- Jamf Nation Community
- Products
- Jamf Pro
- Re: LDAP Lookup not finding Department. AD 2003R2...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
LDAP Lookup not finding Department. AD 2003R2 & JSS 9.21
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-18-2013 10:22 AM
So, the title says it all. My LDAP look-ups will not return the department property of the user. I have confirmed that "department" is the correct variable to be using. All other information is being returned correctly. Here are the LDAP settings for user look-ups.
Object Class(es) Object class(es) to limit results to. Each object class must be separated by a comma:
organizationalPerson, user
Search Base Distinguished name of the search base
DC=ck,DC=c-k,DC=com
Search Scope:
All subtrees
Attribute Mappings LDAP attribute mappings for JSS attributes
User ID:
uSNCreated
Username:
sAMAccountName
Real Name:
displayName
Email Address:
mail
Department:
department
Building:
physicalDeliveryOfficeName
Room:
streetAddress
Phone:
telephoneNumber
Position:
title
I have confirmed that the data in the department attribute is populated for the user look-ups I am performing. I tried putting any variable into the department field and no matter what variable I put in there, even a working "title"... it will not populate department. For this reason it leads me to believe that it's a problem with the JSS and not my AD services.
UPDATE:
I took the "streetAddress" variable, which is working, and placed it into the department field just to see if it would show something. It did NOT work. This is really looking like a coding issue to me unless I'm missing something. Please advise! <3
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-18-2013 01:33 PM
are you mapping the AD attribute to the department field correctly?
Can you use DSCL to read the AD department attribute?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-18-2013 03:04 PM
I don't know the syntax to lookup a department of a user on the LDAP using DSCL.
I am fairly certain that typing in "department" into the "Department" field in the JSS LDAP Server config is the only way to do this.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-18-2013 03:10 PM
Yes. But you need to verify that the department attribute contains the correct data, and is in a format the JSS can understand.
If you are not familiar enough with using DSCL.
then try using apache directory studio to connect to your AD and then find your user account and find that department attribute and see what data if any is in there.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-19-2013 06:46 AM
I did that using Softterra LDAP Admin 2013 and it does contain the data I want. For instance, my department is "IT". Real simple.
I don't think that's the issue but I really do appreciate you taking the time to answer.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-12-2014 02:21 AM
this can help you to fix it.
https://jamfnation.jamfsoftware.com/article.html?id=90
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-20-2016 09:25 AM
@tnielsen I believe the command you want to use to query your AD is below:
#!/bin/sh
for userName in $(dscl /"Active Directory"/COMPANYDOMAIN/ck.c-k.com -list /Users); do
dscl /Active Directory/COMPANYDOMAIN/ck.c-k.com -read /Users/"$userName" department | awk -F':' '{print $3}' | xargs >> /Users/yourusername/Desktop/ad_depts.txt
done