Jamf Nation Community

mqh7 · ‎11-30-2012

I am trying to get all user information into our JSS DB and from what others on this site have told me I need to use LDAP. In my JSS web portal I go to "test LDAP server connection" I type in many different usernames and it finds nothing. All it says is "No records were found" No errors, just that message.

I've looked in /Library/Java/Home/lib/security/ and I don't see any file jump out at me saying "I'm a cert file" so how do I know this is setup properly?

Note: I did confirm that the server JSS points too (a Windows server) Does have the root certificate installed.

Fink · ‎11-30-2012

Hi mqh7

Check out this KB article.

https://jamfnation.jamfsoftware.com/article.html?id=121

mqh7 · ‎11-30-2012

Yes, I found that and as it turns out I can look up users and get information. I discovered that the JSS was looking at a nested OU. I kept looking for my username and that was above this nested OU. So it does work yet when I go to my INVENTORY page and look at all machines there is no UserName, Real Name or Email Address. how do I get that information into a report?

Under "inventory display preferences" I have checked "Live LDAP Lookups. What else do I need to do?

I was told to write custom SQL reports that show the last logged on user yet I don't see that information in the Jamfsoftware DB.

Thanks.

mqh7 · ‎12-03-2012

Still can't get this working......any idea's from this forum?

jarednichols · ‎12-04-2012

Settings -> Inventory Collection Preferences -> Location (tab)

Check the Populate the computer location information of a username from an LDAP lookup on inventory update box

mqh7 · ‎12-04-2012

JaredNichols, I don't have the option you're talking about. When I navigate to Inventory Display Preferences and then click on the Location tab here is what I have.

Username
Real Name
Email Address
Department
Building
Room
Phone
Position
Live LDAP Lookup (Live LDAP Lookups) "and this has been checked for many days now"

I do NOT have anything that says: Populate the computer location information of a username from an LDAP lookup on inventory update.

Do we need to upgrade our version of JSS??

jarednichols · ‎12-04-2012

What version are you on?

mqh7 · ‎12-04-2012

From the Web Portal it says

JAMF Software (JSS)
Version 8.31

jarednichols · ‎12-04-2012

Hmm. Perhaps a JAMF can help out here, but I don't think that checkbox I mentioned showed up until 8.6

jason_prairie · ‎12-04-2012

If an LDAP Connection has been added and configured we should be able to populate the Location information manually with the following steps:

Search Inventory and click "Details" for a machine
Click to the Location Tab. There we should see an ellipsis (...) in the upper right-hand corner. This should allow us to edit any of the information.
Type in a Username from your Directory Service and click the blue magnifying glass to search. If the username is found the info from the Directory Service will populate.

You may also want to think about upgrading to the current version of the Casper Suite. There may be easier ways (using that lookup on inventory update box mentioned above). Give your Account Manager a call or email support@jamfsoftware.com if you'd like any additional help.

mqh7 · ‎12-05-2012

Jason, yes, what you said does return user names. But, we don't know who belongs to which machine so we can't manually enter all the data in. That is why we want JSS to do it for us based on collected inventory information.

Since you work for JAMF can you tell me which version of JSS we need to be at in order for this to work in an automated way?

Thank you.

jarednichols · ‎12-06-2012

Here's what you do:

Create a script:
```
#!/bin/sh
```

# Filename: assignUser.sh
# Purpose: Report user info into the JSS so an LDAP lookup can assign the user to the machine
# Author: Jared F. Nichols

lastUser=defaults read /Library/Preferences/com.apple.loginwindow lastUserName

jamf recon -endUsername $lastUser

Assign the script to a policy that runs frequently. It's on my daily inventory for instance. Keep in mind that in this case I've unchecked the Update Inventory box in the Advanced tab because my script is now handing the recon.

Settings -> Inventory Options -> Inventory Collection Preferences -> Location (tab) Check the+ Populate the computer location information of a username from an LDAP lookup on inventory update+ box.

What's going on here? First our script detects the lastUser and does a recon to populate the computer record's "username" field in the location tab. Then the JSS uses that information to do an LDAP lookup and populate the rest of the location information. As long as the usernames match what the usernames are in LDAP, it'll all line up automagically.

mqh7 · ‎12-06-2012

Jared, that is cool, thanks. I do have 2 questions. One, what extension do I give the script? .sh ? Two, we have JSS 8.31 and from what I've been told on this forum we need a newer version since we do Not have the setting called "Populate the computer location information of a username from an LDAP lookup on inventory update". Does your script still work without this setting?

Jamf Nation Community

How to verify my root certificate is installed for LDAP lookup's to work