Scripting in Siebel Open UI
Hi,
My customer is upgrading to 8.1.1.9 and wants to use Open UI, but they have discovered that Browser Scripts no longer work in Open UI.
They have only 1 script. It is a script that causes the Siebel Thread to end when the end user closes the IE Browser.
Here is the script.
function Application_PreInvokeMethod (name, inputPropSet) {
// Requirement is to close the browser window on applicaion logout.
if(name=="Logoff") {
var wGen = window.top;
wGen.close();
return ("CancelOperation");
return ("ContinueOperation");
Open UI doesn't support Browser Script. It supports a 'new JAva API'. I have found the Logout Method in the Configuring Siebel Open UI, page 213.
I can't find an Event that I can connect a logout function from. Does anyone know of one?
Roy Chesnut
Roy,
You may get the answer in the open ui webcast on March 19. Details in Doc ID 1528529.1 on support.oracle.com
Thanks,
Wilson
Similar Messages
-
Not able to playback siebel open ui functional scripts from OTM
Hi All,
I have recorded a Siebel Open UI functional script using web wizard of OpenScript.It contains navigating url,typing username and password,clicking enter button.
When I tried to playback from OpenScript,it works fine.But when I tried to execute from OTM,broser is launched and navigated to the url,then it failed.
I am getting "Failed to playback: No browser launched" error from OTM report.
OATS Version : 12.4.0.2 Build 129
IE Version : 9.0.8112.16421
I have found one more strange thing,after playing back from openscript,if the Siebel Open UI login page exists in the browser,then OTM is able to playback with the scripts,it is logging in to the application.
Can anyone help me to fix this issue?
Thanks,
Sandy.Informatica Domain File path D:\Informatica\9.1.0 - domains.infa
Informatica Power Center Path D:\Informatica\9.1.0\server
Yes, I m able to connect to the Informatica repository through the Informatica client.
I tried adding the windows machine name to the hosts file, but didn't help.
veeravalli - I've followed all the instructions in the document. I rechecked all the details corresponding to the host, domain and port number and they are correct.
Thanks! -
Is any difference in the protocol used and request, response(Content type for communication over network) of Normal Siebel and Siebel OPEN UI?
Hi
I found out the following
1 When Open UI is open, the Browser Script on the Applicaation PreInvoke event fires and scripts are executed.
2 We have browser script that closes IE8 that is executed when the Application PreInvoke event. It looks like this. It works for Siebel 8.1.1.9 when Open UI is on.
function Application_PreInvokeMethod (name, inputPropSet)
// Requirement is to close the browser window on applicaion logout.
if(name=="Logoff") {
var wGen = window.top;
wGen.close();
return ("CancelOperation");
return ("ContinueOperation");
3 This code doesn't work for IE9 and Chrome. We tested this Code in the customer's environment. This code worked with Chrome, ID8, we haven't tested with ID9 yet.
function WellPoint_Consumer_Financial_Services_Application_PreInvokeMethod (name, inputPropSet)
if(name=="Logoff") {
window.open('','_self','');
window.close();
return ("CancelOperation");
return ("ContinueOperation");
4 We found that Firefox will not allow closing their browser from Browser Script. This opinion is the result of Web Research into this issue. -
DDLIMP utility is failing while running the DDL_OLTP.ctl script for Siebel
DDLIMP utility is failing while running the DDL_OLTP.ctl script for Siebel source on DB2.
Below is the the log details:
2021 2012-11-08 03:23:46 2012-11-08 03:25:56 -0700 0000002a 001 003f 0001 09 ddlimp 604 736 C:\OBIA\Upgrade\CTLFiles\DDL_.log
ContextInit ContextInit 0 0 2012-11-08 03:23:46 Message Facility failed to init. Siebel Root: C:\DAC\client\utilities
Trace Trace 3 0 2012-11-08 03:23:46 Siebel Enterprise Applications ODBC DDL Import Utility, Version 7.7 [18030] ENU
Trace Trace 3 0 2012-11-08 03:23:46 Copyright (c) 2001 Siebel Systems, Inc. All rights reserved.
Trace Trace 3 0 2012-11-08 03:23:46
This software is the property of Siebel Systems, Inc., 2207 Bridgepointe Parkway,
San Mateo, CA 94404.
User agrees that any use of this software is governed by: (1) the applicable
user limitations and other terms and conditions of the license agreement which
has been entered into with Siebel Systems or its authorized distributors; and
(2) the proprietary and restricted rights notices included in this software.
WARNING: THIS COMPUTER PROGRAM IS PROTECTED BY U.S. AND INTERNATIONAL LAW.
UNAUTHORIZED REPRODUCTION, DISTRIBUTION OR USE OF THIS PROGRAM, OR ANY PORTION
OF IT, MAY RESULT IN SEVERE CIVIL AND CRIMINAL PENALTIES, AND WILL BE
PROSECUTED TO THE MAXIMUM EXTENT POSSIBLE UNDER THE LAW.
If you have received this software in error, please notify Siebel Systems
immediately at (650) 295-5000.
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:23:46 ddlimp /U SIEBEL /P ***** /C siebel /G SSE_ROLE /F C:\OBIA\Upgrade\CTLFiles\DDL_OLTP.CTL /L C:\OBIA\Upgrade\CTLFiles\DDL_
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:23:46
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:23:46 Connecting to the database...
DBCLog DBCLogError 1 0 2012-11-08 03:23:52 SQL Warning, SQL State 01004, 0, [DataDirect][ODBC DB2 Wire Protocol driver]String data, right truncated.
DBCLog DBCLogError 1 0 2012-11-08 03:23:52 SQL Warning, SQL State , 40042692, CLog DBCLogError 1 0 2012-11-08 03:23:52 SQL Warning, SQL State 01004, 0, [DataDirect][ODBC DB2 Wire Protocol driver]String data, right truncated.
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:23:52 Connected.
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:23:52
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:23:52 Reading tables and indexes from DDL file...
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:23:52 Read 522 tables and 1084 indexes from DDL file...
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:23:52
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:23:52 Reading existing schema...
SARMLog SARMInformation 3 0 2012-11-08 03:23:52 SARM is OFF -change param SARMLevel to enable
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:25:56 Read 0 tablespaces, 6137 tables and 24846 indexes from existing schema...
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:25:56
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:25:56 Running SQL statements against the database...
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:25:56 Merging table S_ETL_COSTLST ...
