LDAP Lookup not finding Department. AD 2003R2 & JSS 9.21

tnielsen
Valued Contributor

So, the title says it all. My LDAP look-ups will not return the department property of the user. I have confirmed that "department" is the correct variable to be using. All other information is being returned correctly. Here are the LDAP settings for user look-ups.

Object Class(es) Object class(es) to limit results to. Each object class must be separated by a comma:
organizationalPerson, user

Search Base Distinguished name of the search base
DC=ck,DC=c-k,DC=com

Search Scope:
All subtrees

Attribute Mappings LDAP attribute mappings for JSS attributes
User ID:
uSNCreated

Username:
sAMAccountName

Real Name:
displayName

Email Address:
mail

Department:
department

Building:
physicalDeliveryOfficeName

Room:
streetAddress

Phone:
telephoneNumber

Position:
title

I have confirmed that the data in the department attribute is populated for the user look-ups I am performing. I tried putting any variable into the department field and no matter what variable I put in there, even a working "title"... it will not populate department. For this reason it leads me to believe that it's a problem with the JSS and not my AD services.

UPDATE:
I took the "streetAddress" variable, which is working, and placed it into the department field just to see if it would show something. It did NOT work. This is really looking like a coding issue to me unless I'm missing something. Please advise! <3

6 REPLIES 6

calum_carey
Contributor

are you mapping the AD attribute to the department field correctly?
Can you use DSCL to read the AD department attribute?

tnielsen
Valued Contributor

I don't know the syntax to lookup a department of a user on the LDAP using DSCL.

I am fairly certain that typing in "department" into the "Department" field in the JSS LDAP Server config is the only way to do this.

calum_carey
Contributor

Yes. But you need to verify that the department attribute contains the correct data, and is in a format the JSS can understand. If you are not familiar enough with using DSCL.
then try using apache directory studio to connect to your AD and then find your user account and find that department attribute and see what data if any is in there.

tnielsen
Valued Contributor

I did that using Softterra LDAP Admin 2013 and it does contain the data I want. For instance, my department is "IT". Real simple.

I don't think that's the issue but I really do appreciate you taking the time to answer.

Steven_Xu
Contributor
Contributor

this can help you to fix it.

https://jamfnation.jamfsoftware.com/article.html?id=90

abrahamT
New Contributor III

@tnielsen I believe the command you want to use to query your AD is below:

#!/bin/sh

for userName in $(dscl /"Active Directory"/COMPANYDOMAIN/ck.c-k.com -list /Users); do 
        dscl /Active Directory/COMPANYDOMAIN/ck.c-k.com -read /Users/"$userName" department | awk -F':' '{print $3}' | xargs >>  /Users/yourusername/Desktop/ad_depts.txt
    done