Skip to main content
Solved

Scripting Plist files on Catalina

  • December 4, 2019
  • 3 replies
  • 45 views
PaulHazelden
Forum|alt.badge.img+12

Hi

I am looking at using Kanaka for authentication with Catalina. I have the New version of Kanaka, and it works.
My problem now is being able to push it out to all of our Macs. I can install it no problem, I think I can get my server list out to the Macs and use them. However I have hit a snag when it comes to the last step in the process...
The instructions say to open Directory Utility, and then unlock and in Search Policy, set custom and add /Kanaka/Auth.
I have tried to script a replacement of the Plist, but Catalina isn't having any of that. It used to work in older OSX versions.
I am left with scripting the change with "Defaults" "PlistBuddy" or "plutil".
Any assistance with scripting the change will be greatly appreciated.

The un messed with plist from /Library/Preferences/OpenDirectory/Configurations/Search.plist

{
    comment = "Default search policy";
    mappings =     {
    };
    modules =     {
        session =         (
                        {
                module = search;
                options =                 {
                    "dsAttrTypeStandard:CSPSearchPath" =                     (
                        "/Local/Default"
                    );
                    "dsAttrTypeStandard:LSPSearchPath" =                     (
                        "/Local/Default"
                    );
                    "dsAttrTypeStandard:NSPSearchPath" =                     (
                        "/Local/Default"
                    );
                    "dsAttrTypeStandard:SearchPolicy" = "dsAttrTypeStandard:NSPSearchPath";
                    "notify_of_changes" = 1;
                    requiredNodes =                     (
                        "/Local/Default"
                    );
                };
                uuid = "A840FC81-A6CD-4665-899E-F8B52B1C6EC4";
            }
        );
    };
    "node name" = "/Search";
}

And what I want it to end up as is...

{
    comment = "Default search policy";
    mappings =     {
    };
    modules =     {
        session =         (
                        {
                module = search;
                options =                 {
                    "dsAttrTypeStandard:CSPSearchPath" =                     (
                        "/Local/Default",
                        "/Kanaka/Auth"
                    );
                    "dsAttrTypeStandard:LSPSearchPath" =                     (
                        "/Local/Default"
                    );
                    "dsAttrTypeStandard:NSPSearchPath" =                     (
                        "/Local/Default"
                    );
                    "dsAttrTypeStandard:SearchPolicy" = "dsAttrTypeStandard:CSPSearchPath";
                    "notify_of_changes" = 1;
                    requiredNodes =                     (
                        "/Local/Default"
                    );
                };
                uuid = "A840FC81-A6CD-4665-899E-F8B52B1C6EC4";
            }
        );
    };
    "node name" = "/Search";
}

The only change there is the extra item in the array "dsAttrTypeStandard:CSPSearchPath" /Kanaka/Auth

How would I add to an existing Bash script to make the addition to the array? I have done a lot of scripting, but adding to an array nested like this is not something I have done before.
Will Catalina actually let me script an addition to this plist?

Any help will be greatly appreciated.

Best answer by dsavageED

Instead of trying to directly edit the plist, why not try a dscl command (we used to do this for AD a number of years ago), something like:

dscl /Search -append / CSPSearchPath "/Kanaka/Auth"
dscl /Search -create / SearchPolicy dsAttrTypeStandard:CSPSearchPath

#Adds the Dir services to the search path allowing for the odd hickup
tries=0
while dscl /Search -create / SearchPolicy CSPSearchPath | grep -q 'Data source (/Search) is not valid.' 
    && [ ${tries} -lt 5 ]
do
    tries=$((${tries}+1))
    sleep $((${tries}*5))
done
tries=0
while dscl /Search -append / CSPSearchPath "/Kanaka/Auth" | grep -q 'Data source (/Search) is not valid.' 
    && [ ${tries} -lt 5 ]
do
    tries=$((${tries}+1))
    sleep $((${tries}*5))
done

3 replies

PaulHazelden
Forum|alt.badge.img+12
  • PaulHazelden
  • Author
  • Jamf Heroes
  • December 5, 2019

Ok to answer my own question....
I have worked out how to script the change of data in the plist. BUT you can't change that plist with a script. Logged in as root you cant delete it and put in a new version. I guess it isn't a good plist to delete, but I tried. I also have been using MDS to image Macs, and I tried building a pkg that would replace that plist whilst booted into a memory stick. That too has failed.
Unless the guys from Twocanoes MDS or Kanaka can come up with a working method, then I think scripting this will be dead in the water.

dsavageED
Forum|alt.badge.img+8
  • dsavageED
  • New Contributor
  • Answer
  • December 5, 2019

Instead of trying to directly edit the plist, why not try a dscl command (we used to do this for AD a number of years ago), something like:

dscl /Search -append / CSPSearchPath "/Kanaka/Auth"
dscl /Search -create / SearchPolicy dsAttrTypeStandard:CSPSearchPath

#Adds the Dir services to the search path allowing for the odd hickup
tries=0
while dscl /Search -create / SearchPolicy CSPSearchPath | grep -q 'Data source (/Search) is not valid.' 
    && [ ${tries} -lt 5 ]
do
    tries=$((${tries}+1))
    sleep $((${tries}*5))
done
tries=0
while dscl /Search -append / CSPSearchPath "/Kanaka/Auth" | grep -q 'Data source (/Search) is not valid.' 
    && [ ${tries} -lt 5 ]
do
    tries=$((${tries}+1))
    sleep $((${tries}*5))
done
    PaulHazelden
    Forum|alt.badge.img+12
    • PaulHazelden
    • Author
    • Jamf Heroes
    • December 5, 2019

    Big thanks dsavageED.
    That worked a treat.

    Terms & ConditionsCookie settingsAccessibility statement