Scripting Plist files on Catalina

PaulHazelden
Valued Contributor

Hi

I am looking at using Kanaka for authentication with Catalina. I have the New version of Kanaka, and it works.
My problem now is being able to push it out to all of our Macs. I can install it no problem, I think I can get my server list out to the Macs and use them. However I have hit a snag when it comes to the last step in the process...
The instructions say to open Directory Utility, and then unlock and in Search Policy, set custom and add /Kanaka/Auth.
I have tried to script a replacement of the Plist, but Catalina isn't having any of that. It used to work in older OSX versions.
I am left with scripting the change with "Defaults" "PlistBuddy" or "plutil".
Any assistance with scripting the change will be greatly appreciated.

The un messed with plist from /Library/Preferences/OpenDirectory/Configurations/Search.plist

{
    comment = "Default search policy";
    mappings =     {
    };
    modules =     {
        session =         (
                        {
                module = search;
                options =                 {
                    "dsAttrTypeStandard:CSPSearchPath" =                     (
                        "/Local/Default"
                    );
                    "dsAttrTypeStandard:LSPSearchPath" =                     (
                        "/Local/Default"
                    );
                    "dsAttrTypeStandard:NSPSearchPath" =                     (
                        "/Local/Default"
                    );
                    "dsAttrTypeStandard:SearchPolicy" = "dsAttrTypeStandard:NSPSearchPath";
                    "notify_of_changes" = 1;
                    requiredNodes =                     (
                        "/Local/Default"
                    );
                };
                uuid = "A840FC81-A6CD-4665-899E-F8B52B1C6EC4";
            }
        );
    };
    "node name" = "/Search";
}

And what I want it to end up as is...

{
    comment = "Default search policy";
    mappings =     {
    };
    modules =     {
        session =         (
                        {
                module = search;
                options =                 {
                    "dsAttrTypeStandard:CSPSearchPath" =                     (
                        "/Local/Default",
                        "/Kanaka/Auth"
                    );
                    "dsAttrTypeStandard:LSPSearchPath" =                     (
                        "/Local/Default"
                    );
                    "dsAttrTypeStandard:NSPSearchPath" =                     (
                        "/Local/Default"
                    );
                    "dsAttrTypeStandard:SearchPolicy" = "dsAttrTypeStandard:CSPSearchPath";
                    "notify_of_changes" = 1;
                    requiredNodes =                     (
                        "/Local/Default"
                    );
                };
                uuid = "A840FC81-A6CD-4665-899E-F8B52B1C6EC4";
            }
        );
    };
    "node name" = "/Search";
}

The only change there is the extra item in the array "dsAttrTypeStandard:CSPSearchPath" /Kanaka/Auth

How would I add to an existing Bash script to make the addition to the array? I have done a lot of scripting, but adding to an array nested like this is not something I have done before.
Will Catalina actually let me script an addition to this plist?

Any help will be greatly appreciated.

1 ACCEPTED SOLUTION

dsavageED
Contributor III

Instead of trying to directly edit the plist, why not try a dscl command (we used to do this for AD a number of years ago), something like:

dscl /Search -append / CSPSearchPath "/Kanaka/Auth"
dscl /Search -create / SearchPolicy dsAttrTypeStandard:CSPSearchPath

#Adds the Dir services to the search path allowing for the odd hickup
tries=0
while dscl /Search -create / SearchPolicy CSPSearchPath | grep -q 'Data source (/Search) is not valid.' 
    && [ ${tries} -lt 5 ]
do
    tries=$((${tries}+1))
    sleep $((${tries}*5))
done
tries=0
while dscl /Search -append / CSPSearchPath "/Kanaka/Auth" | grep -q 'Data source (/Search) is not valid.' 
    && [ ${tries} -lt 5 ]
do
    tries=$((${tries}+1))
    sleep $((${tries}*5))
done

View solution in original post

3 REPLIES 3

PaulHazelden
Valued Contributor

Ok to answer my own question....
I have worked out how to script the change of data in the plist. BUT you can't change that plist with a script. Logged in as root you cant delete it and put in a new version. I guess it isn't a good plist to delete, but I tried. I also have been using MDS to image Macs, and I tried building a pkg that would replace that plist whilst booted into a memory stick. That too has failed.
Unless the guys from Twocanoes MDS or Kanaka can come up with a working method, then I think scripting this will be dead in the water.

dsavageED
Contributor III

Instead of trying to directly edit the plist, why not try a dscl command (we used to do this for AD a number of years ago), something like:

dscl /Search -append / CSPSearchPath "/Kanaka/Auth"
dscl /Search -create / SearchPolicy dsAttrTypeStandard:CSPSearchPath

#Adds the Dir services to the search path allowing for the odd hickup
tries=0
while dscl /Search -create / SearchPolicy CSPSearchPath | grep -q 'Data source (/Search) is not valid.' 
    && [ ${tries} -lt 5 ]
do
    tries=$((${tries}+1))
    sleep $((${tries}*5))
done
tries=0
while dscl /Search -append / CSPSearchPath "/Kanaka/Auth" | grep -q 'Data source (/Search) is not valid.' 
    && [ ${tries} -lt 5 ]
do
    tries=$((${tries}+1))
    sleep $((${tries}*5))
done

PaulHazelden
Valued Contributor

Big thanks dsavageED.
That worked a treat.