Submit User Information From AD Into The JSS At Login v2

Standard

A couple of years ago I posted on how we “Submit User Information From AD Into The JSS At Login” Since the  Casper Suite 8.61 was release, the JSS has been able to perform this function. Below is a guide on how to leverage this.

Prerequisites

Your JSS needs to have at least one LDAP server specified, with the correct attribute mappings for your environment. Below is an example of the mappings that we use, (you can use Directory Utility to find these attributes as shown here).

Screen Shot 2014-05-04 at 00.36.30

Once you have verified that the LDAP servers attribute mappings are correct for your environment, you will also need to enable collection of user & location data at inventory collection. In JSS v9 this is under Computer Management > Inventory Collection > General. The option to tick is shown below.

Screen Shot 2014-05-04 at 00.29.54

Submitting User Information

Now if your run a recon via a policy, Casper remote or the below.. you’ll notice that the users information does not get updated in the JSS: 

sudo jamf recon

This is because you’ve not told the JSS what username you wish to perform the LDAP lookup for. To do that, create a policy that runs at login with the below in the “Execute Command” field found under the “Files and Processes” payload.

sudo jamf recon -endUsername $3

This will update the users users name on the JSS & then instruct the JSS to perform an LDAP lookup using that username.

However, as the above uses Casper’s $3 variable, it will only work at login. Also as jamf binary runs as root you can’t use the $USER variable.

The below can be ran at anytime & if the above mentioned prerequisites are met, should start to populate user information in the JSS.

Departments

It’s a bit of an oddity, but Departments need to be manually defined in the JSS before they will show. This is done under Network Organisation > Departments.

If you try & submit a users department that isn’t defined in the JSS, then this field will not update until the department is added to the JSS.

Also, if your network segments are set to override the department for devices within them, then that method takes precedence over LDAP & so will not be updated via this method.

Buildings

As per Departments, if your network segments are set to override the building. Then the LDAP method will not update the Building field.