- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-19-2015 07:50 AM
So I'm trying to find a way to get users to put in their information (Name, Department, Title) during enrollment so that the machine becomes associated to them. We don't run ldap here so I'll be providing either an email invitation or directing them to our enrollment page and giving them an enroll user to use. I want to have policies based on department but would have to go in manually after getting the user enrolled to set this up.
My first thought was to have some sort of script run after enrollment to request this information in cocoa dialog and then use apis to update the info per machine but I'm not very advanced in script writing...
Does anyone have any thoughts about this?
Another oddity I'm experiencing is not even being able to select a user that exists in "Users" in my JSS when enrolling. My second plan was just to use an api to input an XML for all users which would then allow them to select themselves on the "Assign to User" page of the enrollment process... but I type in my name (which I know exists in Users in my JSS) and hit the search button and nothing happens, I can't continue to the download page for the quickadd either until I clear the field. Thoughts?
Solved! Go to Solution.
- Labels:
-
API
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-19-2015 11:39 AM
You would need to use the API for that. Here's what I use. It's meant to be run in a postinstall script in a package. I had to strip out other parts because it's part of a bigger script so I recommend testing it.
The script gets you the information via the API and places it in a text and XML file.
#!/bin/bash
#Working directory for script to reference resources
declare -x install_dir=`dirname $0`
#Enter in the URL of the JSS we are are pulling and pushing the data to. (NOTE: We will need the https:// and :8443. EX:https://jss.company.com:8443 )
jssURL="https://jss.company.com:8443"
#Enter in a username and password that has the correct permissions to the JSS API for what data we need
jssUser="username"
jssPass="password"
#Get list of departments from JSS
/usr/bin/curl -k -v -u "$jssUser":"$jssPass" "$jssURL"/JSSResource/departments -X GET -o "$DeptXML"
#Default file path we will use to place XML file for JSS API submission
#Feel free to edit these to the location of your choice
declare -x DeptTxtFile="$3/Library/Management/Firstboot/dept.txt"
#Name for XML files pulled from JSS
declare -x DeptXML="$install_dir/departments.xml"
#Create directory for firstboot upload
#Feel free to edit these to the location of your choice
/bin/mkdir -p "$3/Library/Management/Firstboot/"
function Dept(){
tmpDeptFile="$install_dir/DeptList.txt"
Dept=$(xpath "$DeptXML" '/departments/department/name' 2>&1| sed 's/-- NODE --//g' | sed 's/<name>//g' | sed 's/</name>//g' | sed 's/Found.*nodes://g')
IFS=$'
'
for i in $Dept; do
DeptsArray+=($i)
/bin/echo $i >> "$tmpDeptFile"
/bin/chmod 777 "$tmpDeptFile"
done
department=`/usr/bin/osascript <<EOT
tell application "System Events"
with timeout of 43200 seconds
activate
-- Create an empty list called DepartmentsList
set DepartmentsList to {}
-- Populate list with contents read from a file
set DepartmentsFile to paragraphs of (read POSIX file "$tmpDeptFile")
-- Iterate through each line in file to add to DepartmentsList
repeat with i in DepartmentsFile
if length of i is greater than 0 then
copy i to the end of DepartmentsList
end if
end repeat
-- For testing to make sure the right number of items are counted in the list
-- display dialog count of DepartmentsList
choose from list DepartmentsList with title "Department List" with prompt "Please select a department to associate to computer:"
end timeout
end tell
EOT`
/bin/echo "$department"
}
if [ -f "$tmpDeptFile" ]; then
rm -f "$tmpDeptFile"
fi
/usr/local/bin/jamf recon -department "$DeptTxtFile"
Like I said you may want to test this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-19-2015 11:48 AM
If you want to pull DEPTs from your JSS, then you do need an API call as @bpavlov says. Be careful with the name and password in there as your users will be able to see that code and use that name/password for evil.
Another option is to create an Applescript Xcode app instead of basic applescript which lists the same departments as your JSS. Benefit: easier to write for non-scripter. Downside: update a Dept in JSS, you'll need to rebuild the app. I posted a little page recently on how to create a simple xcode app. http://tmhoule.blogspot.com/2015/10/empower-your-users-with-simple-xcode.html
EDIT: You could put the deptartments right in the Applescript, but you'll need to edit this script if/when you change your departments.
#!/bin/sh userDept=$(osascript -e 'tell application "SystemUIServer" set myDeptList to {"one","two","three","four","five","six","seven"} set myDept to (choose from list myDeptList) end tell') /usr/local/bin/jamf recon -department $userDept
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-19-2015 07:56 AM
I believe you have to type the username.
I would use a combination of Apple Script dialogs and the jamf recon command to add the appropriate information. Do "sudo jamf help recon" so you can see the flags:
Usage: jamf recon
-saveFormTo Saves the contents of the HTTP form to a file
The following options allow you to specify inventory information for the computer:
-assetTag The asset tag of the computer
-endUsername The user name of the primary user
-realname The real name of the primary user
-email The email address of the primary user
-position The position (job title) of the primary user
-building The text representation of a building in the jSS
-department The text representation of a department in the JSS
-phone The phone number of the primary user
-room The room that the computer is in
-ldapServerID The JSS ID of the LDAP server to which the primary user belongs
-userID The user ID of the primary user's account in the LDAP server.
The following options allow you to update the computer's management account information in the JSS:
-sshUsername A username that is used to connect to the computer over SSH.
-sshPassword A password that is used to connect to the computer over SSH.
