Recording LAPS for macOS password to EA

Cooley26
New Contributor II

I am having trouble with recording the LAPS for macOS passwords to the LAPS EA. Everything works and there is no error, yet the LAPS EA is blank every time. I can see the password if I look at log details so I know the rest of the process works pretty flawlessly. Here is the script I am using:

!/bin/bash

apiUser=""
apiPass=""
apiURL=$(/usr/bin/defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url | sed 's|/$||')
udid=$(/usr/sbin/system_profiler SPHardwareDataType | /usr/bin/awk '/Hardware UUID:/ { print $3 }')
extAttName=""LAPS""

LAPS_Password=$(curl -s -f -u $apiUser:$apiPass -H "Accept: application/xml" $apiURL/JSSResource/computers/udid/$udid/subset/extension_attributes | xpath -e "//extension_attribute[name=$extAttName]" 2>&1 | awk -F'<value>|</value>' '{print $2}' | tail -n +1)

echo $LAPS_Password

I hardcoded the api username and api password to the script.

Here are screenshots of the resulting log and the EA

bccaa7139f3c464fa04555a5372cf285

ded13a7cb9464e5b82b3a12b21b0ded8

4 REPLIES 4

dkmansion
New Contributor II

Hi @Cooley26

You need to return/echo the variable wrapped in result tags

echo "<result>$LAPS_Password</result>"

You may need/want to wrap the variable in curly-braces if spaces were present for expansion

echo "<result>${LAPS_Password}</result>"

This article can speak more to it for you...
Creating Extension Attributes Populated by a Custom Script

Cooley26
New Contributor II

@dkmansion THANK YOU!! I’ll try this in the morning! If it works I owe you bug time!!

Cooley26
New Contributor II

@dkmansion Hmmm... Still not working. Now I get this return in the logs: ad336abc97e64753b26d04d77cdd7fcd

dkmansion
New Contributor II

Huh. I do know that all our scripts grabbing any kind of value to insert into EAs we have the result as
echo "<result>$variable</result>"

Here's one of mine: just getting local machine /app info:

6e4873c8a147464bbdc35d998c1350c5

If you used the curly brace in my suggestion above, maybe remove that.

Also Ensure that the data type in the EA setting is appropriate for your use.. I hope this helps get you to a result.