Help

Updating users LDAP information.

RLR
Valued Contributor

Posted on ‎11-17-2016 04:32 AM - last edited on ‎03-04-2025 02:48 AM by Community Manager

It seems User LDAP information is only updated when a user has a device that checks in. Is there any way to force user information to update if they don't have a device?

We've got quite a few leavers that are stuck in our JSS that would be easy to remove if their LDAP info would get updated. As they are leavers they no longer have devices to update their LDAP information and are stuck in our system. The only way to get rid of them is to manually go through each user.

To make things worse, some of these users are part of a smart group that has been created using an LDAP field. This means we can't remove these users from this smart group because that LDAP field isn't getting updated. Only way round it is to delete the user completely which causes another issue that these users have VPP content assigned to them from this smart group. I can't delete a user that has VPP content assigned to them! First I need to redo vpp registration which takes some time and then I can delete them.

0 Kudos
Reply
4 REPLIES 4

Key1
New Contributor III

Posted on ‎11-17-2016 04:38 AM

@RLR I have the same problem with my user list. I haven't got round to writing it yet but my plan was use the API to loop through my user list do a LDAP look up on each and then use the API to delete based on a defined criteria ( in leavers group etc).

0 Kudos
Reply

jrwilcox
Contributor

Posted on ‎11-17-2016 05:30 AM

I actually have a script that lops through my users and deletes any one who does not have a device assigned and does not have VPP content assigned.

0 Kudos
Reply

blackholemac
Valued Contributor III

Posted on ‎05-02-2017 07:09 AM

@jrwilcox I would love to have you share that script if you would be so kind.

0 Kudos
Reply

jrwilcox
Contributor

Posted on ‎05-02-2017 07:14 AM 

#!/bin/bash

#  oldUsers.sh
#  
#
#  Created by James Wilcox on 7/28/15.
#  Updated to read users directly with out a smart group 06/07/2016
#

#should i delete the temp files
delete=true

#user_name=""     #   Un-comment this line and add your login name if different from your os x login account.
#password=""        # Un-comment this line and add your password to prevent being prompted each time.

if [ -z "$user_name" ]; then
    user_name=$USER
fi

if [ -z "$password" ]; then
    echo "Please enter JSS password for account: $USER."
    read -sr password
fi

# Our JSS Address
if ! JSS_URL=$(/usr/bin/defaults read com.jamfsoftware.jss.plist url); then
    echo "ERROR: Unable to read default url."
    exit $LINENO
fi
jss=$JSS_URL/JSSResource

#temp file names
users=oldUsers.01.xml
user=oldUsers.02.xml

#
#   How long did that take
#

function displaytime {
    local T=$1
    local D=$((T/60/60/24))
    local H=$((T/60/60%24))
    local M=$((T/60%60))
    local S=$((T%60))
    [[ $D -gt 0 ]] && printf '%d days ' $D
    [[ $H -gt 0 ]] && printf '%d hours ' $H
    [[ $M -gt 0 ]] && printf '%d minutes ' $M
    [[ $D -gt 0 || $H -gt 0 || $M -gt 0 ]] && printf 'and '
    printf '%d seconds
' $S
}

#
# grab the students in the JSS
#

start=$SECONDS
echo "reading users from JSS"
curl -sSf -u $user_name:$password --header "Accept: application/xml" $jss/users -X GET --output $users
error=$?
if [ $error -ne 0 ]; then
    echo "Unable to read users error = $error"
    exit $LINENO
fi

size=$(xmllint $users --xpath "users/size/text()")
echo "There are $size  Users registered in JSS"

i=$size
while [ "$i" -gt 0 ]; do
    ID=$(xmllint $users --xpath "users/user[$i]/id/text()")
    if [ $? -eq 0 ]; then
        curl -sSf -u $user_name:$password --header "Accept: application/xml" "$jss/users/id/$ID" -X GET --output $user
        error=$?
        if [ $error -ne 0 ]; then
            echo "Unable to read User ID $ID error = $error"
        else
            vppCount=$(xmllint $user --xpath "user/links/vpp_assignments/vpp_assignment/id/text()" 2> /dev/null)
            computer=$(xmllint $user --xpath "user/links/computers/computer/id/text()" 2> /dev/null)
            iPad=$(xmllint $user --xpath "user/links/mobile_devices/mobile_device/id/text()" 2> /dev/null)
            if [ -z "$vppCount" ] && [ -z "$computer" ] && [ -z "$iPad" ]; then
                curl -sSf -u $user_name:$password --header "Accept: application/xml" "$jss/users/id/$ID" -X Delete --output $user
                echo "should be deleted $ID has VPP = $vppCount computer = $computer iPad = $iPad"
            fi
        fi
    fi
    echo -ne "
Processing users $i left  "
    i=$((i-1))
done
echo -ne "
                                
"

if [ "$delete" = "true" ]; then rm -rf $user; fi
if [ "$delete" = "true" ]; then rm -rf $users; fi
duration=$(( SECONDS - start ))
echo
echo "it took $(displaytime $duration) to complete the script"

exit 0
0 Kudos
Reply
Back to Top