SQLError Statement 0 0 2012-11-08 03:25:56 SQL Statement:
alter table S_ETL_COSTLST modify
CONFLICT_ID varchar(15)
DBCLog DBCLogError 1 0 2012-11-08 03:25:56 [DataDirect][ODBC DB2 Wire Protocol driver][UDB DB2 for Windows, UNIX, and Linux]ILLEGAL SYMBOL modify; VALID SYMBOLS ARE table S_ETL_COSTLST. ADD
SQLError Statement 0 0 2012-11-08 03:25:56 SQL Statement:
alter table S_ETL_COSTLST modify
CONFLICT_ID varchar(15)
DBCLog DBCLogError 1 0 2012-11-08 03:25:56 [DataDirect][ODBC DB2 Wire Protocol driver][UDB DB2 for Windows, UNIX, and Linux]An error occurred during implicit system action type '2'. Information returned for the error includes SQLCODE '-104', SQLSTATE '42601' and message tokens 'modify|table S_ETL_COSTLST|ADD'.
SQLError Statement 0 0 2012-11-08 03:25:56 SQL Statement:
alter table S_ETL_COSTLST modify
CONFLICT_ID default '0'
DBCLog DBCLogError 1 0 2012-11-08 03:25:56 [DataDirect][ODBC DB2 Wire Protocol driver][UDB DB2 for Windows, UNIX, and Linux]ILLEGAL SYMBOL modify; VALID SYMBOLS ARE table S_ETL_COSTLST. ADD
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:25:56
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:25:56 37000: [DataDirect][ODBC DB2 Wire Protocol driver][UDB DB2 for Windows, UNIX, and Linux]ILLEGAL SYMBOL modify; VALID SYMBOLS ARE table S_ETL_COSTLST. ADD
SQLError Statement 0 0 2012-11-08 03:25:56 SQL Statement:
alter table S_ETL_COSTLST modify
CONFLICT_ID default '0'
DBCLog DBCLogError 1 0 2012-11-08 03:25:56 [DataDirect][ODBC DB2 Wire Protocol driver][UDB DB2 for Windows, UNIX, and Linux]An error occurred during implicit system action type '2'. Information returned for the error includes SQLCODE '-104', SQLSTATE '42601' and message tokens 'modify|table S_ETL_COSTLST|ADD'.
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:25:56
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:25:56 56098: [DataDirect][ODBC DB2 Wire Protocol driver][UDB DB2 for Windows, UNIX, and Linux]An error occurred during implicit system action type '2'. Information returned for the error includes SQLCODE '-104', SQLSTATE '42601' and message tokens 'modify|table S_ETL_COSTLST|ADD'.
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:25:56 alter table S_ETL_COSTLST modify
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:25:56 CONFLICT_ID default '0'
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:25:56
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:25:56 ;
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:25:56 writeExecDDL error (UTLOdbcExecDirectDDL pDDLSql).
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:25:56 writeExecDDL error (UTLDbDdlColModify).
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:25:56 Error in MainFunction (UTLDbDdlDbMerge).
SQLDBUtilityLog SQLDBUtilityLog 3 0 2012-11-08 03:25:56 Error in Main function...
GenericLog GenericError 1 0 2012-11-08 03:25:56 (logapi.cpp (167) err=1 sys=126) SBL-GEN-00001: (logapi.cpp: 167) error code = 1, system error = 126, msg1 = (null), msg2 = (null), msg3 = (null), msg4 = (null)If you run DAC on a 64-bit windows Operating System, you must create the ODBC data source using the ODBC Administrator tool in %windir%\SysWOW64\odbcad32.exe. for creating the data warehouse tables.
If helps pls mark -
Can anyone help me create a relink script to simply open up the relink dialogue box?
Can anyone help me create a relink script to simply open up the relink dialogue box?
the "Relink" command uses the same dialog as the "Place" command, with the exception of having the "Replace" option checked...so, use Ctrl+Shift+P to bring up the Place dialog, select your new image then check the "Replace" check box.
if checking "Replace" with the mouse slows you down, after selecting your image, press "tab" key 3 times to switch focus to it, then press space bar to check it, then ok to place. -
iCal failing to run applescripts: The 'Open' button does not change to 'Run', and the script file is opened but not executed.
Calendar (not called iCal anymore) does not include that capability any longer, apparently. What you have to do now is go to Automator and create a Calendar Alert action. You can add a Run AppleScript object to the action and paste in your script there, then when you save it, it will become available as a choice in the alert menu in Calendar.
-
Oracle Open Script - Failed to open script error
I am receiving the following error when trying to open a script in Oracle open script
'Failed to open script' has encountered a problem.Failed to open <script_name>. See error log for details.
I have tried the Giri Mandalika's solution but there is no "<failing_script_name>" folder in specified path.
Can someone please help me to resolve this issue ?Hi ,You can try deleting the osworkspace folder .The folder should be at C:\Users\<username>\. May be take a back up copy of the folder before deleting it.Let me know if it works.
-
Slow script error when opening websites
I'm getting a slow script error when opening websites
Safari > Preferences > Advanced > Show Develop menu in menu bar
Safari > Develop > Disable Runaway JavaScript Timer -
Script error when opening browser or enlarging
chrome://tavgp/content/libs/include.js:595
I get a script error on opening the Firefox browser, every time I try to enlarge a photo and when opening an information popup.Caused by an incompatible extension.
http://support.mozilla.com/en-US/kb/troubleshooting+extensions+and+themes
Figure out which one is causing that problem, and disable that extension. -
Shell Script - Need to Open terminal and Print output?
Hi All,
I have a script to update a git version of a software, but I would like to be able to check the output of the script in a terminal.
So in a nut shell, I want when launching the script:
- Terminal to Open
- All command to be executed in the terminal
- Terminal to close only if no error (do not know if it's possible?)
See below my very simple script:
Many thanks in advance for your time and advice,
rm -r /home/sweetth/banshee &&
cd /home/sweetth &&
git clone git://git.gnome.org/banshee &&
cd /home/sweetth/banshee &&
./autogen.sh &&
makeRight, I manage it differently
So I got my script to dl those PKGBUILD for those Ipod library needed for the latest Banshee, then dl the latest banshee git and "make" it.
