Question

Updating users LDAP information.

8 years ago
November 17, 2016
4 replies
2 views

+12

RLR
Honored Contributor
309 replies

It seems User LDAP information is only updated when a user has a device that checks in. Is there any way to force user information to update if they don't have a device?

We've got quite a few leavers that are stuck in our JSS that would be easy to remove if their LDAP info would get updated. As they are leavers they no longer have devices to update their LDAP information and are stuck in our system. The only way to get rid of them is to manually go through each user.

To make things worse, some of these users are part of a smart group that has been created using an LDAP field. This means we can't remove these users from this smart group because that LDAP field isn't getting updated. Only way round it is to delete the user completely which causes another issue that these users have VPP content assigned to them from this smart group. I can't delete a user that has VPP content assigned to them! First I need to redo vpp registration which takes some time and then I can delete them.

Key1
Contributor
35 replies
8 years ago
November 17, 2016

@RLR I have the same problem with my user list. I haven't got round to writing it yet but my plan was use the API to loop through my user list do a LDAP look up on each and then use the API to delete based on a defined criteria ( in leavers group etc).

jrwilcox
Contributor
82 replies
8 years ago
November 17, 2016

I actually have a script that lops through my users and deletes any one who does not have a device assigned and does not have VPP content assigned.

+26

blackholemac
Valued Contributor
907 replies
8 years ago
May 2, 2017

@jrwilcox I would love to have you share that script if you would be so kind.

jrwilcox
Contributor
82 replies
8 years ago
May 2, 2017

#!/bin/bash

#  oldUsers.sh
#  
#
#  Created by James Wilcox on 7/28/15.
#  Updated to read users directly with out a smart group 06/07/2016
#

#should i delete the temp files
delete=true

#user_name=""     #   Un-comment this line and add your login name if different from your os x login account.
#password=""        # Un-comment this line and add your password to prevent being prompted each time.

if [ -z "$user_name" ]; then
    user_name=$USER
fi

if [ -z "$password" ]; then
    echo "Please enter JSS password for account: $USER."
    read -sr password
fi

# Our JSS Address
if ! JSS_URL=$(/usr/bin/defaults read com.jamfsoftware.jss.plist url); then
    echo "ERROR: Unable to read default url."
    exit $LINENO
fi
jss=$JSS_URL/JSSResource

#temp file names
users=oldUsers.01.xml
user=oldUsers.02.xml

#
#   How long did that take
#

function displaytime {
    local T=$1
    local D=$((T/60/60/24))
    local H=$((T/60/60%24))
    local M=$((T/60%60))
    local S=$((T%60))
    [[ $D -gt 0 ]] && printf '%d days ' $D
    [[ $H -gt 0 ]] && printf '%d hours ' $H
    [[ $M -gt 0 ]] && printf '%d minutes ' $M
    [[ $D -gt 0 || $H -gt 0 || $M -gt 0 ]] && printf 'and '
    printf '%d seconds
' $S
}

#
# grab the students in the JSS
#

start=$SECONDS
echo "reading users from JSS"
curl -sSf -u $user_name:$password --header "Accept: application/xml" $jss/users -X GET --output $users
error=$?
if [ $error -ne 0 ]; then
    echo "Unable to read users error = $error"
    exit $LINENO
fi

size=$(xmllint $users --xpath "users/size/text()")
echo "There are $size  Users registered in JSS"

i=$size
while [ "$i" -gt 0 ]; do
    ID=$(xmllint $users --xpath "users/user[$i]/id/text()")
    if [ $? -eq 0 ]; then
        curl -sSf -u $user_name:$password --header "Accept: application/xml" "$jss/users/id/$ID" -X GET --output $user
        error=$?
        if [ $error -ne 0 ]; then
            echo "Unable to read User ID $ID error = $error"
        else
            vppCount=$(xmllint $user --xpath "user/links/vpp_assignments/vpp_assignment/id/text()" 2> /dev/null)
            computer=$(xmllint $user --xpath "user/links/computers/computer/id/text()" 2> /dev/null)
            iPad=$(xmllint $user --xpath "user/links/mobile_devices/mobile_device/id/text()" 2> /dev/null)
            if [ -z "$vppCount" ] && [ -z "$computer" ] && [ -z "$iPad" ]; then
                curl -sSf -u $user_name:$password --header "Accept: application/xml" "$jss/users/id/$ID" -X Delete --output $user
                echo "should be deleted $ID has VPP = $vppCount computer = $computer iPad = $iPad"
            fi
        fi
    fi
    echo -ne "
Processing users $i left  "
    i=$((i-1))
done
echo -ne "
                                
"

if [ "$delete" = "true" ]; then rm -rf $user; fi
if [ "$delete" = "true" ]; then rm -rf $users; fi
duration=$(( SECONDS - start ))
echo
echo "it took $(displaytime $duration) to complete the script"

exit 0

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos + marketing

Reply

Related topics

Recommendations on how to update User info for next yearicon

Building and Department not sticking on mobile deviceicon

Issues dynamically updating User & Location informationicon

JSS not updating mobile device user information after enrollmenticon

API - Update User information from LDAPicon

Most helpful members this week

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings