Scripting dsconfigad in 10.3.9
I'm trying to script ad binding in 10.3.9. I have a script that I run from ARD that contains dsconfigad commands. In 10.4 this works, but in 10.3.9 dsconfigad asks for the root password when it's run. When run from ARD I get a bus error... presumably because there is no input handle. Has anyone gotten past this?
Thanks
Andy Zirkel
I ended up embedding an expect script in my bash script which did the job. It looks like this:
#Bind to AD using expect
touch /tmp/adbind.expect
chmod a+x /tmp/adbind.expect
cat > /tmp/adbind.expect << EOF
#!/usr/bin/expect
spawn dsconfigad -f -a $NAME -u netuser -p netuserpass -ou ou=MacClients,dc=myschool,dc=edu -forest myschool.edu -domain myschool.edu
expect "Password:"
send "localpass\n"
expect eof
spawn dsconfigad $ADSETTINGS
expect "Password:"
send "localpass\n"
expect eof
EOF
I use MacEnterprise a lot and it's a great list.
Similar Messages
-
Directory Binding Script (Active and Open Directory) 10.7
Hi everyone
I'm reposting this in the right thread. I've written a Directory Binding Script for 10.6 and ported it now to 10.7 as among the things that have changed in the upgraded version is a refurbished directory binding enviroment.
The original thread can be found here: https://discussions.apple.com/thread/3090068. The script is applicable for clients as well and simplifies the binding process considerably.
Be aware that the reformatted script here contains some faulty line breaks. So you'll have to correct them in a proper text editor.
#!/bin/sh
#Uncomment the following line to abort the script on errors
#trap exit ERR
## Script to automate OD and AD Binding of Mac OS X 10.7 Servers
## Script written by Marc Horat, URZ Basel, 11.6.2010
## Updated: 12.08.2011
# With the use of the following sources as inspiration:
# http://www.howtomac.co.uk/?p=247
#Created by Ross Hamilton
#Clock restart / Remove existing settings
#Join to Open Directory and Active Directory
# Bombich's AD-Bind Script:
# This script binds to AD and configures advanced options of the AD plugin
# As this scripts contains a password, be sure to take appropriate security
# precautions
# A good way to run this script is to set it as a login hook on your master machine
# Because it only needs to be run once, the last thing this script does is to delete
# itself. If you have another login script that you typically run, include the
# script on your master machine, and indicate its path in the "newLoginScript"
# variable.
# If running this as a one-time login hook to bind to AD after imaging,
# be sure to enable auto-login (for any local user) before creating your master image
#################CONFIGURATION##########################
#OD
# These variables need to be configured for your env
odAdmin="YOURODADMIN" #enter your OD admin name between the quotes
odPassword="YOURODPW" # Enter your OD admin password between the quotes
oddomain="YOURODDOMAIN" # FQDN of your OD domain
computerGroup="YOURNEWODCOMPGROUP" # Add appropriate computer group you want machines to be added to, case sensitive
oldComputerGroup="YOUROLDODCOMPGROUP" # If the Computer is in a Group already
#AD
# Standard parameters
domain="YOURADDOMAIN" # fully qualified DNS name of Active Directory Domain
domainname="YOURADDOMAINNAME" #Name of the Domain as specified in the search paths
udn="YOURADADMIN" # username of a privileged network user
password="YOURADPW" # password of a privileged network user
ou="OU=YOUR,OU=OU,OU=URZ,OU=IN,DC=YOUR,DC=AD,DC=DOMAIN" # Distinguished name of container for the computer E.G. OU=Macs,OU=Computers,DC=AD,DC=DOMAIN,DC=CH
# Advanced options AD Plugin
alldomains="disable" # 'enable' or 'disable' automatic multi-domain authentication
localhome="disable" # 'enable' or 'disable' force home directory to local drive
protocol="smb" # 'afp', 'smb' or 'nfs' (since 10.7) change how home is mounted from server
mobile="enable" # 'enable' or 'disable' mobile account support for offline logon
mobileconfirm="enable" # 'enable' or 'disable' warn the user that a mobile acct will be created
useuncpath="enable" # 'enable' or 'disable' use AD SMBHome attribute to determine the home dir
user_shell="/bin/bash" # e.g., /bin/bash or "none"
preferred="-preferred $domain" # Use the specified server for all Directory lookups and authentication
# (e.g. "-nopreferred" or "-preferred ad.server.edu")
admingroups="$domainname\YOURADADMINGROUP" # These comma-separated AD groups may administer the machine (e.g. "" or "APPLE\macadmins")
packetsign="allow" # allow | disable | require
packetencrypt="allow" # allow | disable | require
passinterval="14" # number of days
namespace="domain" # forest | domain
# Login hook setting -- specify the path to a login hook that you want to run instead of this script
newLoginHook="" # e.g., "/Library/Management/login.sh"
################################# End of configuration
############ Begin of Script
# Host-specific parameters
# computerid should be set dynamically, this value must be machine-specific
# This value may be restricted to 19 characters! The only error you'll receive upon entering
# an invalid computer id is to the effect of not having appropriate privileges to perform the requested operation
#computerid=`/sbin/ifconfig en0 | awk '/ether/ { gsub(":", ""); print $2 }'` # MAC Address
#computerid=`hostname | sed 's/.unibas.ch//'`
#computerid=`/usr/sbin/scutil --get LocalHostName | cut -c 1-19` # Assure that this will produce unique names!
#computerid=`/usr/sbin/scutil --get LocalHostName`
computerid=`scutil --get ComputerName`
adcomputerid=`echo "$computerid" | tr [:lower:] [:upper:]`
# These variables probably don't need to be changed
# Determing if any directory binding exists
nicAddress=`ifconfig en0 | grep ether | awk '{print $2}'`
if dscl localhost -list /LDAPv3 | grep . > /dev/null
then
check4ODtmp=`dscl localhost -list /LDAPv3 | grep -n 1 | sed 's/1://' | sed 's/2://'`
check4OD=${check4ODtmp//[[:space:]]/}
echo "Found LDAP: "$check4ODtmp
check4ODaccttmp=`dscl /LDAPv3/"$check4OD" -read Computers/"$computerid" RealName | cut -c 11-`
check4ODacct=${check4ODaccttmp//[[:space:]]/}
echo "Found LDAP-Computer-Account: "$check4ODacct
else
check4OD=""
check4ODacct=""
echo "No bound LDAP Server found"
fi
if [ $oldComputerGroup != "" ] && dscl localhost -list /LDAPv3 | grep . > /dev/null
then
check4ODgroupMembershiptmp=`dscl /LDAPv3/"$check4OD" -read ComputerGroups/"$oldComputerGroup" | grep "$computerid"`
check4ODgroupMembership=$check4ODgroupMembershiptmp
echo "LDAP Group Membership in Group: "$oldComputerGroup
else
check4ODgroupMembership=""
echo "No LDAP Group Membership defined or not bound to a server"
fi
if dscl localhost -list "/Active Directory" | grep $domainname > /dev/null
then
check4ADtmp=`dsconfigad -show | grep "Active Directory Domain" | sed 's/Active Directory Domain//' | sed 's/=//'`
check4AD=${check4ADtmp//[[:space:]]/}
echo "Found AD: "$check4AD
check4ADaccttmp=`dsconfigad -show | grep "Computer Account" | sed 's/Computer Account//' | sed 's/=//'`
check4ADacct=${check4ADaccttmp//[[:space:]]/}
echo "Found AD-Account: "$check4ADacct
else
check4AD=""
check4ADacct=""
echo "No AD-Account found"
fi
osversionlong=`sw_vers -productVersion`
osvers=${osversionlong:3:1}
#Time Sync
#Restart ntpdate
StartService ()
if [ "${TIMESYNC:=-YES-}" = "-YES-" ] && ! GetPID ntpd > /dev/null; then
CheckForNetwork
if [ -f /var/run/NetworkTime.StartupItem -o "${NETWORKUP}" = "-NO-" ]; then exit; fi
touch /var/run/NetworkTime.StartupItem
echo "Starting network time synchronization"
# Synchronize our clock to the network’s time,
# then fire off ntpd to keep the clock in sync.
ntpdate -bvs
ntpd -f /var/run/ntp.drift -p /var/run/ntpd.pid
fi
echo ""
echo ""
sleep 5
#### Removing any existing directory bindings
#Clear OD Computer Account and delete entry from Computer group
if dscl localhost -list /LDAPv3 | grep . > /dev/null
then
echo "This computer is bound to the following Open Directory Services:"
dscl localhost -list /LDAPv3
echo "With the Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /LDAP
sleep 5
if [ "${check4ODacct}" == "${computerid}" ]
then
echo "This machine already has a computer account on $oddomain."
