Posted on 10-11-2017 07:36 AM
OK, guys, here's what I'm trying to do; if the method is obvious to anyone I would very much appreciate some pointers.
I am trying to migrate a whole bunch of Mac users from being standalone, unconstrained computers, into the Navy's DP architecture. In order to do this, I need to migrate authentication to the Active Directory database. In order to easily preserve the user's files, I'd like to move their current home directory so that its name matches their AD username so that when they log in with their CAC for the first time, that directory will be "adopted" and their files will be there and accessible.
The problem is that their current Mac username and their AD username are almost certainly not the same, and the only way that I can make certain that the username is right is to do an LDAP lookup with the EDIPI number from their CAC and retrieve the AD username while I'm doing the transition, within the context of a shell script.
Apparently the EDIPI is stored as "doduid," and the username as "uid."
Can anyone point me at a good example?
Posted on 10-11-2017 07:49 AM
oof. That sounds tricky.
One question - how are you binding to AD/authenticating with CAC? Using native tools? AdmitMac? Centrify?
Posted on 10-11-2017 09:07 AM
With Centrify. And I found the answer to my own question. The terminal command:
dscl /CentrifyDC/Default -search Users dsAttrTypeNative:userPrincipalName 9999999999@mil
will return the 'userPrincipalName,' which is the AD username, for EDIPI 9999999999. The username is the first string returned; trimming the excess output is left as an exercise for the user. :)
Posted on 10-11-2017 09:21 AM
Nice! A whole lot simpler than I was expecting.