for those who might be interested to keep their banshee-git update:
#!/bin/bash
xterm -hold -e "mkdir ~/libpod;
cd ~/libpod;
mkdir ~/libpod/gtk-sharp-beans-git
cd ~/libpod/gtk-sharp-beans-git
wget http://aur.archlinux.org/packages/gtk-sharp-beans-git/gtk-sharp-beans-git/PKGBUILD;
wget http://aur.archlinux.org/packages/gtk-sharp-beans-git/gtk-sharp-beans-git/autogen_fix.patch;
makepkg -s;
mv gtk-sharp-beans-git** ~/libpod;
cd ~/libpod;
rm -rf ~/libpod/gtk-sharp-beans-git;
mkdir ~/libpod/gio-sharp-git;
cd ~/libpod/gio-sharp-git;
wget http://aur.archlinux.org/packages/gio-sharp-git/gio-sharp-git/PKGBUILD;
makepkg -s;
mv gio-sharp-git** ~/libpod;
cd ~/libpod;
rm -rf ~/libpod/gio-sharp-git;
mkdir ~/libpod/gkeyfile-sharp-git;
cd ~/libpod/gkeyfile-sharp-git;
wget http://aur.archlinux.org/packages/gkeyfile-sharp-git/gkeyfile-sharp-git/PKGBUILD;
makepkg -s;
mv gkeyfile-sharp-git** ~/libpod;
cd ~/libpod;
rm -rf ~/libpod/gkeyfile-sharp-git;
mkdir ~/libpod/gudev-sharp-git;
cd ~/libpod/gudev-sharp-git;
wget http://aur.archlinux.org/packages/gudev-sharp-git/gudev-sharp-git/PKGBUILD;
makepkg -s;
mv gudev-sharp-git** ~/libpod;
cd ~/libpod;
rm -rf ~/libpod/gudev-sharp-git;
mkdir ~/libpod/libpod-sharp-git;
cd ~/libpod/libpod-sharp-git;
wget http://aur.archlinux.org/packages/libgpod-sharp-git/libgpod-sharp-git/PKGBUILD;
makepkg -s;
mv libgpod-sharp-git** ~/libpod;
rm -rf ~/libpod/libpod-sharp-git;
cd ~/libpod;
sudo pacman -U gtk-sharp-beans-git** gio-sharp-git** gkeyfile-sharp-git** gudev-sharp-git** libgpod-sharp-git**;
rm -rf ~/banshee;
cd ~;
git clone git://git.gnome.org/banshee;
cd ~/banshee;
./autogen.sh;
make;
rm bin/Banshee.NotificationArea.dll*" -
I realize there is a way to run scripts when AI launches, but is there a way to run a script when AI opens a file?
Hi Mordy,
Sorry, I replied the same thing below as the other post and not sure if you would go back so... :)
Thanks a lot for your reply. Thats ALMOST exactly what I need and so close to what I have been stressing over its unreal...
...although because I am not opening a new template and I am opening a direct tiff image from video footage I previously rendered out in after effects to then run my script on in illustrator for the additional tiff's, I would need a similar sort of thing that way around instead?
Would you know if that is possible?
Thanks again for your help with this... -
Hello Team,
We have upgraded from Siebel 8.1.1.3 to Siebel Open UI 8.1.1.11.
But after up-gradation we are getting the below error in "My Account Opportunity" View.
We detected an Error which may have occurred for one or more of the following reasons:
Join in business component definition 'CG Opportunity My Accounts' has source fields that come from tables 'S_OPTY' and 'S_ORG_EXT'(SBL-DAT-00452).
Thanks,
Tirupati Nanda
Mob:-9742404115Hello Team,
We have upgraded from Siebel 8.1.1.3 to Siebel Open UI 8.1.1.11.
But after up-gradation we are getting the below error in "My Account Opportunity" View.
We detected an Error which may have occurred for one or more of the following reasons:
Join in business component definition 'CG Opportunity My Accounts' has source fields that come from tables 'S_OPTY' and 'S_ORG_EXT'(SBL-DAT-00452).
Thanks,
Tirupati Nanda
Mob:-9742404115 -
Hi,
Does Oracle Application Testing Suite (Load testing) work with SIebel Open UI application? I could not find anything on this. I know that OATS supports Siebel application but Open Ui is a bit different from Siebel.
Regards
CPGuess what ... the Open UI is tested with ATS by the Siebel QA team. So yes ATS can be used with Open UI.
-
Noobie - script trying to open classic when it's not needed
I need some help. I have written a short, simple script that I hope will work to open an index.htm file in a users default browser when it is run from a cd. I have a disk that basically contains a website with links on the disc and links to the web. Of course in windows I am using autorun to start the index file, but for Mac I am opening a finder window with an icon for this script so that the user has a clean interface and does not have to search for the index file.
The problem is that after compiling and testing my script it works fine, but when I save it as an app it tries to open Classic everytime. I don't want it to do this. This is for OS X only and it should be opening the file in Safari or Firefox so there is no need for classic.
In the Save As dialog box there is no check box to require classic it just automatically saves it that way. When I click on the saved app and choose "get info" is gives the filetype as "Application (classic)"
I am using Script Editor 2.1.1.
Here's the script:
try
tell application "Finder"
open file "BIB_5113:index.htm"
end tell
on error
beep
display dialog "Oops: " & "Please Insert your course CD and try again. " buttons {"OK"} default button 1
end try
Can someone please help, I have searched here, googled and posted at the MacScripter forums with no luck.
Thanks for your help.
KOK, update - By saving as "Application Bundle" I now have the script working, somewhat. Now I need to know if and how I can get the script to see an invisable file. I am using Toast 7 to burn a Mac/PC disc and I have all of the files hidden. The script runs but it does not find the index.htm file.
Can anyone help?
Thanks
K -
Directory Binding Script (Active and Open Directory) 10.7
Hi everyone
I'm reposting this in the right thread. I've written a Directory Binding Script for 10.6 and ported it now to 10.7 as among the things that have changed in the upgraded version is a refurbished directory binding enviroment.
The original thread can be found here: https://discussions.apple.com/thread/3090068. The script is applicable for clients as well and simplifies the binding process considerably.
Be aware that the reformatted script here contains some faulty line breaks. So you'll have to correct them in a proper text editor.