# Set the GUID
GUID="$(dscl /LDAPv3/$oddomain -read /Computers/${computerid} GeneratedUID | awk '{ print $2 }')"
echo "Found GUID: "$GUID
if [ "$oldComputerGroup" != "" ] && [ "$check4ODgroupMembership" != "" ]
then
echo "Removing entry from group $oldComputerGroup"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /ComputerGroups/"$oldComputerGroup" GroupMembership "${computerid}"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /ComputerGroups/"$oldComputerGroup" GroupMembers "${GUID}"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /ComputerLists/"$oldComputerGroup" Computers "${computerid}"
fi
echo "Removing Computer entry $computerid in OD"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /Computers/"${computerid}"
fi
#List existing Directories
echo "Removing OD-Binding to "$check4OD
dsconfigldap -r "$check4OD"
echo "Removing Search Path entries"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4OD"
dscl /Search/Contacts -delete / CSPSearchPath /LDAPv3/"$check4OD"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4OD"
sleep 5
else
echo "No LDAP or OD Binding present.";
fi
echo ""
# Check a second time in order to delete any remaining LDAP-Bindings
echo "Scanning for further LDAP servers"
if dscl localhost -list /LDAPv3 | grep . > /dev/null
then
echo "Found:"
dscl localhost -list /LDAPv3
echo "Removing OD-Binding to "$check4ODtmp
dsconfigldap -r "$check4ODtmp"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4ODtmp"
dscl /Search/Contacts -delete / CSPSearchPath /LDAPv3/"$check4ODtmp"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4ODtmp"
sleep 5
else
echo "No further LDAP or OD Binding present."
fi
echo ""
echo ""
#Remove the Active Directory binding
if [ "$check4AD" != "" ]
then
echo "This computer is bound to the following Active Directory Services:"
dscl localhost -list "/Active Directory"
echo "With the Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /Active
sleep 5
echo "Removing any existing AD-Binding to "$check4AD
dsconfigad -f -remove -username "$udn" -password "$password"
echo "Removing Search Path entries"
if [ "$preferred" != "-nopreferred" ]
then
dscl /Search -delete / CSPSearchPath /Active Directory/"$domainname"
dscl /Search/Contacts -delete / CSPSearchPath /Active Directory/"$domainname"
dscl /Search -delete / CSPSearchPath /Active Directory/"$domainname"
fi
dscl /Search -delete / CSPSearchPath "/Active Directory/$domainname/All Domains"
dscl /Search/Contacts -delete / CSPSearchPath "/Active Directory/$domainname/All Domains"
#remove search path entries from 10.6
if dscl /Search -read / CSPSearchPath | grep /Active > /dev/null
then
dscl /Search -delete / CSPSearchPath "/Active Directory/$domainname/$domain"
dscl /Search/Contacts -delete / CSPSearchPath "/Active Directory/$domainname/$domain"
fi
sleep 5
else
echo "No Active Directory Binding present."
fi
echo ""
#Remove Existing Directory Services Config
echo "Removing existing DS Config"
if [ -d "/Library/Preferences/edu.mit.Kerberos" ]
then
rm -R /Library/Preferences/edu.mit.Kerberos
fi
if [ -d "/etc/krb5.keytab" ]
then
rm -R /etc/krb5.keytab
fi
# Clean up the DirectoryService configuration files
rm -Rfv /Library/Preferences/DirectoryService/*
#OD
echo ""
echo ""
echo "Binding to OD-Damin "$oddomain
sleep 5
dsconfigldap -v -a "$oddomain" -n "$oddomain" -c "$computerid"
echo "Killing opendirectoryd"
killall opendirectoryd
sleep 5
echo "Adding computer account $computerid to /LDAPv3/${oddomain} on $oddomain"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -create /Computers/"$computerid" ENetAddress "$nicAddress"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /Computers/"$computerid" RealName "$computerid"
# Set the GUID
GUID="$(dscl /LDAPv3/$oddomain -read /Computers/${computerid} GeneratedUID | awk '{ print $2 }')"
# Add computer to ComputerList and ComputerGroup
if [ $computerGroup != "" ]
then
echo "Adding computer $computerid to OD group $computerGroup on $oddomain"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /ComputerLists/"$computerGroup" apple-computers "$computerid"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /ComputerGroups/"$computerGroup" apple-group-memberguid "${GUID}"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /ComputerGroups/"$computerGroup" memberUid "$computerid"
fi
echo "Finished OD Binding."
sleep 5 # Give DS a chance to catch up
echo ""
echo ""
echo "Performing the AD Binding"
#AD
# Activate the AD plugin
defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Active"
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist
#Use the existing AD-Computername or generate a new one
computeridtmp="default"
if [ "$check4ADacct" == "" ]
then
LEN=$(echo ${#adcomputerid})
if [ $LEN -lt 15 ]; then
echo "ComputerID "$adcomputerid " has 15 characters or less and is therefore suitable for AD-Binding. It is $adcomputerid"
computeridtmp=$adcomputerid
else
echo "ComputerID "$adcomputerid " has 16 or more characters and needs to be modified for AD-Binding."
echo "Removing any -"
computeridtmp=${adcomputerid//-/}
LEN=$(echo ${#computeridtmp})
if [ $LEN -lt 15 ]; then
echo "ComputerID "$computeridtmp" has now 15 characters or less and is therefore suitable for AD-Binding."
else
echo "Only using the last 15 characters of the Computer name to be able to bind to AD."
computeridtmp=${computeridtmp:(-15)}
fi
echo "Cropped Computername to "$computeridtmp
fi
else
computeridtmp=${check4ADacct//$/}
echo "Found existing AD Account previously, attempting to recreate in the OU: "$computeridtmp
fi
echo ""
# Bind to AD
echo "Binding to AD-Domain "$domain" with computerid "$computeridtmp
dsconfigad -f -add "$domain" -username "$udn" -password "$password" -ou "$ou" -computer "$computeridtmp"
echo ""
echo "Setting the Advanced AD Plugin options"
# Configure advanced AD plugin options
if [ "$admingroups" = "" ]
then
dsconfigad -nogroups
else
dsconfigad -groups "$admingroups"
fi
dsconfigad -alldomains "$alldomains"
dsconfigad -localhome "$localhome"
dsconfigad -protocol "$protocol"
dsconfigad -mobile "$mobile"
dsconfigad -mobileconfirm "$mobileconfirm"
dsconfigad -useuncpath "$useuncpath"
dsconfigad -shell "$user_shell"
dsconfigad "$preferred"
dsconfigad -packetsign "$packetsign" -packetencrypt "$packetencrypt" -passinterval "$passinterval"
dsconfigad -namespace "$namespace"
sleep 5
echo ""
echo ""
# Add the OD & AD node to the search path
if [ "$alldomains" = "enable" ]
then
csp="/Active Directory/$domainname/All Domains"
else
csp="/Active Directory/$domainname"
fi
echo "Finished AD Binding."
echo "Adding Domain /LDAPv3/"$oddomain" and "$csp" to Search Path"
dscl /Search -create / SearchPolicy CSPSearchPath
dscl /Search/Contacts -create / SearchPolicy CSPSearchPath
echo "Adding OD.."
dscl /Search -append / CSPSearchPath /LDAPv3/"$oddomain"
dscl /Search/Contacts -append / CSPSearchPath /LDAPv3/"$oddomain"
echo "Adding AD.."
