Binding script

[jasonthat]

I am trying to use this script for binding mac clients (10.5.7) to AD and OD (10.5.7) to be included in the master image. However the script keeps giving me this error most of the time (works rarely):

attribute status: eDSNodeNotFound
DS Error: -14008 (eDSNodeNotFound)

Strange thing is that it works sometimes, like when I make some small changes to the script, save it and run again through the terminal, on the exact same computer that it doesn’t work. The binding to both AD & OD works fine though – it is only the search path for AD that does not get added automatically. HELP!

Here is the script I am using:

[size=9][i]#!/bin/sh

#Give the network time to come online
logger “Sleeping 30 seconds”
sleep 30
systemsetup -setusingnetworktime off
systemsetup -setnetworktimeserver myAD.com
systemsetup -setusingnetworktime on

#Set Bonjour and Computer Names
logger “Setting Bonjour and Computer Names”
computerid=`/sbin/ifconfig en0 | awk ‘/ether/ { gsub(“:”, “”); print $2 }’ | cut -c 7-19` # last 6 digits MAC Address
computerid2=”””$computerid”
logger “Computer name is $computerid2”
scutil –set LocalHostName “$computerid2”
scutil –set ComputerName “$computerid2”
sleep 3

computerid=`/usr/sbin/scutil –get LocalHostName`

### End of configuration

# Activate the AD plugin
defaults write /Library/Preferences/DirectoryService/DirectoryService “Active Directory” “Active”
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist
sleep 20

# Bind to LDAP
dsconfigldap -v -f -a myOD.com -c OD_$computerid -n “myOD” -u myOD admin -p myOD password -l local administrator -q local password
sleep 10

# Bind to AD
dsconfigad -f -a $computerid -domain $domain -u $udn -p “$password” -ou “$ou” -la $la -lp “$lp”

# Configure advanced AD plugin options
if [ “$admingroups” = “” ]; then
dsconfigad -nogroups
else
dsconfigad -groups “$admingroups”
fi

dsconfigad -alldomains $alldomains -localhome $localhome -protocol $protocol
-mobile $mobile -mobileconfirm $mobileconfirm -useuncpath $useuncpath
-shell $user_shell $preferred

# Restart DirectoryService (necessary to reload AD plugin activation settings)
killall DirectoryService

# Add the AD node to the search path
if [ “$alldomains” = “enable” ]; then
csp=”/Active Directory/All Domains”
else
csp=”/Active Directory/$domain”
fi

dscl /Search -read
dscl /Search -create / SearchPolicy CSPSearchPath
dscl “Active Directory/All Domains” -list /Computers > /dev/null
dscl /Search -append / CSPSearchPath “/Active Directory/All Domains”
dscl /Search -append / CSPSearchPath /LDAPv3/myOD.com
dscl /Search/Contacts -create / SearchPolicy CSPSearchPath
dscl /Search/Contacts -append / CSPSearchPath “/Active Directory/All Domains”

# This works in a pinch if the above code does not
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig “Search Node Custom Path Array” -array “/Active Directory/All Domains”
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig “Search Node Custom Path Array” -array “/LDAPv3/myOD.com”
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig “Search Policy” -int 3
defaults write /Library/Preferences/DirectoryService/ContactsNodeConfig “Search Node Custom Path Array” -array “/Active Directory/All Domains”
defaults write /Library/Preferences/DirectoryService/ContactsNodeConfig “Search Policy” -int 3

plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist

#Exit
exit 0[/i][/size]

Could someone please tell me whats wrong with this script? Have been trying to fix it for so long but just can’t seem to get this working properly. Thanks.

[Patrick Gallagher]

Are you sure the network is up when the script runs?

[jasonthat]

Thanks patrick. Got it fixed 🙂 it might have been because I did not add “sudo” to the dscl commands (that’s strange even though we run the script as root) and also corrections to the writing of the SearchNodeConfig.plist files – we do not need to add LDAP search paths in there. These are the changes that had to be made to the whole script (if it helps anyone):

Quote:
#Add LDAPv3 to od server
odcsp=”/LDAPv3/$odserver”

Quote:
# Bind to OD
sleep 10
dsconfigldap -v -f -a “$odserver” -n “$odserver” -c OD_$computerid -u $odudn -p “$odpassword”
sleep 20

Quote:
sudo dscl “/Active Directory/All Domains” -list /Computers > /dev/null
sleep 10
sudo dscl /Search -append / CSPSearchPath “$csp”
sudo dscl /Search -create / SearchPolicy dsAttrTypeStandard:CSPSearchPath
sudo dscl /Search/Contacts -append / CSPSearchPath “$csp”
sudo dscl /Search/Contacts -create / SearchPolicy dsAttrTypeStandard:CSPSearchPath

sudo dscl /Search -append / CSPSearchPath “$odcsp”
sudo dscl /Search/Contacts -append / CSPSearchPath “$odcsp”

# This works in a pinch if the above code does not
#defaults write /Library/Preferences/DirectoryService/SearchNodeConfig “Search Node Custom Path Array” -array “/Active Directory/All Domains”
#defaults write /Library/Preferences/DirectoryService/SearchNodeConfig “Search Policy” -int 3
#plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist
#killall DirectoryService

Thanks again for the reply!

[clutch]

I’ve got most things working with this script but having an issue trying to escape space in the name of the AD container I’m trying to add computers to.
Unfortunately, the AD server was setup long before I had any say in the way things were going to be structured and we have far too many computers to add them manually.

The error I’m getting back from the AD server is “The container you specified for the computer does not exist. Please verify the container information and try again.”

The container I’m trying to add to looks like this: ou=”CN=mac,CN=All The Computers,DC=example,DC=com” (names changed to protect the innocent).

I can successfully add computers to the normal “CN=Computers” container, but that’s not where we need them…

I’ve tried many combinations of single vs double quotes, escaping the spaces with backslashes, using “%20”, using “\20” and am reaching the limits of my escapability.

Does anyone have any other ideas which may be worth trying?

Any help greatly appreciated.

Chris.

[Author]

Posts