#!/bin/sh
#Uncomment the following line to abort the script on errors
#trap exit ERR
## Script to automate OD and AD Binding of Mac OS X 10.7 Servers
## Script written by Marc Horat, URZ Basel, 11.6.2010
## Updated: 12.08.2011
# With the use of the following sources as inspiration:
# http://www.howtomac.co.uk/?p=247
#Created by Ross Hamilton
#Clock restart / Remove existing settings
#Join to Open Directory and Active Directory
# Bombich's AD-Bind Script:
# This script binds to AD and configures advanced options of the AD plugin
# As this scripts contains a password, be sure to take appropriate security
# precautions
# A good way to run this script is to set it as a login hook on your master machine
# Because it only needs to be run once, the last thing this script does is to delete
# itself. If you have another login script that you typically run, include the
# script on your master machine, and indicate its path in the "newLoginScript"
# variable.
# If running this as a one-time login hook to bind to AD after imaging,
# be sure to enable auto-login (for any local user) before creating your master image
#################CONFIGURATION##########################
#OD
# These variables need to be configured for your env
odAdmin="YOURODADMIN" #enter your OD admin name between the quotes
odPassword="YOURODPW" # Enter your OD admin password between the quotes
oddomain="YOURODDOMAIN" # FQDN of your OD domain
computerGroup="YOURNEWODCOMPGROUP" # Add appropriate computer group you want machines to be added to, case sensitive
oldComputerGroup="YOUROLDODCOMPGROUP" # If the Computer is in a Group already
#AD
# Standard parameters
domain="YOURADDOMAIN" # fully qualified DNS name of Active Directory Domain
domainname="YOURADDOMAINNAME" #Name of the Domain as specified in the search paths
udn="YOURADADMIN" # username of a privileged network user
password="YOURADPW" # password of a privileged network user
ou="OU=YOUR,OU=OU,OU=URZ,OU=IN,DC=YOUR,DC=AD,DC=DOMAIN" # Distinguished name of container for the computer E.G. OU=Macs,OU=Computers,DC=AD,DC=DOMAIN,DC=CH
# Advanced options AD Plugin
alldomains="disable" # 'enable' or 'disable' automatic multi-domain authentication
localhome="disable" # 'enable' or 'disable' force home directory to local drive
protocol="smb" # 'afp', 'smb' or 'nfs' (since 10.7) change how home is mounted from server
mobile="enable" # 'enable' or 'disable' mobile account support for offline logon
mobileconfirm="enable" # 'enable' or 'disable' warn the user that a mobile acct will be created
useuncpath="enable" # 'enable' or 'disable' use AD SMBHome attribute to determine the home dir
user_shell="/bin/bash" # e.g., /bin/bash or "none"
preferred="-preferred $domain" # Use the specified server for all Directory lookups and authentication
# (e.g. "-nopreferred" or "-preferred ad.server.edu")
admingroups="$domainname\YOURADADMINGROUP" # These comma-separated AD groups may administer the machine (e.g. "" or "APPLE\macadmins")
packetsign="allow" # allow | disable | require
packetencrypt="allow" # allow | disable | require
passinterval="14" # number of days
namespace="domain" # forest | domain
# Login hook setting -- specify the path to a login hook that you want to run instead of this script
newLoginHook="" # e.g., "/Library/Management/login.sh"
################################# End of configuration
############ Begin of Script
# Host-specific parameters
# computerid should be set dynamically, this value must be machine-specific
# This value may be restricted to 19 characters! The only error you'll receive upon entering
# an invalid computer id is to the effect of not having appropriate privileges to perform the requested operation
#computerid=`/sbin/ifconfig en0 | awk '/ether/ { gsub(":", ""); print $2 }'` # MAC Address
#computerid=`hostname | sed 's/.unibas.ch//'`
#computerid=`/usr/sbin/scutil --get LocalHostName | cut -c 1-19` # Assure that this will produce unique names!
#computerid=`/usr/sbin/scutil --get LocalHostName`
computerid=`scutil --get ComputerName`
adcomputerid=`echo "$computerid" | tr [:lower:] [:upper:]`
# These variables probably don't need to be changed
# Determing if any directory binding exists
nicAddress=`ifconfig en0 | grep ether | awk '{print $2}'`
if dscl localhost -list /LDAPv3 | grep . > /dev/null
then
check4ODtmp=`dscl localhost -list /LDAPv3 | grep -n 1 | sed 's/1://' | sed 's/2://'`
check4OD=${check4ODtmp//[[:space:]]/}
echo "Found LDAP: "$check4ODtmp
check4ODaccttmp=`dscl /LDAPv3/"$check4OD" -read Computers/"$computerid" RealName | cut -c 11-`
check4ODacct=${check4ODaccttmp//[[:space:]]/}
echo "Found LDAP-Computer-Account: "$check4ODacct
else
check4OD=""
check4ODacct=""
echo "No bound LDAP Server found"
fi
if [ $oldComputerGroup != "" ] && dscl localhost -list /LDAPv3 | grep . > /dev/null
then
check4ODgroupMembershiptmp=`dscl /LDAPv3/"$check4OD" -read ComputerGroups/"$oldComputerGroup" | grep "$computerid"`
check4ODgroupMembership=$check4ODgroupMembershiptmp
echo "LDAP Group Membership in Group: "$oldComputerGroup
else
check4ODgroupMembership=""
echo "No LDAP Group Membership defined or not bound to a server"
fi
if dscl localhost -list "/Active Directory" | grep $domainname > /dev/null
then
check4ADtmp=`dsconfigad -show | grep "Active Directory Domain" | sed 's/Active Directory Domain//' | sed 's/=//'`
check4AD=${check4ADtmp//[[:space:]]/}
echo "Found AD: "$check4AD
check4ADaccttmp=`dsconfigad -show | grep "Computer Account" | sed 's/Computer Account//' | sed 's/=//'`
check4ADacct=${check4ADaccttmp//[[:space:]]/}
echo "Found AD-Account: "$check4ADacct
else
check4AD=""
check4ADacct=""
echo "No AD-Account found"
fi
osversionlong=`sw_vers -productVersion`
osvers=${osversionlong:3:1}
#Time Sync
#Restart ntpdate
StartService ()
if [ "${TIMESYNC:=-YES-}" = "-YES-" ] && ! GetPID ntpd > /dev/null; then
CheckForNetwork
if [ -f /var/run/NetworkTime.StartupItem -o "${NETWORKUP}" = "-NO-" ]; then exit; fi
touch /var/run/NetworkTime.StartupItem
echo "Starting network time synchronization"
# Synchronize our clock to the network’s time,
# then fire off ntpd to keep the clock in sync.
ntpdate -bvs
ntpd -f /var/run/ntp.drift -p /var/run/ntpd.pid
fi
echo ""
echo ""
sleep 5
#### Removing any existing directory bindings
#Clear OD Computer Account and delete entry from Computer group
if dscl localhost -list /LDAPv3 | grep . > /dev/null
then
echo "This computer is bound to the following Open Directory Services:"
dscl localhost -list /LDAPv3
echo "With the Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /LDAP
sleep 5
if [ "${check4ODacct}" == "${computerid}" ]
then
echo "This machine already has a computer account on $oddomain."