#Adding all Domains first to improve reliability under 10.7
if [ "$alldomains" != "enable" ]
then
cspadall="/Active Directory/$domainname/All Domains"
dscl /Search/Contacts -append / CSPSearchPath "$cspadall"
dscl /Search -append / CSPSearchPath "$cspadall"
fi
dscl /Search/Contacts -append / CSPSearchPath "$csp"
dscl /Search -append / CSPSearchPath "$csp"
echo "Finished Updating Search Paths."
echo ""
echo ""
# Restart DirectoryService (necessary to reload AD plugin activation settings)
killall opendirectoryd
# Destroy the login hook (or change it)
if [ "${newLoginHook}" == "" ]
then
defaults delete /var/root/Library/Preferences/com.apple.loginwindow LoginHook
else
defaults write /var/root/Library/Preferences/com.apple.loginwindow LoginHook $newLoginHook
fi
sleep 5
# Customizing the login-Window
#defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo DSStatus
#defaults write /Library/Preferences/com.apple.loginwindow showInputMenu -bool TRUE
#defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool TRUE
# This works in a pinch if the above code does not
#defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" -array "/Active Directory/All Domains"
#defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Policy" -int 3
#plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist
#killall opendirectoryd
# Disable autologin
defaults delete /Library/Preferences/com.apple.loginwindow autoLoginUser
srm /etc/kcpassword
echo ""
echo ""
echo ""
echo "Now bound to OD Domain:"
dscl localhost -list /LDAPv3
echo "With Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /LDAP
echo "Now bound to AD Domain:"
dscl localhost -list "/Active Directory"
echo "With Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /Active
exit 0 ## Success
exit 1 ## Failure
Any inputs, questions and improvement suggestions are, of course, most welcome!
Cheers
SeeHi everyone
I'm reposting this in the right thread. I've written a Directory Binding Script for 10.6 and ported it now to 10.7 as among the things that have changed in the upgraded version is a refurbished directory binding enviroment.
The original thread can be found here: https://discussions.apple.com/thread/3090068. The script is applicable for clients as well and simplifies the binding process considerably.
Be aware that the reformatted script here contains some faulty line breaks. So you'll have to correct them in a proper text editor.
#!/bin/sh
#Uncomment the following line to abort the script on errors
#trap exit ERR
## Script to automate OD and AD Binding of Mac OS X 10.7 Servers
## Script written by Marc Horat, URZ Basel, 11.6.2010
## Updated: 12.08.2011
# With the use of the following sources as inspiration:
# http://www.howtomac.co.uk/?p=247
#Created by Ross Hamilton
#Clock restart / Remove existing settings
#Join to Open Directory and Active Directory
# Bombich's AD-Bind Script:
# This script binds to AD and configures advanced options of the AD plugin
# As this scripts contains a password, be sure to take appropriate security
# precautions
# A good way to run this script is to set it as a login hook on your master machine
# Because it only needs to be run once, the last thing this script does is to delete
# itself. If you have another login script that you typically run, include the
# script on your master machine, and indicate its path in the "newLoginScript"
# variable.
# If running this as a one-time login hook to bind to AD after imaging,
# be sure to enable auto-login (for any local user) before creating your master image
#################CONFIGURATION##########################
#OD
# These variables need to be configured for your env
odAdmin="YOURODADMIN" #enter your OD admin name between the quotes
odPassword="YOURODPW" # Enter your OD admin password between the quotes
oddomain="YOURODDOMAIN" # FQDN of your OD domain
computerGroup="YOURNEWODCOMPGROUP" # Add appropriate computer group you want machines to be added to, case sensitive
oldComputerGroup="YOUROLDODCOMPGROUP" # If the Computer is in a Group already
#AD
# Standard parameters
domain="YOURADDOMAIN" # fully qualified DNS name of Active Directory Domain
domainname="YOURADDOMAINNAME" #Name of the Domain as specified in the search paths
udn="YOURADADMIN" # username of a privileged network user
password="YOURADPW" # password of a privileged network user
ou="OU=YOUR,OU=OU,OU=URZ,OU=IN,DC=YOUR,DC=AD,DC=DOMAIN" # Distinguished name of container for the computer E.G. OU=Macs,OU=Computers,DC=AD,DC=DOMAIN,DC=CH
# Advanced options AD Plugin
alldomains="disable" # 'enable' or 'disable' automatic multi-domain authentication
localhome="disable" # 'enable' or 'disable' force home directory to local drive
protocol="smb" # 'afp', 'smb' or 'nfs' (since 10.7) change how home is mounted from server
mobile="enable" # 'enable' or 'disable' mobile account support for offline logon
mobileconfirm="enable" # 'enable' or 'disable' warn the user that a mobile acct will be created
useuncpath="enable" # 'enable' or 'disable' use AD SMBHome attribute to determine the home dir
user_shell="/bin/bash" # e.g., /bin/bash or "none"
preferred="-preferred $domain" # Use the specified server for all Directory lookups and authentication
# (e.g. "-nopreferred" or "-preferred ad.server.edu")
admingroups="$domainname\YOURADADMINGROUP" # These comma-separated AD groups may administer the machine (e.g. "" or "APPLE\macadmins")
packetsign="allow" # allow | disable | require
packetencrypt="allow" # allow | disable | require
passinterval="14" # number of days
namespace="domain" # forest | domain
# Login hook setting -- specify the path to a login hook that you want to run instead of this script
newLoginHook="" # e.g., "/Library/Management/login.sh"
################################# End of configuration
############ Begin of Script
# Host-specific parameters
# computerid should be set dynamically, this value must be machine-specific
# This value may be restricted to 19 characters! The only error you'll receive upon entering
# an invalid computer id is to the effect of not having appropriate privileges to perform the requested operation
#computerid=`/sbin/ifconfig en0 | awk '/ether/ { gsub(":", ""); print $2 }'` # MAC Address
#computerid=`hostname | sed 's/.unibas.ch//'`
#computerid=`/usr/sbin/scutil --get LocalHostName | cut -c 1-19` # Assure that this will produce unique names!
#computerid=`/usr/sbin/scutil --get LocalHostName`
computerid=`scutil --get ComputerName`
adcomputerid=`echo "$computerid" | tr [:lower:] [:upper:]`
# These variables probably don't need to be changed
# Determing if any directory binding exists
nicAddress=`ifconfig en0 | grep ether | awk '{print $2}'`
if dscl localhost -list /LDAPv3 | grep . > /dev/null
then
check4ODtmp=`dscl localhost -list /LDAPv3 | grep -n 1 | sed 's/1://' | sed 's/2://'`
check4OD=${check4ODtmp//[[:space:]]/}
echo "Found LDAP: "$check4ODtmp
check4ODaccttmp=`dscl /LDAPv3/"$check4OD" -read Computers/"$computerid" RealName | cut -c 11-`
check4ODacct=${check4ODaccttmp//[[:space:]]/}
echo "Found LDAP-Computer-Account: "$check4ODacct
else
check4OD=""
check4ODacct=""
echo "No bound LDAP Server found"
fi
if [ $oldComputerGroup != "" ] && dscl localhost -list /LDAPv3 | grep . > /dev/null
then
check4ODgroupMembershiptmp=`dscl /LDAPv3/"$check4OD" -read ComputerGroups/"$oldComputerGroup" | grep "$computerid"`
check4ODgroupMembership=$check4ODgroupMembershiptmp
echo "LDAP Group Membership in Group: "$oldComputerGroup
else
check4ODgroupMembership=""
echo "No LDAP Group Membership defined or not bound to a server"
fi
if dscl localhost -list "/Active Directory" | grep $domainname > /dev/null
then
check4ADtmp=`dsconfigad -show | grep "Active Directory Domain" | sed 's/Active Directory Domain//' | sed 's/=//'`
check4AD=${check4ADtmp//[[:space:]]/}
echo "Found AD: "$check4AD
check4ADaccttmp=`dsconfigad -show | grep "Computer Account" | sed 's/Computer Account//' | sed 's/=//'`
check4ADacct=${check4ADaccttmp//[[:space:]]/}
echo "Found AD-Account: "$check4ADacct
else
check4AD=""
check4ADacct=""
echo "No AD-Account found"
fi
osversionlong=`sw_vers -productVersion`
osvers=${osversionlong:3:1}
#Time Sync
#Restart ntpdate
StartService ()
if [ "${TIMESYNC:=-YES-}" = "-YES-" ] && ! GetPID ntpd > /dev/null; then
CheckForNetwork
if [ -f /var/run/NetworkTime.StartupItem -o "${NETWORKUP}" = "-NO-" ]; then exit; fi
touch /var/run/NetworkTime.StartupItem
echo "Starting network time synchronization"
