Posted on 09-13-2010 12:34 AM
I would really like the JSS to be able to read OD/AD users and then be able to assign an asset to them in inventory. In my organization we assign laptops to users, that is their assigned laptop. If I could read the OD users and then I could go to a device in inventory and say just assign it to this user, or even better use a recon script at first log in to assign the user. Then when I look up either that computer or that user it will pull up what machine they are assigned.
I guess you can already do that with recon scripts but there is not really any GUI front end for it, nor the ability to look up users in LDAP and assign it manually that way. It would just make my life a bit easier instead of trying to use third party inventory systems. Right now it is not up so I cannot assign the 100 devices I need to deploy to users, and was thinking man if Casper could do this I wouldn't need this third party inventory system. Though our in-house developer made the inventory system and it is nice and does a lot, but when it is down I am at a loss and I don't have access to that box. I do however have all the access I want to the JSS.
Just a thought.
Regards,
Tom
Posted on 09-13-2010 01:00 PM
I'm a little confused by what you're asking for.
On 9/13/10 2:34 PM, "Thomas Larkin" <tlarki at kckps.org> wrote:
OD/AD doesn't natively store computer assignment information within user
records, does it? What process is suppose to do the assignment? Or are you
looking to automatically assign a computer in the JSS to the first user
who logs in?
--
William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492
Posted on 09-13-2010 01:18 PM
No, I want to be able to user look up in the JSS into OD. Then assign them a laptop. So, if John Smith were enrolled at my school I could look him up in the JSS via OD query and then assign him Asset #12345. Also, now that I think about it, a nice add in to iCal or calendar support for peripherals would be nice. So, when Jane wants to check out the projector for a week, someone could note it in the JSS and then it would populate in the calendar that she had it for that week. I know Calendar systems can already add objects, but it would be nice to have it in the JSS and use it as a central system for inventory.
OD look up is nice, so if there are 3 John Smiths, I can also see department and group information that would tell me which John Smith it is.
This would be stored in the JSS, but the ability to query LDAP servers for full user information and then be able to assign that computer to that user would be awesome. At least I think. Then if you could add peripherals to a calendar system that would be awesome too. So, if Jane kept her projector a day later than she should someone would get notified it wasn't checked back and and there is a paper trail on it.
Posted on 09-13-2010 01:54 PM
So, instead of looking up a computer in the JSS and assigning a user, you
On 9/13/10 3:18 PM, "Thomas Larkin" <tlarki at kckps.org> wrote:
want to look up a user and assign a computer?
--
William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492
Posted on 09-13-2010 02:09 PM
Essentially, but able to do it the other way as well and I want it to query from LDAP
Posted on 09-13-2010 07:24 PM
Couldn't you do that with some scripting and an extension attribute?
--
David Kucmierz
Mesquite ISD Technical Services
972.882.5506
dkucmierz at mesquiteisd.orghttp://dkucmierz@mesquiteisd.org/
On Sep 13, 2010, at 4:09 PM, Thomas Larkin wrote:
Essentially, but able to do it the other way as well and I want it to query from LDAP
Posted on 09-13-2010 07:57 PM
Tom,
Finally got around to my laptop.
If you're running 7.3x you can check page 93 of the manual. It appears there
is even this really fancy assistant for setting this up. =)
Once you have a valid LDAP Connection setup you would have the ability to
assign assets to an LDAP username through the Locations tab in Recon or JSS
Web.
Here we have an LDAP connection to AD. Offices get assigned to AD user
accounts in the JSS.
I'm not really seeing a mention on how this works in the manual, I could
just be missing it (one line on page 201 is all), but if you have an LDAP
Connection setup when you go to the locations tab you get an option to Check
Name. We typically enter the username of the person, hit check name, and a
list of matches comes up to select from (if multiple). You select the one
you'd like to assign and then this asset is linked to an LDAP ID. The beauty
of this is that as their information updates in AD, your information
refreshes when you look at it.
Now I can also search for a system by a username, or any of the other
location fields I've successfully mapped from LDAP.
So, I believe what Tom is looking for already exists, and has for quite some
time. The calendaring part sounds very custom.
If I'm totally misunderstanding the desire, my bad...