# Set the GUID
GUID="$(dscl /LDAPv3/$oddomain -read /Computers/${computerid} GeneratedUID | awk '{ print $2 }')"
echo "Found GUID: "$GUID
if [ "$oldComputerGroup" != "" ] && [ "$check4ODgroupMembership" != "" ]
then
echo "Removing entry from group $oldComputerGroup"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /ComputerGroups/"$oldComputerGroup" GroupMembership "${computerid}"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /ComputerGroups/"$oldComputerGroup" GroupMembers "${GUID}"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /ComputerLists/"$oldComputerGroup" Computers "${computerid}"
fi
echo "Removing Computer entry $computerid in OD"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /Computers/"${computerid}"
fi
#List existing Directories
echo "Removing OD-Binding to "$check4OD
dsconfigldap -r "$check4OD"
echo "Removing Search Path entries"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4OD"
dscl /Search/Contacts -delete / CSPSearchPath /LDAPv3/"$check4OD"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4OD"
sleep 5
else
echo "No LDAP or OD Binding present.";
fi
echo ""
# Check a second time in order to delete any remaining LDAP-Bindings
echo "Scanning for further LDAP servers"
if dscl localhost -list /LDAPv3 | grep . > /dev/null
then
echo "Found:"
dscl localhost -list /LDAPv3
echo "Removing OD-Binding to "$check4ODtmp
dsconfigldap -r "$check4ODtmp"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4ODtmp"
dscl /Search/Contacts -delete / CSPSearchPath /LDAPv3/"$check4ODtmp"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4ODtmp"
sleep 5
else
echo "No further LDAP or OD Binding present."
fi
echo ""
echo ""
#Remove the Active Directory binding
if [ "$check4AD" != "" ]
then
echo "This computer is bound to the following Active Directory Services:"
dscl localhost -list "/Active Directory"
echo "With the Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /Active
sleep 5
echo "Removing any existing AD-Binding to "$check4AD
dsconfigad -f -remove -username "$udn" -password "$password"
echo "Removing Search Path entries"
if [ "$preferred" != "-nopreferred" ]
then
dscl /Search -delete / CSPSearchPath /Active Directory/"$domainname"
dscl /Search/Contacts -delete / CSPSearchPath /Active Directory/"$domainname"
dscl /Search -delete / CSPSearchPath /Active Directory/"$domainname"
fi
dscl /Search -delete / CSPSearchPath "/Active Directory/$domainname/All Domains"
dscl /Search/Contacts -delete / CSPSearchPath "/Active Directory/$domainname/All Domains"
#remove search path entries from 10.6
if dscl /Search -read / CSPSearchPath | grep /Active > /dev/null
then
dscl /Search -delete / CSPSearchPath "/Active Directory/$domainname/$domain"
dscl /Search/Contacts -delete / CSPSearchPath "/Active Directory/$domainname/$domain"
fi
sleep 5
else
echo "No Active Directory Binding present."
fi
echo ""
#Remove Existing Directory Services Config
echo "Removing existing DS Config"
if [ -d "/Library/Preferences/edu.mit.Kerberos" ]
then
rm -R /Library/Preferences/edu.mit.Kerberos
fi
if [ -d "/etc/krb5.keytab" ]
then
rm -R /etc/krb5.keytab
fi
# Clean up the DirectoryService configuration files
rm -Rfv /Library/Preferences/DirectoryService/*
#OD
echo ""
echo ""
echo "Binding to OD-Damin "$oddomain
sleep 5
dsconfigldap -v -a "$oddomain" -n "$oddomain" -c "$computerid"
echo "Killing opendirectoryd"
killall opendirectoryd
sleep 5
echo "Adding computer account $computerid to /LDAPv3/${oddomain} on $oddomain"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -create /Computers/"$computerid" ENetAddress "$nicAddress"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /Computers/"$computerid" RealName "$computerid"
# Set the GUID
GUID="$(dscl /LDAPv3/$oddomain -read /Computers/${computerid} GeneratedUID | awk '{ print $2 }')"
# Add computer to ComputerList and ComputerGroup
if [ $computerGroup != "" ]
then
echo "Adding computer $computerid to OD group $computerGroup on $oddomain"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /ComputerLists/"$computerGroup" apple-computers "$computerid"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /ComputerGroups/"$computerGroup" apple-group-memberguid "${GUID}"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /ComputerGroups/"$computerGroup" memberUid "$computerid"
fi
echo "Finished OD Binding."
sleep 5 # Give DS a chance to catch up
echo ""
echo ""
echo "Performing the AD Binding"
#AD
# Activate the AD plugin
defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Active"
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist
#Use the existing AD-Computername or generate a new one
computeridtmp="default"
if [ "$check4ADacct" == "" ]
then
LEN=$(echo ${#adcomputerid})
if [ $LEN -lt 15 ]; then
echo "ComputerID "$adcomputerid " has 15 characters or less and is therefore suitable for AD-Binding. It is $adcomputerid"
computeridtmp=$adcomputerid
else
echo "ComputerID "$adcomputerid " has 16 or more characters and needs to be modified for AD-Binding."
echo "Removing any -"
computeridtmp=${adcomputerid//-/}
LEN=$(echo ${#computeridtmp})
if [ $LEN -lt 15 ]; then
echo "ComputerID "$computeridtmp" has now 15 characters or less and is therefore suitable for AD-Binding."
else
echo "Only using the last 15 characters of the Computer name to be able to bind to AD."
computeridtmp=${computeridtmp:(-15)}
fi
echo "Cropped Computername to "$computeridtmp
fi
else
computeridtmp=${check4ADacct//$/}
echo "Found existing AD Account previously, attempting to recreate in the OU: "$computeridtmp
fi
echo ""
# Bind to AD
echo "Binding to AD-Domain "$domain" with computerid "$computeridtmp
dsconfigad -f -add "$domain" -username "$udn" -password "$password" -ou "$ou" -computer "$computeridtmp"
echo ""
echo "Setting the Advanced AD Plugin options"
# Configure advanced AD plugin options
if [ "$admingroups" = "" ]
then
dsconfigad -nogroups
else
dsconfigad -groups "$admingroups"
fi
dsconfigad -alldomains "$alldomains"
dsconfigad -localhome "$localhome"
dsconfigad -protocol "$protocol"
dsconfigad -mobile "$mobile"
dsconfigad -mobileconfirm "$mobileconfirm"
dsconfigad -useuncpath "$useuncpath"
dsconfigad -shell "$user_shell"
dsconfigad "$preferred"
dsconfigad -packetsign "$packetsign" -packetencrypt "$packetencrypt" -passinterval "$passinterval"
dsconfigad -namespace "$namespace"
sleep 5
echo ""
echo ""
# Add the OD & AD node to the search path
if [ "$alldomains" = "enable" ]
then
csp="/Active Directory/$domainname/All Domains"
else
csp="/Active Directory/$domainname"
fi
echo "Finished AD Binding."
echo "Adding Domain /LDAPv3/"$oddomain" and "$csp" to Search Path"
dscl /Search -create / SearchPolicy CSPSearchPath
dscl /Search/Contacts -create / SearchPolicy CSPSearchPath
echo "Adding OD.."
dscl /Search -append / CSPSearchPath /LDAPv3/"$oddomain"
dscl /Search/Contacts -append / CSPSearchPath /LDAPv3/"$oddomain"
echo "Adding AD.."