# Synchronize our clock to the network’s time,
# then fire off ntpd to keep the clock in sync.
ntpdate -bvs
ntpd -f /var/run/ntp.drift -p /var/run/ntpd.pid
fi
echo ""
echo ""
sleep 5
#### Removing any existing directory bindings
#Clear OD Computer Account and delete entry from Computer group
if dscl localhost -list /LDAPv3 | grep . > /dev/null
then
echo "This computer is bound to the following Open Directory Services:"
dscl localhost -list /LDAPv3
echo "With the Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /LDAP
sleep 5
if [ "${check4ODacct}" == "${computerid}" ]
then
echo "This machine already has a computer account on $oddomain."
# Set the GUID
GUID="$(dscl /LDAPv3/$oddomain -read /Computers/${computerid} GeneratedUID | awk '{ print $2 }')"
echo "Found GUID: "$GUID
if [ "$oldComputerGroup" != "" ] && [ "$check4ODgroupMembership" != "" ]
then
echo "Removing entry from group $oldComputerGroup"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /ComputerGroups/"$oldComputerGroup" GroupMembership "${computerid}"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /ComputerGroups/"$oldComputerGroup" GroupMembers "${GUID}"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /ComputerLists/"$oldComputerGroup" Computers "${computerid}"
fi
echo "Removing Computer entry $computerid in OD"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /Computers/"${computerid}"
fi
#List existing Directories
echo "Removing OD-Binding to "$check4OD
dsconfigldap -r "$check4OD"
echo "Removing Search Path entries"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4OD"
dscl /Search/Contacts -delete / CSPSearchPath /LDAPv3/"$check4OD"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4OD"
sleep 5
else
echo "No LDAP or OD Binding present.";
fi
echo ""
# Check a second time in order to delete any remaining LDAP-Bindings
echo "Scanning for further LDAP servers"
if dscl localhost -list /LDAPv3 | grep . > /dev/null
then
echo "Found:"
dscl localhost -list /LDAPv3
echo "Removing OD-Binding to "$check4ODtmp
dsconfigldap -r "$check4ODtmp"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4ODtmp"
dscl /Search/Contacts -delete / CSPSearchPath /LDAPv3/"$check4ODtmp"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4ODtmp"
sleep 5
else
echo "No further LDAP or OD Binding present."
fi
echo ""
echo ""
#Remove the Active Directory binding
if [ "$check4AD" != "" ]
then
echo "This computer is bound to the following Active Directory Services:"
dscl localhost -list "/Active Directory"
echo "With the Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /Active
sleep 5
echo "Removing any existing AD-Binding to "$check4AD
dsconfigad -f -remove -username "$udn" -password "$password"
echo "Removing Search Path entries"
if [ "$preferred" != "-nopreferred" ]
then
dscl /Search -delete / CSPSearchPath /Active Directory/"$domainname"
dscl /Search/Contacts -delete / CSPSearchPath /Active Directory/"$domainname"
dscl /Search -delete / CSPSearchPath /Active Directory/"$domainname"
fi
dscl /Search -delete / CSPSearchPath "/Active Directory/$domainname/All Domains"
dscl /Search/Contacts -delete / CSPSearchPath "/Active Directory/$domainname/All Domains"
#remove search path entries from 10.6
if dscl /Search -read / CSPSearchPath | grep /Active > /dev/null
then
dscl /Search -delete / CSPSearchPath "/Active Directory/$domainname/$domain"
dscl /Search/Contacts -delete / CSPSearchPath "/Active Directory/$domainname/$domain"
fi
sleep 5
else
echo "No Active Directory Binding present."
fi
echo ""
#Remove Existing Directory Services Config
echo "Removing existing DS Config"
if [ -d "/Library/Preferences/edu.mit.Kerberos" ]
then
rm -R /Library/Preferences/edu.mit.Kerberos
fi
if [ -d "/etc/krb5.keytab" ]
then
rm -R /etc/krb5.keytab
fi
# Clean up the DirectoryService configuration files
rm -Rfv /Library/Preferences/DirectoryService/*
#OD
echo ""
echo ""
echo "Binding to OD-Damin "$oddomain
sleep 5
dsconfigldap -v -a "$oddomain" -n "$oddomain" -c "$computerid"
echo "Killing opendirectoryd"
killall opendirectoryd
sleep 5
echo "Adding computer account $computerid to /LDAPv3/${oddomain} on $oddomain"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -create /Computers/"$computerid" ENetAddress "$nicAddress"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /Computers/"$computerid" RealName "$computerid"
# Set the GUID
GUID="$(dscl /LDAPv3/$oddomain -read /Computers/${computerid} GeneratedUID | awk '{ print $2 }')"
# Add computer to ComputerList and ComputerGroup
if [ $computerGroup != "" ]
then
echo "Adding computer $computerid to OD group $computerGroup on $oddomain"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /ComputerLists/"$computerGroup" apple-computers "$computerid"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /ComputerGroups/"$computerGroup" apple-group-memberguid "${GUID}"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /ComputerGroups/"$computerGroup" memberUid "$computerid"
fi
echo "Finished OD Binding."
sleep 5 # Give DS a chance to catch up
echo ""
echo ""
echo "Performing the AD Binding"
#AD
# Activate the AD plugin
defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Active"
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist
#Use the existing AD-Computername or generate a new one
computeridtmp="default"
if [ "$check4ADacct" == "" ]
then
LEN=$(echo ${#adcomputerid})
if [ $LEN -lt 15 ]; then
echo "ComputerID "$adcomputerid " has 15 characters or less and is therefore suitable for AD-Binding. It is $adcomputerid"
computeridtmp=$adcomputerid
else
echo "ComputerID "$adcomputerid " has 16 or more characters and needs to be modified for AD-Binding."
echo "Removing any -"
computeridtmp=${adcomputerid//-/}
LEN=$(echo ${#computeridtmp})
if [ $LEN -lt 15 ]; then
echo "ComputerID "$computeridtmp" has now 15 characters or less and is therefore suitable for AD-Binding."
else
echo "Only using the last 15 characters of the Computer name to be able to bind to AD."
computeridtmp=${computeridtmp:(-15)}
fi
echo "Cropped Computername to "$computeridtmp
fi
else
computeridtmp=${check4ADacct//$/}
echo "Found existing AD Account previously, attempting to recreate in the OU: "$computeridtmp
fi
echo ""
# Bind to AD
echo "Binding to AD-Domain "$domain" with computerid "$computeridtmp
dsconfigad -f -add "$domain" -username "$udn" -password "$password" -ou "$ou" -computer "$computeridtmp"
echo ""
echo "Setting the Advanced AD Plugin options"
# Configure advanced AD plugin options
if [ "$admingroups" = "" ]
then
dsconfigad -nogroups
else
dsconfigad -groups "$admingroups"
fi
dsconfigad -alldomains "$alldomains"
dsconfigad -localhome "$localhome"
dsconfigad -protocol "$protocol"
dsconfigad -mobile "$mobile"
dsconfigad -mobileconfirm "$mobileconfirm"
dsconfigad -useuncpath "$useuncpath"
dsconfigad -shell "$user_shell"
dsconfigad "$preferred"
dsconfigad -packetsign "$packetsign" -packetencrypt "$packetencrypt" -passinterval "$passinterval"
dsconfigad -namespace "$namespace"
sleep 5
echo ""
echo ""
# Add the OD & AD node to the search path
if [ "$alldomains" = "enable" ]
then
csp="/Active Directory/$domainname/All Domains"
else
csp="/Active Directory/$domainname"
fi
echo "Finished AD Binding."
echo "Adding Domain /LDAPv3/"$oddomain" and "$csp" to Search Path"
dscl /Search -create / SearchPolicy CSPSearchPath
dscl /Search/Contacts -create / SearchPolicy CSPSearchPath
echo "Adding OD.."
dscl /Search -append / CSPSearchPath /LDAPv3/"$oddomain"
dscl /Search/Contacts -append / CSPSearchPath /LDAPv3/"$oddomain"
echo "Adding AD.."
