A couple of years ago I posted on how we “Submitted User Information From AD Into The JSS At Login” Since the Casper Suite 8.61 was release, the JSS has been able to perform this function. Below is a guide on how to leverage this.
Your JSS needs to have at least one LDAP server specified, with the correct attribute mappings for your environment. Below is an example of the mappings that we use, (you can use Directory Utility to find these attributes as shown here). One you have verified that the LDAP servers attribute mappings are correct for your environment, you will also need to enable collection of user & location data at inventory collection. In JSS v9 this is under Computer Management > Inventory Collection > General. The option to tick is shown below. Submitting User Information:
Now if your run a recon via a policy, Casper remote or the below.. you’ll notice that the users information does not get updated in the JSS:
This is because you’ve not told the JSS what username you wish to perform the LDAP lookup for. To do that, create a policy that runs at login with the below in the “Execute Command” field found under the “Files and Processes” payload.
This will update the users users name on the JSS & then instruct the JSS to perform an LDAP lookup using that username.
However, as the above uses Casper’s $3 variable, it will only work at login. Also as jamf binary runs as root you can’t use the $USER variable.
The below can be ran at anytime & if the above mentioned prerequisites are met, should start to populate user information in the JSS.
It’s a bit of an oddity, but Departments need to be manually defined in the JSS before they will show. This is done under Network Organisation > Departments.
If you try & submit a users department that isn’t defined in the JSS, then this field will not update until the department is added to the JSS.
Also, if your network segments are set to override the department for devices within them, then that method takes precedence over LDAP & so will not be updated via this method.
As per Departments, if your network segments are set to override the building. Then the LDAP method will not update the Building field.