groups, but can be easily modified for computer groups. Let me know if this is something you would be interested in.

Lotusshaney · ‎09-21-2015

@GaToRAiD Any chance you can post the tool up ? Thanks

Jamf Nation Community

Computer AD Group membership JSS LDAP lookups