#Adding all Domains first to improve reliability under 10.7
if [ "$alldomains" != "enable" ]
then
cspadall="/Active Directory/$domainname/All Domains"
dscl /Search/Contacts -append / CSPSearchPath "$cspadall"
dscl /Search -append / CSPSearchPath "$cspadall"
fi
dscl /Search/Contacts -append / CSPSearchPath "$csp"
dscl /Search -append / CSPSearchPath "$csp"
echo "Finished Updating Search Paths."
echo ""
echo ""
# Restart DirectoryService (necessary to reload AD plugin activation settings)
killall opendirectoryd
# Destroy the login hook (or change it)
if [ "${newLoginHook}" == "" ]
then
defaults delete /var/root/Library/Preferences/com.apple.loginwindow LoginHook
else
defaults write /var/root/Library/Preferences/com.apple.loginwindow LoginHook $newLoginHook
fi
sleep 5
# Customizing the login-Window
#defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo DSStatus
#defaults write /Library/Preferences/com.apple.loginwindow showInputMenu -bool TRUE
#defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool TRUE
# This works in a pinch if the above code does not
#defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" -array "/Active Directory/All Domains"
#defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Policy" -int 3
#plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist
#killall opendirectoryd
# Disable autologin
defaults delete /Library/Preferences/com.apple.loginwindow autoLoginUser
srm /etc/kcpassword
echo ""
echo ""
echo ""
echo "Now bound to OD Domain:"
dscl localhost -list /LDAPv3
echo "With Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /LDAP
echo "Now bound to AD Domain:"
dscl localhost -list "/Active Directory"
echo "With Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /Active
exit 0 ## Success
exit 1 ## Failure
Any inputs, questions and improvement suggestions are, of course, most welcome!
Cheers
See -
How to hide a password from a prompted osascript dialogue from a Mac/UNIX Shell Script
I'm in the final phase of designing a script to automate my Active Directory binding that will be used by multiple people. Because of this, I need to prompt for a user name and password. I've successfully created the prompt, but want to find some way to prevent the password from showing up in the dialog box asking for the password (this will be done remotely, I don't want the password visible).
It can be turned into stars, dots, not show up at all, anything, I just need it NOT to show visually, but still be able to be passed down to the dsconfigad command.
I've tested the script itself and it works and a hidden password is the last piece that I need to make it live.
(Excuse any extra comments on here, I've pieced this together from a lot of different sources)
Any help you could offer would be greatly appreciated!
#! /bin/bash
while :; do # Loop until valid input is entered or Cancel is pressed.
user=$(osascript -e 'Tell application "System Events" to display dialog "Enter the network user name:" default answer ""' -e 'text returned of result' 2>/dev/null)
if (( $? )); then exit 1; fi # Abort, if user pressed Cancel.
user=$(echo -n "$user" | sed 's/^ *//' | sed 's/ *$//') # Trim leading and trailing whitespace.
if [[ -z "$user" ]]; then
# The user left the project name blank.
osascript -e 'Tell application "System Events" to display alert "You must enter a user name; please try again." as warning' >/dev/null
# Continue loop to prompt again.
else
# Valid input: exit loop and continue.
break
fi
done
while :; do # Loop until valid input is entered or Cancel is pressed.
netpass=$(osascript -e 'Tell application "System Events" to display dialog "Enter the network password:" default answer ""' -e 'text returned of result' 2>/dev/null)
if (( $? )); then exit 1; fi # Abort, if user pressed Cancel.
netpass=$(echo -n "$netpass" | sed 's/^ *//' | sed 's/ *$//') # Trim leading and trailing whitespace.
if [[ -z "$netpass" ]]; then
# The user left the project name blank.
osascript -e 'Tell application "System Events" to display alert "You must enter a password; please try again." as warning' >/dev/null
# Continue loop to prompt again.
else
# Valid input: exit loop and continue.
break
fi
done
MACNAME=$(scutil --get ComputerName)
sudo dsconfigad -add DOMAIN \
-username $user \
-password $netpass \
-computer $MACNAME \
-mobile disable \
-mobileconfirm disable \
-localhome enable \
-useuncpath enable \
-shell /bin/bash \
-ou OU=Macs,CN=Computers,DC=corp,DC=DOMAIN,DC=net \
-force \
-localpassword LOCALPASS \
-groups "GROUPS"
#sudo rm -- "$0"I think you want to change line 18 to read:
netpass=$(osascript -e 'Tell application "System Events" to display dialog "Enter the network password:" default answer "" with hidden answer' -e 'text returned of result' 2>/dev/null)
and of course add the 'with hidden answer' bit to line 23 as well. -
Add a mac to an active directory group using a script?
I am managing a bunch of Macs and we are using Active Directory groups to assign certificates for 802.11x. I am binding the device to AD using JAMF software and was wondering if I could use a script to then add the deive to an active directory group.
Thanks in advance...I think I misunderstood your question. If you are trying to add the computer record to a location other than the Computers container, then just change your binding script to target the folder you want. Remember that the user account you are using to bind must have access rights to this folder.
For example, the sample command from the man page shows you how. Say you have a subfolder inside Computers called Macs. You would do this in your binding script. Note the notation of an organizational unit within the Computers container.
dsconfigad -a ThisComputer -u "administrator"
- ou "CN=Computers,OU=Macs,DC=ads,DC=demo,DC=com" -domain domain.ads.apple.com
Is that what you are looking to do? -
Checking connectivity to AD via script
I am trying to come up with a script that would check to see if the mac is connected to AD (ie users can authenticate off AD), and if the mac is not connected, to connect it to AD using the hostname (with some formatting).
So far I found the dsconfigad command, that allows
dsconfigad -show
However this seems to only show the local setup of the machine, not the real AD connectivity status. My test machine is an example.. it was cloned from another machine that is connected to AD, and now it still thinks it is connected to AD, but it will not allow me to log in and authenticate off AD, rather it will only login from a local account.
Is there an equivalent of a Windows command
netdom.exe verify "hostname" /d:"domain"
which actually tests the validity of the connection between the apple and the AD server?
Thanks a lot!You can start by looking in the repository for script that create users from CSV file.s Modify the script to suit your needs.
Start here:
https://gallery.technet.microsoft.com/scriptcenter/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=activedirectory&f%5B0%5D.Text=Active%20Directory&f%5B1%5D.Type=SubCategory&f%5B1%5D.Value=useraccounts&f%5B1%5D.Text=User%20Accounts
¯\_(ツ)_/¯ -
Does anyone have a terminal script that can bind Macs to AD?
Looking to use terminal to bind our Macs to AD. Is there anyone who has done this process before?
Thanks for the help!Personally, we use Casper Suite and that works well especially since it's a 'set and forget' sort of thing. But I did find this. I've used some of these commands and this looks thorough.
PLEASE BE SURE TO TEST IN YOUR TEST AD ENVIRONMENT!!
