Posted on 11-20-2010 08:56 AM
Greetings,
I've gone through the jamf help un-man page and wasn't able to find anything that would make the JSS do an LDAP lookup against our directory server on the fly. I basically want to script a change when a user logs in, to take the username of the currently logged in user, upload that to the JSS via the jamf recon command line, and one way or another perform an LDAP lookup on that username. This doesn't seem possible given the commands I've found but I'm wondering if there's another way this can be done.
Regards,
-Sean Hansell
Posted on 11-20-2010 10:31 AM
Since you're performing this at login (by user 'nobody'), you should
be able to identify the current user by listing the last person who
logged in and was allocated a console:
last | grep -m1 console | awk '{ print $1 }'
Then you can perform a lookup with ldapsearch. The arguments of this
command vary greatly depending on directory server configuration, but
the whole thing will look something like this:
lastuser=last | grep -m1 console | awk '{print $1}'
; ldapsearch -x
-LLL -h ldap.ad.yourorg.com -b "dc=AD,dc=YOURORG,dc=COM"
"cn=${lastuser}"
Brandt
--
J. Brandt Buckley
Systems Architect
IGPP
brandt at ucsd.edu http://igpp.ucsd.edu
P: +1 858 534 8145 F: +1 858 822 1418
Institute of Geophysics and Planetary Physics
Scripps Institution of Oceanography
University of California, San Diego
8785 Biological Grade, Suite 4112
La Jolla, Ca. 92037-0225
Posted on 11-22-2010 06:42 AM
There are a few ways you can detect the currently logged in user. My personal favorite is detecting who the current owner of /dev/console is. Also whenever Casper runs a log in policy the $3 variable will return the current user. If you use the built in apple tools to do login hooks $1 will return the current logged in user. An example of what I use to grab the current user in scripts is as follows:
CurrentUser=/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'
Posted on 11-22-2010 06:44 AM
I thought this was all tried several times over the last year (myself
attempting as well), and there was a bug or something that was blocking
the live ldap from working.
John Wojda
Lead System Engineer, DEI
3333 Beverly Rd. B2-338B
Hoffman Estates, IL 60179
Phone: (847)286-7855
Page: (224)532.3447
Team Lead: Matt Beiriger
<mailto:mbeirig at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>
Posted on 11-22-2010 06:50 AM
Yea, I know how to find the currently logged in user. My problem is finding the equivalent in the command line of pushing the "Check Name" button in the JSS and doing it via policy.
Regards,
-Sean Hansell
Posted on 11-22-2010 06:55 AM
Well you can use that in combination with recon to add the user to the asset in the JSS and I do believe you can use it to look it up and add the user but it requires a bit more configuration work. I know in the past working with Jamf on this it was an option they gave me but I never explored due to us having our own independent inventory system tied into our enrollment system. I would contact Jamf Support and see if they cannot help you with this one.
Posted on 11-22-2010 09:57 AM
That's a very clever method. It returns 'root' when run at login, though.
Brandt
Posted on 11-22-2010 10:01 AM
What what inventory fields are you looking to populate based on LDAP
attributes? (or am I misunderstanding what you're trying to
accomplish)
Brandt
Posted on 11-22-2010 10:22 AM
Yup at the loginwindow root owns the console, so a simple test of who owns console will stop the script from running
if [[ $CurrentUser = root ]] then exit 1 else "computer is not at login window, proceeding..." fi
However, if you have it run as a log in policy, it will always run when a user logs in. All scripts run as root from Casper and from log in/out hooks using the Apple tools as well. Now, if you design your OS image in a certain manner (like all non admin home folders live in /Users) you can always loop through /Users to execute policy.
exmaple
for i in `/bin/ls /Users | /usr/bin/grep -v "Shared"` ; do
some Unix commands /Users/$i/some/path