Help

LDAP Attributes of Computer Objects

dagostinr
New Contributor

Posted on ‎02-15-2022 05:44 AM

Hi,

 

I know how to link user attributes to fields in Jamf but what if I want to link a computer attribute?  For example, there is a a Department attribute for computers as well as for a user.  Is it possible to pull that attribute?  I have tried under Computer Management -> Extension Attributes but this seems only to pull from the user who is assigned to this device.  Any thoughts?  Thanks

0 Kudos
3 REPLIES 3

talkingmoose
Moderator
Moderator

Posted on ‎02-15-2022 09:40 AM

What you are seeing is expected behavior. Jamf pro reads only Users and Groups from LDAP. It doesn't read device records.

If you assign the computer to an end user and that end user is a member of the Marketing department, then the Department field in the computer record will say "Marketing". For this to work, though, you must have a few things in place.

  1. The user record in LDAP must have the Department attribute set to "Marketing".
  2. You must manually add "Marketing" in Jamf Pro Departments and it must match the department name in the user's LDAP record.
  3. You need to enable Collect User and Location Information from LDAP enabled in Jamf Pro Settings > Inventory Collection.

This requires your LDAP data to be "clean and consistent". For example, "Marketing" is not the same as "Marketing Department". All end users in Marketing need to have the same name for the department. And you must have that name specified in Jamf Pro.

0 Kudos

dagostinr
New Contributor
In response to talkingmoose

Posted on ‎02-15-2022 09:43 AM

Thanks.  The problem we're running into is devices that are not assigned to specific users.  For example, desktops in classrooms, Labs, roaming carts.  We have relied on creating AD users just for these devices but I would like to have an attribute that directly correlates to the device and not the user who is mapped to the device.

0 Kudos

talkingmoose
Moderator
Moderator
In response to dagostinr

Posted on ‎02-15-2022 09:48 AM

I understand. But Jamf Pro will only look up User and Group information.

You can manually set the Department for these devices one-by-one or en masse using The MUT or a script.

Or you can take advantage of Settings > Inventory Preload to assign departments to specific devices. These assignments will be permanent until you remove the data from Inventory Preload.

LDAP lookups won't be a good option for you.