#!/bin/sh
############################ AD_Bind_ARD ###########################
# Patrick Gallagher | [email protected]
# http://macadmincorner.com/bind-to-ad-using-apple-remote-desktop/
# This is a script that will bind a Mac to AD from ARD.
# Modified from Mike Bombich's ad-bind-login-tiger.sh script
# which can be found at http://www.bombich.com/mactips/scripts.html
# Needs to be modified for your enviornment
computerid=`/usr/sbin/scutil --get LocalHostName`
# Standard parameters
domain="domain.school.edu" # fully qualified DNS name of Active Directory Domain
udn="username" # username of a privileged network user
password="password" # password of a privileged network user
ou="CN=Computers,DC=domain,DC=school,DC=edu" # Distinguished name of container for the computer
# Advanced options
alldomains="enable" # 'enable' or 'disable' automatic multi-domain authentication
localhome="enable" # 'enable' or 'disable' force home directory to local drive
protocol="smb" # 'afp' or 'smb' change how home is mounted from server
mobile="enable" # 'enable' or 'disable' mobile account support for offline logon
mobileconfirm="disable" # 'enable' or 'disable' warn the user that a mobile acct will be created
useuncpath="disable" # 'enable' or 'disable' use AD SMBHome attribute to determine the home dir
user_shell="/bin/bash" # e.g., /bin/bash or "none"
preferred="-nopreferred" # Use the specified server for all Directory lookups and authentication
# (e.g. "-nopreferred" or "-preferred ad.server.edu")
admingroups="YOURDOMAIN\domain admins" # These comma-separated AD groups may administer the machine (e.g. "" or "APPLE\mac admins")
# Login hook setting -- specify the path to a login hook that you want to run instead of this script
### End of configuration
# Activate the AD plugin
defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Active"
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist
sleep 5
# Bind to AD
dsconfigad -f -a $computerid -domain $domain -u $udn -p "$password" -ou "$ou"
# Configure advanced AD plugin options
if [ "$admingroups" = "" ]; then
dsconfigad -nogroups
else
dsconfigad -groups "$admingroups"
fi
dsconfigad -alldomains $alldomains -localhome $localhome -protocol $protocol \
-mobile $mobile -mobileconfirm $mobileconfirm -useuncpath $useuncpath \
-shell $user_shell $preferred
# Restart DirectoryService (necessary to reload AD plugin activation settings)
killall DirectoryService
# Add the AD node to the search path
if [ "$alldomains" = "enable" ]; then
csp="/Active Directory/All Domains"
else
csp="/Active Directory/$domain"
fi
#dscl /Search -create / SearchPolicy CSPSearchPath
#dscl /Search -append / CSPSearchPath "/Active Directory/All Domains"
#dscl /Search/Contacts -create / SearchPolicy CSPSearchPath
#dscl /Search/Contacts -append / CSPSearchPath "/Active Directory/All Domains"
# This works in a pinch if the above code does not
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" -array "/Active Directory/All Domains"
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Policy" -int 3
defaults write /Library/Preferences/DirectoryService/ContactsNodeConfig "Search Node Custom Path Array" -array "/Active Directory/All Domains"
defaults write /Library/Preferences/DirectoryService/ContactsNodeConfig "Search Policy" -int 3
plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist -
How to Prompt for User/Pass Running Shell Script Remotely through ARD
So I finally got my Active Directory Script working! However, I realized that I'm not the only one going to be running this script and to have my user name and password in the script itself is beyond foolish. While I know it's possible just to have whoever's running the script to manually add their username and password, I'd prefer to have prompts to make things easier for the rest of my team.
Here's my current script. I've tested it on the machine I'm connecting to Active Directory and it works fine if you run it on the machine itself in terminal. However, I'm going to be doing this on about 150 machines and the whole point of the script is to do it remotely.
#! /bin/bash
MACNAME=$(scutil --get ComputerName)
read -p "User Name: " USER
read -p "Password for $USER: " PASS
dsconfigad -add "CORP.DOMAIN.NET" \
-username $USER \
-password $PASS \
-computer $MACNAME \
-mobile disable \
-mobileconfirm disable \
-localhome enable \
-useuncpath enable \
-shell /bin/bash \
-ou OU=Macs,CN=Computers,DC=corp,DC=DOMAIN,DC=net \
-force \
-localpassword "PASSWORD" \
-groups "GROUPS"
When I run the UNIX script through ARD to a machine, I get no prompts for USER or PASS. In fact, it gives me the following error "dsconfigad: Authentication server encountered an error while attempting the requested operation. (5202)" So it's not asking for a user name and password.
Is there any way to make a shell script prompt you for a User Name and Password when you're sending commands remotely through ARD? Or is there another way to do this?
Any suggestions would be greatly appreciated.
-rksBest solution is to create an account that is exclusive to binding machines. By doing this, you can embed the user name and password in the script. Heck, you can post it on your website. If the account is configured properly, it will only be able to create machine records in a defined container. If you are mixing Macs and PCs in your AD domain, I also recommend creating an isolated container for your Mac records. Now, the account has even less access rights as you can make it so it only has rights to the Mac container.
Otherwise, ARD does not prompt. You can play around with an expect script but the reality is that you are still embedding the credentials in the script so it really does not achieve what you want. ARD is not an interactive shell scripting tool. It is more a fire and forget.
Reid
Apple Consultants Network
Apple Professional Services
Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store -
How to delete the members in one dimension use the maxl script
i have question that i want to delete the members in one dimension useing the maxl script, but i do not know how to do it. can the maxl delete the members in one dimension? if can, please provide an sample script, thank you so mcuh.
MaxL does not have commands to alter an outline directly, except the reset command which can delete all dimensions but not members selectively. The best you could do would be to run a rules file (import dimensions) using a file that contains the members you want to keepload rule for the dimension. As typical the warning is to test this first before you do it on a production database
-
Unable to capture the adf table column sort icons using open script tool
Hi All,
I am new to OATS and I am trying to create script for testing ADF application using open script tool. I face issues in recording two events.
1. I am unable to record the event of clicking adf table column sort icons that exist on the column header. I tried to use the capture tool, but that couldn't help me.
2. The second issue is I am unable to capture the panel header text. The component can be identified but I was not able to identify the supporting attribute for the header text.Hi keerthi,
1. I have pasted the code for the first issue
web
.button(
122,
"/web:window[@index='0' or @title='Manage Network Targets - Oracle Communications Order and Service Management - Order and Service Management']/web:document[@index='0' or @name='1824fhkchs_6']/web:form[@id='pt1:_UISform1' or @name='pt1:_UISform1' or @index='0']/web:button[@id='pt1:MA:0:n1:1:pt1:qryId1::search' or @value='Search' or @index='3']")
.click();
adf
.table(
"/web:window[@index='0' or @title='Manage Network Targets - Oracle Communications Order and Service Management - Order and Service Management']/web:document[@index='0' or @name='1c9nk1ryzv_6']/web:ADFTable[@absoluteLocator='pt1:MA:n1:pt1:pnlcltn:resId1']")
.columnSort("Ascending", "Name" );
} -
If statement in Custom Calculation Script
I have 16 fields and if even one of them ="1" I have to list it in another field. I do not want to count or sum. If one of those fields has a 1 in it I just want the other field to display Y and if none have a 1 I want that field to display N.
Please help.
Thank you in advance~mjcYou need to write a compound logical statement to evaluate all of the values and that statement needs to evaluate to true or false.
Do you know how to write JavaScript?
Do you know how to enter JavaScript calculations into a form field?
