Skip to main content
Question

Interesting issue with auto populating fields from LDAP


Forum|alt.badge.img+6

So I have this weird issue going on. I just implemented MacMule's script below to grab LDAP user info and import it in JSS. The script is running via a policy at Login/Logout, Ongoing. When a user signs into a device I want to see their User ID, Real Name, and email address. It seemed to be working at first but now when I log into one of the laptops it updates the email address and real name of every other device being managed. Only the username sticks. Not sure how to troubleshoot this.

#!/bin/sh
####################################################################################################
#
# More information: http://macmule.com/2014/05/04/submit-user-information-from-ad-into-the-jss-at-login-v2/
#
# GitRepo: https://github.com/macmule/SubmitUsernameAtReconForLDAPLookup
#
# License: http://macmule.com/license/
#
####################################################################################################

# Get the logged in users username
loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`

echo "Running recon for $loggedInUser `date`..."

# Run recon, submitting the users username which as of 8.61+ can then perform an LDAP lookup
sudo jamf recon -endUsername "$loggedInUser"

echo "Finished running recon for $loggedInUser `date`..."

2 replies

Forum|alt.badge.img+11
  • Valued Contributor
  • 165 replies
  • June 26, 2017

I'd start by trying to figure out what isn't working. First see if the loggedInUser variable is returning the correct result by going into terminal and running

loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`

And then run $loggedInUser to see if it returns the correct name.

And you can also test the process by taking that variable out of the equation. Sign into a Mac, then just run the last line of that script in Terminal, and slug in the actual username.

sudo jamf recon -endUsername "actualUsername"

And finally, what I understand to be that actual, Apple-approved way of getting the logged in user's username is this:

loggedInUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");'`

So you could exchange what you have in your script for the loggedInUser variable for this one, and see if that works any better.


Forum|alt.badge.img+6
  • Author
  • Contributor
  • 13 replies
  • June 29, 2017

Ok, so digging further I think I might have figured it out. I implemented the Apple approved way you mentioned. One common denominator is I've been logging into different devices with the same student account as a test. When I change the login on one device it affects all of the devices that user is logged into. I believe this part of the script is the culprit then:

sudo jamf recon -endUsername "$loggedInUser"

Jamf is running a recon on the last logged in username, if I've logged into 20+ computers it's going to update the login info for all those computers. Is that correct?

How would I limit it to just the one computer?


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings