- Jamf Nation Community
- Products
- Jamf Pro
- Re: Recon -realname syntax issue (bash)
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-25-2016 07:32 AM
Hello,
I have a script which I run at first user login to the mac. It searches Active Directory and populates JSS based on the results. Everything works fine with the exception of the -realname field. I understand that when sending -realname from the command line that you need to have a after the first name and before the last name. This is due to the way Macs read whitespace. sudo jamf recon -realname Rafe Moody will populate JSS with Rafe. sudo jamf recon -realname Rafe Moody will populate Rafe Moody in JSS.
In my script I am concatenating the first name and last name variables. When I echo the result for my full name, it displays correctly Rafe Moody but when it is passed to JSS, it results in Rafe . The second variable is missing. I have tried every combination I can think of to get the information to pass. I have tried escape characters for the but haven't found the correct combination. I know my bash syntax is not great but I don't know why it is echoing correctly but not passing to JSS correctly. Below is my code. Any assistance would be appreciated. Note: the script below is adopted for local testing. I have $(whoami) replaced with $3 when running the script through Casper and I don't have the "sudo" in the production code. Also, the echo's are there for tracing/testing.
!/bin/bash
JAMFBin="/usr/local/jamf/bin/jamf"
CurrentUserName=$(whoami)
ADUserHomeCity=$(dscl /Active Directory/DOMAIN -read /Users/$CurrentUserName | awk '$1 == "City:" { print $2}')
ADUserFirstName=$(dscl /Active Directory/DOMAIN -read /Users/$CurrentUserName | awk '$1 == "FirstName:" { print $2}')
echo $ADUserFirstName
ADUserLastName=$(dscl /Active Directory/DOMAIN -read /Users/$CurrentUserName | awk '$1 == "LastName:" { print $2}')
echo $ADUserLastName
ADUserRealName="$ADUserFirstName $ADUserLastName"
echo $ADUserRealName
ADUserEMailAddress=$(dscl /Active Directory/DOMAIN -read /Users/$CurrentUserName | awk '$1 == "EMailAddress:" { print $2}')
sudo $JAMFBin recon -building $ADUserHomeCity -endUsername $CurrentUserName -email $ADUserEMailAddress -realname $ADUserRealName
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-25-2016 08:04 AM
@rafemoody Question, but, is the backslash between the first and last names required here? Is that what is being used a separator for the two words? Why not a comma, which is more standard? Our AD uses Nevermind. If its firstname lastname, why the backslash here at all?LastName, FirstName format, but there is no backslash there. We use a comma.
I think the problem is that you are creating the full name variable by surrounding the two words with double quotes, which is good, but the variable has a backslash in there, then later when doing the actual recon, that variable is not enclosed in double quotes. Backslashes have a special meaning in the shell as an escape character.
Try doing this instead:
$JAMFBin recon -building "$ADUserHomeCity" -endUsername "$CurrentUserName" -email "$ADUserEMailAddress" -realname "$ADUserRealName"Best practice is to enclose any variables in double quotes when using them, since you honestly can't be sure there isn't a space or odd character that will mess you up. Also, drop the sudo as shown above. There's no need for it if the script itself is being run as root, which it would be from a Casper Suite policy.
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-25-2016 07:38 AM
Any reason that you are not using the LDAP Mappings specified for your AD server in the JSS? You can add additional mappings (if needed) via an Extension Attribute with the "LDAP Attribute Mapping" option.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-25-2016 07:49 AM
@dgreening Our JSS is not bound to our AD because our JSS is cloud hosted and our AD is on Prem. The security team decided it is too dangerous to expose our AD to an outside source.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-25-2016 07:55 AM
Ahhhh fair enough!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-25-2016 08:04 AM
@rafemoody Question, but, is the backslash between the first and last names required here? Is that what is being used a separator for the two words? Why not a comma, which is more standard? Our AD uses Nevermind. If its firstname lastname, why the backslash here at all?LastName, FirstName format, but there is no backslash there. We use a comma.
I think the problem is that you are creating the full name variable by surrounding the two words with double quotes, which is good, but the variable has a backslash in there, then later when doing the actual recon, that variable is not enclosed in double quotes. Backslashes have a special meaning in the shell as an escape character.
Try doing this instead:
$JAMFBin recon -building "$ADUserHomeCity" -endUsername "$CurrentUserName" -email "$ADUserEMailAddress" -realname "$ADUserRealName"Best practice is to enclose any variables in double quotes when using them, since you honestly can't be sure there isn't a space or odd character that will mess you up. Also, drop the sudo as shown above. There's no need for it if the script itself is being run as root, which it would be from a Casper Suite policy.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-25-2016 08:18 AM
@mm2270 Thank you for the response. The backslash was in the variable because I was attempting to pass the information to recon exactly as I would do it by hand. When you pass it from the comand line it is done -realname first last because if you do first last JSS truncates it.
Given your information I removed the from the $ADUserRealName and instead passed -realname "$ADUserRealName". This worked great. Thank you. I will mark it solved. I also removed the sudo as it was only there for local testing.
Thank you again.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-25-2016 05:35 PM
Just a point to note, you don't even need
ADUserRealName="$ADUserFirstName $ADUserLastName"You could just run:
$JAMFBin recon -building "$ADUserHomeCity" -endUsername "$CurrentUserName" -email "$ADUserEMailAddress" -realname "$ADUserFirstName $ADUserLastName"Also, check out my post on this. It'll run more efficient. Piping into awk lots is less efficient.