#Adding all Domains first to improve reliability under 10.7
if [ "$alldomains" != "enable" ]
then
cspadall="/Active Directory/$domainname/All Domains"
dscl /Search/Contacts -append / CSPSearchPath "$cspadall"
dscl /Search -append / CSPSearchPath "$cspadall"
fi
dscl /Search/Contacts -append / CSPSearchPath "$csp"
dscl /Search -append / CSPSearchPath "$csp"
echo "Finished Updating Search Paths."
echo ""
echo ""
# Restart DirectoryService (necessary to reload AD plugin activation settings)
killall opendirectoryd
# Destroy the login hook (or change it)
if [ "${newLoginHook}" == "" ]
then
defaults delete /var/root/Library/Preferences/com.apple.loginwindow LoginHook
else
defaults write /var/root/Library/Preferences/com.apple.loginwindow LoginHook $newLoginHook
fi
sleep 5
# Customizing the login-Window
#defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo DSStatus
#defaults write /Library/Preferences/com.apple.loginwindow showInputMenu -bool TRUE
#defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool TRUE
# This works in a pinch if the above code does not
#defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" -array "/Active Directory/All Domains"
#defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Policy" -int 3
#plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist
#killall opendirectoryd
# Disable autologin
defaults delete /Library/Preferences/com.apple.loginwindow autoLoginUser
srm /etc/kcpassword
echo ""
echo ""
echo ""
echo "Now bound to OD Domain:"
dscl localhost -list /LDAPv3
echo "With Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /LDAP
echo "Now bound to AD Domain:"
dscl localhost -list "/Active Directory"
echo "With Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /Active
exit 0 ## Success
exit 1 ## Failure
Any inputs, questions and improvement suggestions are, of course, most welcome!
Cheers
SeeHi everyone
I'm reposting this in the right thread. I've written a Directory Binding Script for 10.6 and ported it now to 10.7 as among the things that have changed in the upgraded version is a refurbished directory binding enviroment.
The original thread can be found here: https://discussions.apple.com/thread/3090068. The script is applicable for clients as well and simplifies the binding process considerably.
Be aware that the reformatted script here contains some faulty line breaks. So you'll have to correct them in a proper text editor.
#!/bin/sh
#Uncomment the following line to abort the script on errors
#trap exit ERR
## Script to automate OD and AD Binding of Mac OS X 10.7 Servers
## Script written by Marc Horat, URZ Basel, 11.6.2010
## Updated: 12.08.2011
# With the use of the following sources as inspiration:
# http://www.howtomac.co.uk/?p=247
#Created by Ross Hamilton
#Clock restart / Remove existing settings
#Join to Open Directory and Active Directory
# Bombich's AD-Bind Script:
# This script binds to AD and configures advanced options of the AD plugin
# As this scripts contains a password, be sure to take appropriate security
# precautions
# A good way to run this script is to set it as a login hook on your master machine
# Because it only needs to be run once, the last thing this script does is to delete
# itself. If you have another login script that you typically run, include the
# script on your master machine, and indicate its path in the "newLoginScript"
# variable.
# If running this as a one-time login hook to bind to AD after imaging,
# be sure to enable auto-login (for any local user) before creating your master image
#################CONFIGURATION##########################
#OD
# These variables need to be configured for your env
odAdmin="YOURODADMIN" #enter your OD admin name between the quotes
odPassword="YOURODPW" # Enter your OD admin password between the quotes
oddomain="YOURODDOMAIN" # FQDN of your OD domain
computerGroup="YOURNEWODCOMPGROUP" # Add appropriate computer group you want machines to be added to, case sensitive
oldComputerGroup="YOUROLDODCOMPGROUP" # If the Computer is in a Group already
#AD
# Standard parameters
domain="YOURADDOMAIN" # fully qualified DNS name of Active Directory Domain
domainname="YOURADDOMAINNAME" #Name of the Domain as specified in the search paths
udn="YOURADADMIN" # username of a privileged network user
password="YOURADPW" # password of a privileged network user
ou="OU=YOUR,OU=OU,OU=URZ,OU=IN,DC=YOUR,DC=AD,DC=DOMAIN" # Distinguished name of container for the computer E.G. OU=Macs,OU=Computers,DC=AD,DC=DOMAIN,DC=CH
# Advanced options AD Plugin
alldomains="disable" # 'enable' or 'disable' automatic multi-domain authentication
localhome="disable" # 'enable' or 'disable' force home directory to local drive
protocol="smb" # 'afp', 'smb' or 'nfs' (since 10.7) change how home is mounted from server
mobile="enable" # 'enable' or 'disable' mobile account support for offline logon
mobileconfirm="enable" # 'enable' or 'disable' warn the user that a mobile acct will be created
useuncpath="enable" # 'enable' or 'disable' use AD SMBHome attribute to determine the home dir
user_shell="/bin/bash" # e.g., /bin/bash or "none"
preferred="-preferred $domain" # Use the specified server for all Directory lookups and authentication
# (e.g. "-nopreferred" or "-preferred ad.server.edu")
admingroups="$domainname\YOURADADMINGROUP" # These comma-separated AD groups may administer the machine (e.g. "" or "APPLE\macadmins")
packetsign="allow" # allow | disable | require
packetencrypt="allow" # allow | disable | require
passinterval="14" # number of days
namespace="domain" # forest | domain
# Login hook setting -- specify the path to a login hook that you want to run instead of this script
newLoginHook="" # e.g., "/Library/Management/login.sh"
################################# End of configuration
############ Begin of Script
# Host-specific parameters
# computerid should be set dynamically, this value must be machine-specific
# This value may be restricted to 19 characters! The only error you'll receive upon entering
# an invalid computer id is to the effect of not having appropriate privileges to perform the requested operation
#computerid=`/sbin/ifconfig en0 | awk '/ether/ { gsub(":", ""); print $2 }'` # MAC Address
#computerid=`hostname | sed 's/.unibas.ch//'`
#computerid=`/usr/sbin/scutil --get LocalHostName | cut -c 1-19` # Assure that this will produce unique names!
