Help

Interesting issue with auto populating fields from LDAP

jrauch
New Contributor III

Posted on β€Ž06-26-2017 10:18 AM

So I have this weird issue going on. I just implemented MacMule's script below to grab LDAP user info and import it in JSS. The script is running via a policy at Login/Logout, Ongoing. When a user signs into a device I want to see their User ID, Real Name, and email address. It seemed to be working at first but now when I log into one of the laptops it updates the email address and real name of every other device being managed. Only the username sticks. Not sure how to troubleshoot this.

#!/bin/sh
####################################################################################################
#
# More information: http://macmule.com/2014/05/04/submit-user-information-from-ad-into-the-jss-at-login-v2/
#
# GitRepo: https://github.com/macmule/SubmitUsernameAtReconForLDAPLookup
#
# License: http://macmule.com/license/
#
####################################################################################################

# Get the logged in users username
loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`

echo "Running recon for $loggedInUser `date`..."

# Run recon, submitting the users username which as of 8.61+ can then perform an LDAP lookup
sudo jamf recon -endUsername "$loggedInUser"

echo "Finished running recon for $loggedInUser `date`..."
0 Kudos
2 REPLIES 2

znilsson
Contributor II

Posted on β€Ž06-26-2017 12:09 PM

I'd start by trying to figure out what isn't working. First see if the loggedInUser variable is returning the correct result by going into terminal and running 

loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`

And then run $loggedInUser to see if it returns the correct name.

And you can also test the process by taking that variable out of the equation. Sign into a Mac, then just run the last line of that script in Terminal, and slug in the actual username. 

sudo jamf recon -endUsername "actualUsername"

And finally, what I understand to be that actual, Apple-approved way of getting the logged in user's username is this:

loggedInUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");'`

So you could exchange what you have in your script for the loggedInUser variable for this one, and see if that works any better.

0 Kudos

jrauch
New Contributor III

Posted on β€Ž06-29-2017 06:59 AM

Ok, so digging further I think I might have figured it out. I implemented the Apple approved way you mentioned. One common denominator is I've been logging into different devices with the same student account as a test. When I change the login on one device it affects all of the devices that user is logged into. I believe this part of the script is the culprit then: 

sudo jamf recon -endUsername "$loggedInUser"

Jamf is running a recon on the last logged in username, if I've logged into 20+ computers it's going to update the login info for all those computers. Is that correct?

How would I limit it to just the one computer?

0 Kudos
Jamf helps organizations succeed with Apple. By enabling IT to empower end users, we bring the legendary Apple experience to businesses, education and government organizations. Learn about Jamf.