For custom calculation of the text field I could write something like:
// define an array of the field names to check
var aNames = new Array("Text1", "Text2", "Text3", "Text4",
"Text5", "Text6", "Text7", "Text8",
"Text9", "Text10", "Text11", "Text12",
"Text13", "Text14", "Text15", "Text16");
// define a logical variable that is true if any field has a value of 1 - default is false or no field has a value of 1
var bMatch = false;
// value for text field
var TextValue = 0;
// logical value of field being equal to 1 test
var FieldIs1 = false;
// loop through all the fields and test the fields value
for(i = 0; i < aNames.length; i++) {
// logically OR the result of field i value equal to true with bMatch
// get the value of field
TextValue = this.getField( aNames[i] ).value;
// test the value of the field
FieldIs1 = Number(TextValue) == 1
// logically OR the 2 values
bMatch = FieldIs1 | bMatch;
} // end field processing
// set the field value
if(bMatch == true) {
event.value = "Y";
} else {
event.value = "N";
You will need to change the field names to match your fields. You can add more field name or remove field names as needed and the script will adjust for the number of field names. -
Hi All,
I have written the below If statement in SAP scripts but when i execute the same the controll doent check the second line entries. If firtst line doesnot satisfy it goes to the else part. Kindly suggest what is wrong in this..
/: IF &T156T-BWART& = '321' OR &T156T-BWART& = '322' OR
/: &T156T-BWART& = '349' OR &T156T-BWART& = '350' OR
/: &T156T-BWART& = '312' OR &T156T-BWART& = '326' OR
/: &T156T-BWART& = '343' OR &T156T-BWART& = '344'.
/: ELSE
/: ENDIF.Hi neha,
Try to use the '/E' fo rnext line
/E->Extended line
Here is a code:
/: IF &T156T-BWART& = '321' OR &T156T-BWART& = '322' OR
/E &T156T-BWART& = '349' OR &T156T-BWART& = '350' OR
/E &T156T-BWART& = '312' OR &T156T-BWART& = '326' OR
/E &T156T-BWART& = '343' OR &T156T-BWART& = '344'.
/: ELSE
/: ENDIF.
Hope this helps you.
Regards,
Rajani -
Installation Problem on 11g, RHEL 5 - Unable to generate temporary script
Hello all,
This is for the first time i am encountering this kind of error on 11g. Half way through installation i get this error.
All parameters set correct, used the official installation technique (works fine previously), except for this time i am getting a weird error, which does not allow me to continue with the installation.
Please help.
Environment
Oracle 11g
RHEL 5
Error on GUI -
OUI-10053: Unable to generate temporary script: {0}. Unable to continue install
Error on command prompt -
OUI-10053:Unable to generate temporary script: /u01/app/oraInventory/orainstRoot.sh. Unable to continue install.
Help appreciated.
ThanksHi Monu Koshy
Can you please control the user rights and also the df ?
ls -al /u01/app/oraInventory/
df -h /u01/app/oraInventory/
Regards,
Hub -
SAMPLE RECEIVING OPEN INTERFACE SCRIPT(ROI 이용자를 위한 SCRIPT)
제품: MFG_PO
작성날짜 : 2006-05-11
SAMPLE RECEIVING OPEN INTERFACE SCRIPT(ROI 이용자를 위한 SCRIPT)
================================================================
PURPOSE
Receiving Open Interface(ROI)를 좀더 쉽게 사용할 수 있도록 만들어진
tool이라고 할 수 있다. 이 script를 이용을 통해 user는 PO no, user id,
Org id를 입력하면 script는 PO에서 최소한의 data를 가져와 receiving
transaction을 생성하기 위해 ROI에 data를 입력한다.
Receiving Transaction Processor는 insert 된 data를 실행한다.
Explanation
Instructions:
1.Script exroi.sql을 local computer에 copy 하거나 sqlplus 환경의 text
edior에 script 내용을 cut&paste 한다.
2.사용가능한 PO no, User id, Org id를 결정한다.
3.sqlplus prompt에서 아래와 같이 입력한다.
SQL> @ezroi.sql
4.PO no, User id, Org id를 입력하라는 prompt를 볼 수 있을 것이다.
5.exroi.sql script를 관련된 PO data를 가져와 rcv_headers_interface 및
rcv_transactions_interface tables에 insert 한다.
만일 PO shipment lind이 closed, cancelled, fully received 되었다면
ROI table에 data를 insert 하지 않는다.
Note: 이 script가 data를 validate 하진 않으며,ROI API 자체 validation
이 실행될 뿐이다.
6.Script가 끝나면 Receiving Transaction Processor를 실행하여 insert 된
lines을 처리할 수 있다. Transaction Status Summary 화면을 통해 실행된
line이 pending 인지 error 상태인지 확인할 수 있다.
Notes:
1.Org_id parameter 값을 찾는법:
a) Application에 접속, Help> Diagnostics> Examine으로 이동.
Block:$Profile$, Field: ORG_ID 를 선택한다.
b) ORG_ID 값을 note 해 놓고 ORG_ID prompt시 이 값을 입력한다.
2.User_Name parameter 값을 찾는법:
a) Application에 접속, Help> Diagnostics> Examine으로 이동.
Block:$Profile$, Field: USER_NAME 를 선택한다.
b) USER_NAME 값을 note 해 놓고 USER_NAME prompt시 이 값을 입력한다.
Example
"eZROI.sql' script...
--*** eZROI ***
--*** by ***
--*** Preston D. Davenport ***
--*** Oracle Premium Applications Support ***
--*** Oracle Worldwide Global Support Services ***
--*** Date: 23-JUL-2003 - Beta release ***
--*** Date: 09-SEP-2003 - Rev A Added multi- ***
--*** shipment line capability ***
--*** Parameters: ***
--*** ORG_ID Organization ID ***
--*** USER_NAME FND User Name ***
--*** PO_NUMBER Purchase Order Number ***
--*** This script intended for a standard Purchase ***
--*** Order document to be inserted into the Oracle ***
--*** Receiving Open Interface (ROI) via the standard ***
--*** Oracle open interface api for a simple Receive ***
--*** transaction. ***
--*** Note: This script only considers open Purchase ***
--*** Orders. This script will not allow over- ***
--*** receipt, cancelled or closed PO's to be ***
--*** inserted into the ROI and received ***
CLEAR BUFFER
SET VERIFY OFF
SET LINESIZE 140
SET PAGESIZE 60
SET ARRAYSIZE 1
SET SERVEROUTPUT ON SIZE 100000
SET FEEDBACK OFF
SET ECHO OFF
DECLARE
X_USER_ID NUMBER;
X_PO_HEADER_ID NUMBER;
X_VENDOR_ID NUMBER;
X_SEGMENT1 NUMBER;
X_ORG_ID NUMBER;
X_LINE_NUM NUMBER;
BEGIN
DBMS_OUTPUT.PUT_LINE('***ezROI RCV API Insert Script***');
SELECT PO_HEADER_ID , VENDOR_ID , SEGMENT1 , ORG_ID
INTO X_PO_HEADER_ID , X_VENDOR_ID , X_SEGMENT1 , X_ORG_ID
FROM PO_HEADERS_ALL
WHERE SEGMENT1 = '&PO_NUMBER'
AND ORG_ID = &ORG_ID;
SELECT USER_ID INTO X_USER_ID
FROM FND_USER
WHERE USER_NAME = UPPER('&USER_NAME');
INSERT INTO RCV_HEADERS_INTERFACE
HEADER_INTERFACE_ID ,
GROUP_ID ,
PROCESSING_STATUS_CODE ,
RECEIPT_SOURCE_CODE ,
TRANSACTION_TYPE ,
LAST_UPDATE_DATE ,
LAST_UPDATED_BY ,
LAST_UPDATE_LOGIN ,
VENDOR_ID ,
EXPECTED_RECEIPT_DATE ,
VALIDATION_FLAG
SELECT
RCV_HEADERS_INTERFACE_S.NEXTVAL ,
RCV_INTERFACE_GROUPS_S.NEXTVAL ,
'PENDING' ,
'VENDOR' ,
'NEW' ,
SYSDATE ,
X_USER_ID ,
0 ,
X_VENDOR_ID ,
SYSDATE ,
'Y'
FROM DUAL;
DECLARE
CURSOR PO_LINE IS
SELECT PL.ITEM_ID , PL.PO_LINE_ID , PL.LINE_NUM ,
PLL.QUANTITY , PL.UNIT_MEAS_LOOKUP_CODE ,
MP.ORGANIZATION_CODE , PLL.LINE_LOCATION_ID ,
PLL.CLOSED_CODE , PLL.QUANTITY_RECEIVED ,