#computerid=`/usr/sbin/scutil --get LocalHostName`
computerid=`scutil --get ComputerName`
adcomputerid=`echo "$computerid" | tr [:lower:] [:upper:]`
# These variables probably don't need to be changed
# Determing if any directory binding exists
nicAddress=`ifconfig en0 | grep ether | awk '{print $2}'`
if dscl localhost -list /LDAPv3 | grep . > /dev/null
then
check4ODtmp=`dscl localhost -list /LDAPv3 | grep -n 1 | sed 's/1://' | sed 's/2://'`
check4OD=${check4ODtmp//[[:space:]]/}
echo "Found LDAP: "$check4ODtmp
check4ODaccttmp=`dscl /LDAPv3/"$check4OD" -read Computers/"$computerid" RealName | cut -c 11-`
check4ODacct=${check4ODaccttmp//[[:space:]]/}
echo "Found LDAP-Computer-Account: "$check4ODacct
else
check4OD=""
check4ODacct=""
echo "No bound LDAP Server found"
fi
if [ $oldComputerGroup != "" ] && dscl localhost -list /LDAPv3 | grep . > /dev/null
then
check4ODgroupMembershiptmp=`dscl /LDAPv3/"$check4OD" -read ComputerGroups/"$oldComputerGroup" | grep "$computerid"`
check4ODgroupMembership=$check4ODgroupMembershiptmp
echo "LDAP Group Membership in Group: "$oldComputerGroup
else
check4ODgroupMembership=""
echo "No LDAP Group Membership defined or not bound to a server"
fi
if dscl localhost -list "/Active Directory" | grep $domainname > /dev/null
then
check4ADtmp=`dsconfigad -show | grep "Active Directory Domain" | sed 's/Active Directory Domain//' | sed 's/=//'`
check4AD=${check4ADtmp//[[:space:]]/}
echo "Found AD: "$check4AD
check4ADaccttmp=`dsconfigad -show | grep "Computer Account" | sed 's/Computer Account//' | sed 's/=//'`
check4ADacct=${check4ADaccttmp//[[:space:]]/}
echo "Found AD-Account: "$check4ADacct
else
check4AD=""
check4ADacct=""
echo "No AD-Account found"
fi
osversionlong=`sw_vers -productVersion`
osvers=${osversionlong:3:1}
#Time Sync
#Restart ntpdate
StartService ()
if [ "${TIMESYNC:=-YES-}" = "-YES-" ] && ! GetPID ntpd > /dev/null; then
CheckForNetwork
if [ -f /var/run/NetworkTime.StartupItem -o "${NETWORKUP}" = "-NO-" ]; then exit; fi
touch /var/run/NetworkTime.StartupItem
echo "Starting network time synchronization"
# Synchronize our clock to the network’s time,
# then fire off ntpd to keep the clock in sync.
ntpdate -bvs
ntpd -f /var/run/ntp.drift -p /var/run/ntpd.pid
fi
echo ""
echo ""
sleep 5
#### Removing any existing directory bindings
#Clear OD Computer Account and delete entry from Computer group
if dscl localhost -list /LDAPv3 | grep . > /dev/null
then
echo "This computer is bound to the following Open Directory Services:"
dscl localhost -list /LDAPv3
echo "With the Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /LDAP
sleep 5
if [ "${check4ODacct}" == "${computerid}" ]
then
echo "This machine already has a computer account on $oddomain."
# Set the GUID
GUID="$(dscl /LDAPv3/$oddomain -read /Computers/${computerid} GeneratedUID | awk '{ print $2 }')"
echo "Found GUID: "$GUID
if [ "$oldComputerGroup" != "" ] && [ "$check4ODgroupMembership" != "" ]
then
echo "Removing entry from group $oldComputerGroup"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /ComputerGroups/"$oldComputerGroup" GroupMembership "${computerid}"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /ComputerGroups/"$oldComputerGroup" GroupMembers "${GUID}"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /ComputerLists/"$oldComputerGroup" Computers "${computerid}"
fi
echo "Removing Computer entry $computerid in OD"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /Computers/"${computerid}"
fi
#List existing Directories
echo "Removing OD-Binding to "$check4OD
dsconfigldap -r "$check4OD"
echo "Removing Search Path entries"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4OD"
dscl /Search/Contacts -delete / CSPSearchPath /LDAPv3/"$check4OD"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4OD"
sleep 5
else
echo "No LDAP or OD Binding present.";
fi
echo ""
# Check a second time in order to delete any remaining LDAP-Bindings
echo "Scanning for further LDAP servers"
if dscl localhost -list /LDAPv3 | grep . > /dev/null
then
echo "Found:"
dscl localhost -list /LDAPv3
echo "Removing OD-Binding to "$check4ODtmp
dsconfigldap -r "$check4ODtmp"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4ODtmp"
dscl /Search/Contacts -delete / CSPSearchPath /LDAPv3/"$check4ODtmp"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4ODtmp"
sleep 5
else
echo "No further LDAP or OD Binding present."
fi
echo ""
echo ""
#Remove the Active Directory binding
if [ "$check4AD" != "" ]
then
echo "This computer is bound to the following Active Directory Services:"
dscl localhost -list "/Active Directory"
echo "With the Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /Active
sleep 5
echo "Removing any existing AD-Binding to "$check4AD
dsconfigad -f -remove -username "$udn" -password "$password"
echo "Removing Search Path entries"
if [ "$preferred" != "-nopreferred" ]
then
dscl /Search -delete / CSPSearchPath /Active Directory/"$domainname"
dscl /Search/Contacts -delete / CSPSearchPath /Active Directory/"$domainname"
dscl /Search -delete / CSPSearchPath /Active Directory/"$domainname"
fi
dscl /Search -delete / CSPSearchPath "/Active Directory/$domainname/All Domains"
dscl /Search/Contacts -delete / CSPSearchPath "/Active Directory/$domainname/All Domains"
#remove search path entries from 10.6
if dscl /Search -read / CSPSearchPath | grep /Active > /dev/null
then
dscl /Search -delete / CSPSearchPath "/Active Directory/$domainname/$domain"
dscl /Search/Contacts -delete / CSPSearchPath "/Active Directory/$domainname/$domain"
fi
sleep 5
else
echo "No Active Directory Binding present."
