Jamf Nation Community

acdesigntech · ‎07-22-2013

Basically I'm running an ldapsearch command to grab the AD info for a computer record. I want to then grab the dn: line so I can feed this to ldapdelete to remove the Macs AD entry before trying to reimage it. I want to capture this entire line into a variable - dn:

CN=faimd-a01392,OU=Macintosh,OU=Computers,OU=plantname,OU=Plants,DC=domain,D
 C=company,DC=com

but piping it to 'grep dn:' gives me this:

dn: CN=faimd-a01392,OU=Macintosh,OU=Computers,OU=plantname,OU=Plants,DC=domain,D.

How can I get it all on one line?

mm2270 · ‎07-22-2013

Not certain, but maybe grep -A1?

grep -A1 "dn:"

That would actually give you both lines though, on separate lines, so you'd need to then re-jpin them into one line. You can probably remove line break with tr.
But the bigger possible issue is, will the result always be on two lines, or only sometimes? If the former, you may be OK with a simple solution like that. If this only happens for some results, you could run into problems, since the grep -A1 would grab the next line regardless of whether its related and try to lump it in with the previous line, giving you a bad result.

I'm guessing this isn't one of those items in the record that can be called directly, as in dsAttrTypeNative:distinguishedName, or something like that?

I suspect there's a better solution using an awk command, but it escapes me at the moment. :/

nessts · ‎07-22-2013

if the goal is to remove the computer from AD why not run
sudo dsconfigad -r -u ACCT -p PASS

jstrauss · ‎07-22-2013

Try

awk '/dn:/{_=2}_&&_--' | awk '(NR % 2 == 0) {print p, $0} {p = $0}'

But then, @nessts posted a much simpler solution.

acdesigntech · ‎07-22-2013

@nessts: The script is being run from a netbooted image, so not the boot drive and not bound to the AD. Would this still work?

@mm2270: I can't say the output will ALWAYS be on two lines. We have different length OUs that may or may not output on two lines. I don't think I can rely on the data always spanning two lines. I can't do dscl lookups since it's on an unbound Mac, so I don't think there's a way to get dsAttrTypeNative:distinguishedName.

@jstrauss: that worked, but it now puts a space between D and C where the line break used to be. I'll play around with the commands to see what I can come up with, but yeah if there's a way to say I don't care where in AD it is, just delete it, I'm all for that.

Thanks for all the help so far!

nessts · ‎07-22-2013

no it wont work if its not the right system booted, why worry about removing the computer account? when you bind it will over-write the existing account.

acdesigntech · ‎07-23-2013

Not in this case. Every new image generates a new computer name. The binding script assumes yes, we want to use the existing account, and then the reimaged Mac binds with its old name. So now we have one name in Casper, and a different name in AD. It's a mess.

Currently I'm having the reimage script check AD with ldapsearch and just stop if it finds an entry in AD and alerts the tech to go remove it, but I wanted to automate that process if at all possible.

Part of the automation would be grabbing the dn: for the computer so I can feed that to ldapdelete, since while I know the 8 OUs that a Mac could be in, I'd like to make the script foolproof if possible since there's not much stopping a tech from inadvertently moving one of the Macs in AD.

Iranoma · ‎03-22-2024

Quhud.com
viapai.com

helyilakos.xyz
helyibudapest.com

Jamf Nation Community

OT - frustrating, but how do I grep an entry that spans two line?