- Jamf Nation Community
- Products
- Jamf Pro
- LDAP Mappings - only dsAttrTypeNative?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
LDAP Mappings - only dsAttrTypeNative?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-20-2014 08:20 AM
I am working on mapping out information from AD into the LDAP server mappings in the JSS, and am wondering if only "dsAttrTypeNative" type data is able to be mapped. We have information in a dscl read of a user which is not listed as "dsAttrTypeNative:", and currently I can not map this into the LDAP server mappings. A couple such items are "EMailAddress:", "JobTitle:", etc., without being prefixed by "dsAttrTypeNative:". Any idea if this is possible and how to map these into the LDAP mappings? Any help is much appreciated. I want to avoid having to write a script to pull this information, if possible.
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-20-2014 09:12 AM
I'm not sure about all of these, but we have ours set up for email to pull from an attribute simply labeled as "mail"
If I do the following against our AD with a username-
dscl "/Active Directory/DOMAIN/All Domains" read /Users/username mailIt outputs the actual email address - something like
dsAttrTypeNative:mail: firstname.lastname@company.comTry using that to see if that maps properly in your environment. I'm not sure where the Job Title would come from since we don't currently map that.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-20-2014 09:36 AM
Hi @dgreening][/url,
You can drop the dattributesnative bit.
As an example, our mappings are included in the below post.
We map email & job title.
http://macmule.com/2014/05/04/submit-user-information-from-ad-into-the-jss-at-login-v2/
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-20-2014 11:21 AM
Ah I see. I used "Title" instead of "JobTitle" and it pulls in correctly. Thanks guys!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-20-2014 11:45 AM
Additionally, on version 9.3, when I have the JSS set to collect user information from LDAP automatically, it seems not to respect the mappings that I have made for out LDAP server in the JSS. I remember this being normal behavior in 8.73, but am not sure if this is still the case in 9.3. Looks like I am going to have to go the script route after all...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-20-2014 10:24 PM
@dgreening, mine works fine on 9.3.
What are you seeing?
I'm guessing that the LDAP tests work fine, is the user's attributes not populating?
Well you need to trigger them... How are you doing that?
Try the script in my blog post linked earlier if LDAP Mappings are testing ok.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-21-2014 05:59 AM
What I am seeing in my 9.3 environment (test) versus my 8.73 environment (production) is that my 9.3 environment is not respecting the "-ldapServerID" selection in my Recon statement. I have two LDAP (AD) servers in our JSS, and in 8.73, selecting the server at position 1 works fine, but does not work with either position 1 or 2 in 9.3. I was able to work around this by adjusting the mappings for both AD servers so that they line up, and now it works fine.
