I bind all clients to the ODM in the image, and then have post imaging and building level subnet policies that will rebind the client to the specific ODR that is in that building. here is my script.
#!/bin/sh
#This script binds a 10.4.11 or 10.5 client to an LDAP (OD) server.
oldserver="odm.domain.com"
newserver="odr.domain.com"
/usr/sbin/dsconfigldap -r $oldserver
/usr/bin/dscl localhost -delete /Search CSPSearchPath /LDAPv3/$oldserver
/usr/bin/dscl localhost -delete /Contact CSPSearchPath /LDAPv3/$oldserver
sleep 10
/usr/sbin/dsconfigldap -a $newserver
/usr/bin/dscl localhost -create /Search SearchPolicy dsAttrTypeStandard:CSPSearchPath
/usr/bin/dscl localhost -merge /Search CSPSearchPath /LDAPv3/$newserver
/usr/bin/dscl localhost -create /Contact SearchPolicy dsAttrTypeStandard:CSPSearchPath
/usr/bin/dscl localhost -merge /Contact CSPSearchPath /LDAPv3/$newserver
So, effectively it removes the binding to the ODM, sleeps for 10 seconds for all connections to clear and then rebinds the client to specified ODR at the building the client is in. This helps reduce traffic for authentication over the WAN. I have it as a post image script and a policy that runs once per a computer on smart groups based on VLAN.
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
cell: 913-449-7589
office: 913-627-0351