fi
echo ""
#Remove Existing Directory Services Config
echo "Removing existing DS Config"
if [ -d "/Library/Preferences/edu.mit.Kerberos" ]
then
rm -R /Library/Preferences/edu.mit.Kerberos
fi
if [ -d "/etc/krb5.keytab" ]
then
rm -R /etc/krb5.keytab
fi
# Clean up the DirectoryService configuration files
rm -Rfv /Library/Preferences/DirectoryService/*
#OD
echo ""
echo ""
echo "Binding to OD-Damin "$oddomain
sleep 5
dsconfigldap -v -a "$oddomain" -n "$oddomain" -c "$computerid"
echo "Killing opendirectoryd"
killall opendirectoryd
sleep 5
echo "Adding computer account $computerid to /LDAPv3/${oddomain} on $oddomain"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -create /Computers/"$computerid" ENetAddress "$nicAddress"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /Computers/"$computerid" RealName "$computerid"
# Set the GUID
GUID="$(dscl /LDAPv3/$oddomain -read /Computers/${computerid} GeneratedUID | awk '{ print $2 }')"
# Add computer to ComputerList and ComputerGroup
if [ $computerGroup != "" ]
then
echo "Adding computer $computerid to OD group $computerGroup on $oddomain"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /ComputerLists/"$computerGroup" apple-computers "$computerid"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /ComputerGroups/"$computerGroup" apple-group-memberguid "${GUID}"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /ComputerGroups/"$computerGroup" memberUid "$computerid"
fi
echo "Finished OD Binding."
sleep 5 # Give DS a chance to catch up
echo ""
echo ""
echo "Performing the AD Binding"
#AD
# Activate the AD plugin
defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Active"
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist
#Use the existing AD-Computername or generate a new one
computeridtmp="default"
if [ "$check4ADacct" == "" ]
then
LEN=$(echo ${#adcomputerid})
if [ $LEN -lt 15 ]; then
echo "ComputerID "$adcomputerid " has 15 characters or less and is therefore suitable for AD-Binding. It is $adcomputerid"
computeridtmp=$adcomputerid
else
echo "ComputerID "$adcomputerid " has 16 or more characters and needs to be modified for AD-Binding."
echo "Removing any -"
computeridtmp=${adcomputerid//-/}
LEN=$(echo ${#computeridtmp})
if [ $LEN -lt 15 ]; then
echo "ComputerID "$computeridtmp" has now 15 characters or less and is therefore suitable for AD-Binding."
else
echo "Only using the last 15 characters of the Computer name to be able to bind to AD."
computeridtmp=${computeridtmp:(-15)}
fi
echo "Cropped Computername to "$computeridtmp
fi
else
computeridtmp=${check4ADacct//$/}
echo "Found existing AD Account previously, attempting to recreate in the OU: "$computeridtmp
fi
echo ""
# Bind to AD
echo "Binding to AD-Domain "$domain" with computerid "$computeridtmp
dsconfigad -f -add "$domain" -username "$udn" -password "$password" -ou "$ou" -computer "$computeridtmp"
echo ""
echo "Setting the Advanced AD Plugin options"
# Configure advanced AD plugin options
if [ "$admingroups" = "" ]
then
dsconfigad -nogroups
else
dsconfigad -groups "$admingroups"
fi
dsconfigad -alldomains "$alldomains"
dsconfigad -localhome "$localhome"
dsconfigad -protocol "$protocol"
dsconfigad -mobile "$mobile"
dsconfigad -mobileconfirm "$mobileconfirm"
dsconfigad -useuncpath "$useuncpath"
dsconfigad -shell "$user_shell"
dsconfigad "$preferred"
dsconfigad -packetsign "$packetsign" -packetencrypt "$packetencrypt" -passinterval "$passinterval"
dsconfigad -namespace "$namespace"
sleep 5
echo ""
echo ""
# Add the OD & AD node to the search path
if [ "$alldomains" = "enable" ]
then
csp="/Active Directory/$domainname/All Domains"
else
csp="/Active Directory/$domainname"
fi
echo "Finished AD Binding."
echo "Adding Domain /LDAPv3/"$oddomain" and "$csp" to Search Path"
dscl /Search -create / SearchPolicy CSPSearchPath
dscl /Search/Contacts -create / SearchPolicy CSPSearchPath
echo "Adding OD.."
dscl /Search -append / CSPSearchPath /LDAPv3/"$oddomain"
dscl /Search/Contacts -append / CSPSearchPath /LDAPv3/"$oddomain"
echo "Adding AD.."
#Adding all Domains first to improve reliability under 10.7
if [ "$alldomains" != "enable" ]
then
cspadall="/Active Directory/$domainname/All Domains"
dscl /Search/Contacts -append / CSPSearchPath "$cspadall"
dscl /Search -append / CSPSearchPath "$cspadall"
fi
dscl /Search/Contacts -append / CSPSearchPath "$csp"
dscl /Search -append / CSPSearchPath "$csp"
echo "Finished Updating Search Paths."
echo ""
echo ""
# Restart DirectoryService (necessary to reload AD plugin activation settings)
killall opendirectoryd
# Destroy the login hook (or change it)
if [ "${newLoginHook}" == "" ]
then
defaults delete /var/root/Library/Preferences/com.apple.loginwindow LoginHook
else
defaults write /var/root/Library/Preferences/com.apple.loginwindow LoginHook $newLoginHook
fi
sleep 5
# Customizing the login-Window
#defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo DSStatus
#defaults write /Library/Preferences/com.apple.loginwindow showInputMenu -bool TRUE
#defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool TRUE
# This works in a pinch if the above code does not
#defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" -array "/Active Directory/All Domains"
#defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Policy" -int 3
#plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist
#killall opendirectoryd
# Disable autologin
defaults delete /Library/Preferences/com.apple.loginwindow autoLoginUser
srm /etc/kcpassword
echo ""
echo ""
echo ""
echo "Now bound to OD Domain:"
dscl localhost -list /LDAPv3
echo "With Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /LDAP
echo "Now bound to AD Domain:"
dscl localhost -list "/Active Directory"
echo "With Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /Active
exit 0 ## Success
exit 1 ## Failure
Any inputs, questions and improvement suggestions are, of course, most welcome!
Cheers
See
Maybe you are looking for
-
Hello Friends, After the final release of a PO, if user change the pricing term or the Shipping intruction, i want to reset the release strategy. This is my requirement. Can we reset the release strategy through ABAP code. Please give me the possibl
-
Unable to see web service listed while creating the form on webservice
Hi All, i created a web service reference and tested it and i m even getting the response of it . but i m unable to see the webservice being listed ...while creating a form on webservice . whereas if i create a process on webservice .. i can find web
-
At one point I was able to go to Show All Bookmarks and have list like view of my bookmarks at the bottom of the page where I could select and delete 'em, now I can't seem to do so anymore. Any suggestions?
-
I have not had any problems with iOS 4
I don't know about you guys, but I have not had any problems yet for the new iOS 4 update on my iPhone 3g. I followed the instructions provided on apple's website on how to download the new update and also downloaded from apple's website the new vers
-
Adobe Muse Internet Launch Issue
Every time i try to launch my Adobe Muse, it says that i dont have an internet connection.... this is incorect. My internet is fine