Recording LAPS for macOS password to EA

New Contributor II

I am having trouble with recording the LAPS for macOS passwords to the LAPS EA. Everything works and there is no error, yet the LAPS EA is blank every time. I can see the password if I look at log details so I know the rest of the process works pretty flawlessly. Here is the script I am using:


apiURL=$(/usr/bin/defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url | sed 's|/$||')
udid=$(/usr/sbin/system_profiler SPHardwareDataType | /usr/bin/awk '/Hardware UUID:/ { print $3 }')

LAPS_Password=$(curl -s -f -u $apiUser:$apiPass -H "Accept: application/xml" $apiURL/JSSResource/computers/udid/$udid/subset/extension_attributes | xpath -e "//extension_attribute[name=$extAttName]" 2>&1 | awk -F'<value>|</value>' '{print $2}' | tail -n +1)

echo $LAPS_Password

I hardcoded the api username and api password to the script.

Here are screenshots of the resulting log and the EA




New Contributor II

Hi @Cooley26

You need to return/echo the variable wrapped in result tags

echo "<result>$LAPS_Password</result>"

You may need/want to wrap the variable in curly-braces if spaces were present for expansion

echo "<result>${LAPS_Password}</result>"

This article can speak more to it for you...
Creating Extension Attributes Populated by a Custom Script

New Contributor II

@dkmansion THANK YOU!! I’ll try this in the morning! If it works I owe you bug time!!

New Contributor II

@dkmansion Hmmm... Still not working. Now I get this return in the logs: ad336abc97e64753b26d04d77cdd7fcd

New Contributor II

Huh. I do know that all our scripts grabbing any kind of value to insert into EAs we have the result as
echo "<result>$variable</result>"

Here's one of mine: just getting local machine /app info:


If you used the curly brace in my suggestion above, maybe remove that.

Also Ensure that the data type in the EA setting is appropriate for your use.. I hope this helps get you to a result.

New Contributor III

I've just gotten macOSLAPS running in our environment, so allow me to share my configuration if anyone's still running into issues:

Configuration Profile (note that I'm running in "Local" mode):

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">

<plist version="1.0">
















Extension Attribute (echoes password to Jamf for easy retrieval):


#Resets macOSLAPS password

/usr/local/laps/macOSLAPS -resetPassword

#Writes macOSLAPS password to file

/usr/local/laps/macOSLAPS -getPassword

#Retrieves password

password=$(sudo cat /var/root/Library/Application\ Support/macOSLAPS-password | awk '{print $0}')

#Echoes result to Jamf MDM

echo "<result>$password</result>"