Craig E
Posted on 09-14-2010 12:45 AM
Very interesting
I am running 7.21 and the option is there but when i click check name it says no matches,
I have LDAP setup to AD and OD,
Currently i use LDAP AD groups for policy scope so it works fine, if i do a test connection for a username or a group it works fine
Does this only work correctly in 7.3 ?
if i put no username in the Locations tab and click check name it gives me my LDAP OD list of users but not LDAP AD list,
Criss
Criss Myers
Senior Customer Support Analyst (Mac Services)
iPhone / iPad Developer
Apple Certified Technical Coordinator v10.5
LIS Development Team
Adelphi Building AB28
University of Central Lancashire
Preston PR1 2HE
Ex 5054
01772 895054
Posted on 09-14-2010 06:30 AM
I am seeing this if I go into the asset and edit it. However, LDAP look up is not working for me and I have two OD servers added to the JSS.
"Ernst, Craig S." <ERNSTCS at uwec.edu> 9/13/2010 9:57 PM >>>
Tom,
Finally got around to my laptop.
If you're running 7.3x you can check page 93 of the manual. It appears there
is even this really fancy assistant for setting this up. =)
Once you have a valid LDAP Connection setup you would have the ability to
assign assets to an LDAP username through the Locations tab in Recon or JSS
Web.
Here we have an LDAP connection to AD. Offices get assigned to AD user
accounts in the JSS.
I'm not really seeing a mention on how this works in the manual, I could
just be missing it (one line on page 201 is all), but if you have an LDAP
Connection setup when you go to the locations tab you get an option to Check
Name. We typically enter the username of the person, hit check name, and a
list of matches comes up to select from (if multiple). You select the one
you'd like to assign and then this asset is linked to an LDAP ID. The beauty
of this is that as their information updates in AD, your information
refreshes when you look at it.
Now I can also search for a system by a username, or any of the other
location fields I've successfully mapped from LDAP.
So, I believe what Tom is looking for already exists, and has for quite some
time. The calendaring part sounds very custom.
If I'm totally misunderstanding the desire, my bad...
Craig E
On 9/13/10 9:24 PM, "David Kucmierz" <DKucmierz at mesquiteisd.org> wrote:
Posted on 09-14-2010 06:49 AM
Works for me here. I put in the short name of the individual in the
On Tue, Sep 14, 2010 at 8:30 AM, Thomas Larkin <tlarki at kckps.org> wrote:
username box, click Check Name, and it finds the record in OD. In fact, I
just tested, and I can put the last name in and it finds the user as well.
This has been working for me since 7.0 I believe. I can't remember exactly
when I started using it.
Steve Wood
Director of IT
swood at integer.com
The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475
Posted on 09-14-2010 07:10 AM
I can’t remember not having it as an option so that should almost go back to the 5.x days.
Craig E
Posted on 09-14-2010 07:34 AM
I just need to be able to do look up by full name. When you have
10,000 people in your directory you are bound to get several of the same
names. I need a way to look up which John Doe this specifically is.
Posted on 09-14-2010 07:39 AM
We've also been doing this since day zero. You can search on username or partial name.
j
--
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
Posted on 09-14-2010 10:23 AM
The lookups are dependent on the extra information you supply as well, not
On 9/14/10 9:39 AM, "Nichols, Jared - 1170 - MITLL" <jared.nichols at ll.mit.edu> wrote:
just names.
Our AD admins are very lazy about including information such as Department
and Building in user records. If I have those fields pre-populated under
the Location tab of the JSS using names of departments and buildings that
I've only defined in the JSS then searching for any name in AD will fail
if those don't match the AD record too.
However, if LDAP is well-maintained then these can be used to find
students whose names are the same as others but in different locations.
None of this, however, addresses what I think Tom was wanting, which was
to find a student and then assign him an asset. I don't see much
difficulty in doing it the other way around, though.
--
William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492
Posted on 09-14-2010 10:35 AM
In the LDAP attribute mapping in the JSS, don’t map any of the attributes that may bring data over from LDAP that could conflict with data in JSS. In particular the department and building fields. If those are mapped to an LDAP attribute and you perform a lookup of a user and the fields don’t match what is already in JSS, you will not find a matching user account even if the username or long name are valid.
Just leave those attributes unmapped and your lookup should work fine. We ran into this when trying to assign computers to users via LDAP.
--
James Fuller | Starbucks Coffee Company