Map Active Directory Attributes to Department or Building field in Casper?

miles
New Contributor

Is it possible to do this mapping? Then I can create smart groups based on the info in AD.

Thanks,

Matt

1 ACCEPTED SOLUTION

ernstcs
Contributor III

Assuming you're somehow setting an AD user in the Location information I believe so. You should have an LDAP Server Connection in your Settings tab on the JSS. If you edit the desired LDAP Server Connection you can go under Mappings and then set the 'Map Department to:' field to whatever the name of the 'Office' attribute name is.

At least if I'm following you correctly and I'm not over tired right now...

View solution in original post

10 REPLIES 10

jarednichols
Honored Contributor

You can, but you need to make sure the Buildings and Departments already exist. I think this is a major failing of the suite as I've got *hundreds* of departments and close to 100 buildings (sites, in my case). I'd prefer the buildings or departments be automatically created from an LDAP query. There's a feature request in for this. https://jamfnation.jamfsoftware.com/featureRequest.html?id=65

miles
New Contributor

That's not a huge problem in my environment (not as big as not having it), how to do the mapping?

Thanks,

Matt

jarednichols
Honored Contributor

Use something like Apache Directory Studio or ADSIedit (Windows) to find out what the attribute is called that you want to map Building and Department to. In most AD setups, Department is just 'department' but building could be any number of things. For instance, I map it to mail stop.

Then, Departments and Buildings in the JSS exactly as they appear in the directory.

bentoms
Release Candidate Programs Tester

This is what i came up with, http://macmule.com/2012/05/16/submit-user-information-from-ad-into-the-jss-at-login/

My current one has lots of if statements as we're not very clean.

miles
New Contributor

Thanks Guys. Let me go over the process I'm thinking of:

I work at a school. On the Students AD accounts in the Office field, I have there homeroom number, which is in this format: 01-02, 01 is the grade level and 02 is there homeroom. What I want to happen is that the office field from AD populates the Department field in Casper. Then I can use smart groups to make grade level groups and homeroom based groups for delivering policies (mostly self service)

IS this possible and if so how to configure it in Casper?

Thanks,

Matt

ernstcs
Contributor III

Assuming you're somehow setting an AD user in the Location information I believe so. You should have an LDAP Server Connection in your Settings tab on the JSS. If you edit the desired LDAP Server Connection you can go under Mappings and then set the 'Map Department to:' field to whatever the name of the 'Office' attribute name is.

At least if I'm following you correctly and I'm not over tired right now...

miles
New Contributor

I just found the settings! Thanks for replying ernstcs!

The LDAP name for office = physicalDeliveryOfficeName

Thanks,

Matt

miles
New Contributor

Looks like Room is not populating, do I have to create the entries manually for room? If so where can I do that?

Thanks,

Matt

miles
New Contributor

It's because of the way our LDAP is setup:

https://jamfnation.jamfsoftware.com/discussion.html?id=5394

JPDyson
Valued Contributor

Piggy-backing on Jared's feedback, this COULD be an incredibly useful field for me with just a little bit of work. In addition to getting the dept. even if I haven't established one that matches that value yet, I think we should be able to map values we know about to a display name, instead of taking whatever the ldap admin is using. Values for the organization field in our environment are generally ALL-CAPS and longer than necessary. I'd like to map a value for the org field to a prettier display name (not strictly aesthetic; better names = easier scripts and policies).

https://jamfnation.jamfsoftware.com/featureRequest.html?id=986