PLL.CANCEL_FLAG, PLL.SHIPMENT_NUM
FROM PO_LINES_ALL PL ,
PO_LINE_LOCATIONS_ALL PLL ,
MTL_PARAMETERS MP
WHERE PL.PO_HEADER_ID = X_PO_HEADER_ID
AND PL.PO_LINE_ID = PLL.PO_LINE_ID
AND PLL.SHIP_TO_ORGANIZATION_ID = MP.ORGANIZATION_ID;
BEGIN
FOR CURSOR1 IN PO_LINE LOOP
IF CURSOR1.CLOSED_CODE IN ('APPROVED','OPEN')
AND CURSOR1.QUANTITY_RECEIVED < CURSOR1.QUANTITY
AND NVL(CURSOR1.CANCEL_FLAG,'N') = 'N'
THEN
INSERT INTO RCV_TRANSACTIONS_INTERFACE
INTERFACE_TRANSACTION_ID ,
GROUP_ID ,
LAST_UPDATE_DATE ,
LAST_UPDATED_BY ,
CREATION_DATE ,
CREATED_BY ,
LAST_UPDATE_LOGIN ,
TRANSACTION_TYPE ,
TRANSACTION_DATE ,
PROCESSING_STATUS_CODE ,
PROCESSING_MODE_CODE ,
TRANSACTION_STATUS_CODE ,
PO_LINE_ID ,
ITEM_ID ,
QUANTITY ,
UNIT_OF_MEASURE ,
PO_LINE_LOCATION_ID ,
AUTO_TRANSACT_CODE ,
RECEIPT_SOURCE_CODE ,
TO_ORGANIZATION_CODE ,
SOURCE_DOCUMENT_CODE ,
DOCUMENT_NUM ,
HEADER_INTERFACE_ID ,
VALIDATION_FLAG
SELECT
RCV_TRANSACTIONS_INTERFACE_S.NEXTVAL ,
RCV_INTERFACE_GROUPS_S.CURRVAL ,
SYSDATE ,
X_USER_ID ,
SYSDATE ,
X_USER_ID ,
0 ,
'RECEIVE' ,
SYSDATE ,
'PENDING' ,
'BATCH' ,
'PENDING' ,
CURSOR1.PO_LINE_ID ,
CURSOR1.ITEM_ID ,
CURSOR1.QUANTITY ,
CURSOR1.UNIT_MEAS_LOOKUP_CODE ,
CURSOR1.LINE_LOCATION_ID ,
'RECEIVE' ,
'VENDOR' ,
CURSOR1.ORGANIZATION_CODE ,
'PO' ,
X_SEGMENT1 ,
RCV_HEADERS_INTERFACE_S.CURRVAL ,
'Y'
FROM DUAL;
DBMS_OUTPUT.PUT_LINE('PO line: '||CURSOR1.LINE_NUM||' Shipment: '||CURSOR1.SHIPMENT_NUM||' has been inserted into ROI.');
ELSE
DBMS_OUTPUT.PUT_LINE('PO line '||CURSOR1.LINE_NUM||' is either closed, cancelled, received.');
END IF;
END LOOP;
DBMS_OUTPUT.PUT_LINE('*** ezROI COMPLETE - End ***');
END;
COMMIT;
END;
SET VERIFY ON
Reference Documents
Note 245334.1I have the same problem on ESXI 5.5 for over a month now, tried the patches, tried the LTS kernel which others say results in an immediate result without patches, nothing seems to work and nobody seems to be able to offer a solution.
Did you make any progress ??
Error! Build of vmblock.ko failed for: 3.10.25-1-lts (x86_64)
Consult the make.log in the build directory
/var/lib/dkms/open-vm-tools/2013.09.16/build/ for more information.
make[2]: *** No rule to make target '/var/lib/dkms/open-vm-tools/2013.09.16/build/vmblock/linux/inode', needed by '/var/lib/dkms/open-vm-tools/2013.09.16/build/vmblock/vmblock.o'. Stop.
Makefile:1224: recipe for target '_module_/var/lib/dkms/open-vm-tools/2013.09.16/build/vmblock' failed
make[1]: *** [_module_/var/lib/dkms/open-vm-tools/2013.09.16/build/vmblock] Error 2
make[1]: Leaving directory '/usr/src/linux-3.10.25-1-lts'
Makefile:120: recipe for target 'vmblock.ko' failed
Last edited by crankshaft (2014-01-10 11:32:32) -
<pre><nowiki>function createEmbed(divID, context, locale, server,client)
var d = document.getElementById(divID);
d.innerHTML = '<EMBED type="application/x-java-applet;version=1.8" CODE="com.cybertrust.webrao.WebRAOApplet.class"'+
'JAVA_CODEBASE="'+context+'" '+
'ARCHIVE="WebRAO.jar" '+
'NAME="WebRAOApplet" '+
'MAYSCRIPT="true" '+
'pluginspage="http://javadl.sun.com/webapps/download/GetFile/1.8.0_31-b13/windows-i586/xpiinstall.exe"'+
'L="'+locale+'" ' +
'PinTimeout="'+server+'"'+
'ClientTimeout="'+client+'"'+
'separate_jvm="true"'+
'java_version="1.8.0_31" />';
}</nowiki></pre>
We are using the above script. Defined the application/x-java-applet;version=1.8 So. as per the oracle documentation, Firefox has to check whether java version 1.8 or above is available and then run the applet thereby opening the run window and finally the applet window has to open. So the expectation is if 1.8 jre is not available it has to trigger the pluginspage attribute thereby redirecting to the jre autodownload url mentioned in pluginspage. This code use to work for firefox 21. Not sure why it will not work with any of the versions above 21. Right now we are trying with firefox 36. The same code works with IE 11 also. Please suggest is there any solution for the same.There are some updates happening to [https://www.mozilla.org/en-US/plugincheck/]
However to further investigate I would suggest troubleshooting the installation of Java:
*[http://kb.mozillazine.org/Java#Java_Deployment_Toolkit_plugin]
*[https://support.mozilla.org/en-US/kb/troubleshoot-issues-with-plugins-fix-problems]
Or also checking with Mozillazine or stackoverflow.com for compatibility and development troubleshooting is a good place to also look. -
Questions on scripts, tables & transfer objects between clients.
1. In script, how to use the same print program for two different layouts? with procedure.!
2. Why cant sapscripts be client independent.?
3. Want to maintain a table in dev server and if i update the data, it should simultanously update in Quality and Production servers. How? please explain in details.
4. How to transfer object between clients.? explain.
Points will be promptly rewarded for HELPFULL answers.!Hi!
3. With SE01, you can create a transport request for all table entries.
SE01 - Create button - Workbench request - Give description and save
Select the created request and click on Display object list.
Click on Display - Change button
Insert line button
ProgID: R3TR
Object: TABU
Object name: Z_YOUR_TABLE
Double click on the table name
Insert line
Key: *
Save everything
Release the transport in SE10 transaction and transport with STMS transaction.
Regards
Tamá
Maybe you are looking for
-
BED,Cess and Higher education cess is not showing automatically
Experts, we created a sales order , we have done configuration that BED CESS HEcess should be automatically appear in the conditions while entering Plant. even after entering plant these condition types are not appearing automatically in Condition Ta
-
How do you unlock the iphone to rotate the image?
-
Has anyone been able to install solaris 8 on an IBM Thinkpad T20. The cdrom doesn't seem to be recognized, since solaris goes into a prom_panic, unable to read sector 0. The media is good, since i've been able to install on both my desktop and anothe
-
What is going on? I have never had this problem until I updated to OS 10.10.1. Now apple Tech Support wants to charge me to look into it. It crashes with no error message.
-
Address book will not allow me to send a group email
After a recent upgrade to Snow Leopard, I seem to have lost the ability to send email using any of the "groups" which are in my address book. When I click on the group name only the first person of the group appears in the TO: line of the email. I ha