-sshPasshash A hashed copy of a password that is used to connect to the computer over SSH
EDIT: To clarify, create a package with a postinstall script that uses the AppleScript dialogs and the jamf recon command accordingly. Alternatively, you could also have a script by itself. Have that package (or script) run on enrollment via policy using the "enrollment complete" trigger.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-19-2015 08:15 AM
Agreed, you can set department and etc with the Recon command, don't have to touch the API.
While I don't ask the user for their username, I do use cocoaDialog to set department in my enrollment script, triggered by "On Enrollment". You can check it out on my GitHub.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-19-2015 08:19 AM
Here's an example using basic shell and applescript
#!/bin/sh userDept=$(osascript -e 'tell application "SystemUIServer" set myDept to text returned of (display dialog "What is your dept?" default answer "") end tell') /usr/local/bin/jamf recon -department $userDept
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-19-2015 11:05 AM
Wow that's a lot easier, no way to reference the Departments currently in my JSS though?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-19-2015 11:39 AM
You would need to use the API for that. Here's what I use. It's meant to be run in a postinstall script in a package. I had to strip out other parts because it's part of a bigger script so I recommend testing it.
The script gets you the information via the API and places it in a text and XML file.
#!/bin/bash
#Working directory for script to reference resources
declare -x install_dir=`dirname $0`
#Enter in the URL of the JSS we are are pulling and pushing the data to. (NOTE: We will need the https:// and :8443. EX:https://jss.company.com:8443 )
jssURL="https://jss.company.com:8443"
#Enter in a username and password that has the correct permissions to the JSS API for what data we need
jssUser="username"
jssPass="password"
#Get list of departments from JSS
/usr/bin/curl -k -v -u "$jssUser":"$jssPass" "$jssURL"/JSSResource/departments -X GET -o "$DeptXML"
#Default file path we will use to place XML file for JSS API submission
#Feel free to edit these to the location of your choice
declare -x DeptTxtFile="$3/Library/Management/Firstboot/dept.txt"
#Name for XML files pulled from JSS
declare -x DeptXML="$install_dir/departments.xml"
#Create directory for firstboot upload
#Feel free to edit these to the location of your choice
/bin/mkdir -p "$3/Library/Management/Firstboot/"
function Dept(){
tmpDeptFile="$install_dir/DeptList.txt"
Dept=$(xpath "$DeptXML" '/departments/department/name' 2>&1| sed 's/-- NODE --//g' | sed 's/<name>//g' | sed 's/</name>//g' | sed 's/Found.*nodes://g')
IFS=$'
'
for i in $Dept; do
DeptsArray+=($i)
/bin/echo $i >> "$tmpDeptFile"
/bin/chmod 777 "$tmpDeptFile"
done
department=`/usr/bin/osascript <<EOT
tell application "System Events"
with timeout of 43200 seconds
activate
-- Create an empty list called DepartmentsList
set DepartmentsList to {}
-- Populate list with contents read from a file
set DepartmentsFile to paragraphs of (read POSIX file "$tmpDeptFile")
-- Iterate through each line in file to add to DepartmentsList
repeat with i in DepartmentsFile
if length of i is greater than 0 then
copy i to the end of DepartmentsList
end if
end repeat
-- For testing to make sure the right number of items are counted in the list
-- display dialog count of DepartmentsList
choose from list DepartmentsList with title "Department List" with prompt "Please select a department to associate to computer:"
end timeout
end tell
EOT`
/bin/echo "$department"
}
if [ -f "$tmpDeptFile" ]; then
rm -f "$tmpDeptFile"
fi
/usr/local/bin/jamf recon -department "$DeptTxtFile"
Like I said you may want to test this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-19-2015 11:48 AM
If you want to pull DEPTs from your JSS, then you do need an API call as @bpavlov says. Be careful with the name and password in there as your users will be able to see that code and use that name/password for evil.
Another option is to create an Applescript Xcode app instead of basic applescript which lists the same departments as your JSS. Benefit: easier to write for non-scripter. Downside: update a Dept in JSS, you'll need to rebuild the app. I posted a little page recently on how to create a simple xcode app. http://tmhoule.blogspot.com/2015/10/empower-your-users-with-simple-xcode.html
EDIT: You could put the deptartments right in the Applescript, but you'll need to edit this script if/when you change your departments.
#!/bin/sh userDept=$(osascript -e 'tell application "SystemUIServer" set myDeptList to {"one","two","three","four","five","six","seven"} set myDept to (choose from list myDeptList) end tell') /usr/local/bin/jamf recon -department $userDept
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-19-2015 01:16 PM
Appreciate the help everyone! I'll have to give these a go, definitely want to steer clear of having the username and password in plain text...
Cheers!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-20-2015 02:43 PM
Hi guys -
I posted this a few weeks ago on Linkedin but I think it's worth a look in this case. Here's how JAMF IT handles deploying scripts that have security-sensitive parameters potentially in plain text:
github.com/jamfit/Encrypted-Script-Parameters
Enjoy!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-10-2015 02:03 AM
This is interesting stuff. I would like the same mechanism implemented in our environment so users can select their Site, department and room during enrolment.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-25-2016 02:00 AM
Hi Guys
i know this is an old discussion and i am bit new to casper. Just one question to "thoule" the script you provided works fine but if there is a space in between a department name e.g press office, JSS will not update the assets department accordingly. Any reason why? thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-25-2016 06:31 AM
You would need to quote it so it is seen as a single parameter.
/usr/local/bin/jamf recon -department "$userDept"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-25-2016 06:46 AM
Thank you...!!! that worked.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-20-2018 06:00 PM
@bpavlov weird I just get connection errors
connect to 34.196.76.108 port 8443 failed: Operation timed out