Posted on 09-29-2011 04:18 AM
Hello everyone, I have the AD/LDAP "Server Connection" enabled and working within my 8.1 JSS and I am now trying to find the best way to automagically populate the "Location" fields ("Real Name", "Email Address"...)
I found this old thread
http://list.jamfsoftware.com/pipermail/casper/2010-August/007520.html
and tried the script "Submit User Info.sh -- Submits dscl info for the local user to the jss" but I get an error when running the script as a network user.
com.jamfsoftware.task.EVERY15[26177] Script Result: <dscl_cmd> DS Error: -14136 (eDSRecordNotFound)
Since the script is not provided within the Resource Kit anymore (at least I could not find it), I had to copy from the message and clean it up from quotes, maybe I left some unwanted character.
I was wondering if I have to blame the script or my setup, where the Department and Building info is already provided by the Network Segment defaults, although they are not available within LDAP records and therefore should not conflict.
Any idea/direction/working script would be greatly appreciated!
Thank you all.
Cheers
Carlo
Posted on 09-29-2011 05:48 AM
try this version.. works for me (but you may need to customise what dscl fields it uses to populate the data)..
It's my sept 2011 version... i've not posted it on my blog yet :)
#!/bin/sh
loggedInUser=/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'
accountType=dscl . -read /Users/$loggedInUser | ?grep UniqueID | cut -c 11-
if (( "$accountType" > 1000 )); then
userRealname=dscl . -read /Users/$loggedInUser | awk '/^dsAttrTypeNative:original_realname:/,/^dsAttrTypeNative:original_shell:/' | head -2 | tail -1 |cut -c 2-
userEmail=dscl . -read /Users/$loggedInUser | grep EMailAddress: | cut -c 15-
userPosition=dscl . -read /Users/$loggedInUser | grep JobTitle: | cut -c 11-
if [[ -z $userPosition ]]; then
userPosition=dscl . -read /Users/$loggedInUser | awk '/^JobTitle:/,/^JPEGPhoto:/' | head -2 | tail -1 | cut -c 2-
fi
userPhone=dscl . -read /Users/$loggedInUser | grep -A 1 PhoneNumber: | tail -1 | cut -c 2-
userDepartment=dscl . -read /Users/$loggedInUser | grep "Company:" | cut -c 10-
if [[ -z $userDepartment ]]; then
userDepartment=dscl . -read /Users/$loggedInUser | awk '/^Company:/,/^CopyTimestamp:/' | head -2 | tail -1 | cut -c 2-
fi
if [[ $userDepartment == *entland* ]]; then
userDepartment=dscl . -read /Users/$loggedInUser | grep "Department:" | cut -c 12-
if [[ -z $userDepartment ]]; then
userDepartment=dscl . -read /Users/$loggedInUser | awk '/^Department:/,/^EMailAddress:/' | head -2 | tail -1 | cut -c 2-
fi
fi
echo "Submitting information for network account $loggedInUser..."
jamf recon -endUsername "$loggedInUser" -realname "$userRealname" -email "$userEmail" -position "$userPosition" -phone "$userPhone" -department "$userDepartment"
else
echo "Submitting information for local account $loggedInUser..."
userPosition="Local Account"
jamf recon -endUsername "$loggedInUser" -position "$userPosition"
fi
Posted on 09-29-2011 06:03 AM
I not sure I have a copy of this script, but I imagine it isn't in the resource kit as it may not be required anymore.
The link you provided was an issue when you tried a search on a username, whilst other boxes were populated with details, and it would fail. This isn't the case anymore. The Username field is the only one now considered when doing a LDAP search, at which point all fields populate/correct themselves if there are AD records to match.
I've even mapped some of the records, so I get Department instead of Room, for example.
However, what I keep forgetting to check, is to see if a change in AD results in an automatic change in the JSS. So if someone was to move department, does the JSS update itself and if so, how often does it check and do the update.
We generally have a machine tagged to a user, so fortunately I don't have to go through the hassle of updating user-to-machine.
Sean
Posted on 09-29-2011 06:04 AM
I not sure I have a copy of this script, but I imagine it isn't in the resource kit as it may not be required anymore.
The link you provided was an issue when you tried a search on a username, whilst other boxes were populated with details, and it would fail. This isn't the case anymore. The Username field is the only one now considered when doing a LDAP search, at which point all fields populate/correct themselves if there are AD records to match.
I've even mapped some of the records, so I get Department instead of Room, for example.
However, what I keep forgetting to check, is to see if a change in AD results in an automatic change in the JSS. So if someone was to move department, does the JSS update itself and if so, how often does it check and do the update.
We generally have a machine tagged to a user, so fortunately I don't have to go through the hassle of updating user-to-machine.
Sean