Input Names and Departments during Enrollment?

diana
New Contributor II

So I'm trying to find a way to get users to put in their information (Name, Department, Title) during enrollment so that the machine becomes associated to them. We don't run ldap here so I'll be providing either an email invitation or directing them to our enrollment page and giving them an enroll user to use. I want to have policies based on department but would have to go in manually after getting the user enrolled to set this up.

My first thought was to have some sort of script run after enrollment to request this information in cocoa dialog and then use apis to update the info per machine but I'm not very advanced in script writing...

Does anyone have any thoughts about this?

Another oddity I'm experiencing is not even being able to select a user that exists in "Users" in my JSS when enrolling. My second plan was just to use an api to input an XML for all users which would then allow them to select themselves on the "Assign to User" page of the enrollment process... but I type in my name (which I know exists in Users in my JSS) and hit the search button and nothing happens, I can't continue to the download page for the quickadd either until I clear the field. Thoughts? 94ab0ef6620b4307b903759430f154a9

2 ACCEPTED SOLUTIONS

bpavlov
Honored Contributor

You would need to use the API for that. Here's what I use. It's meant to be run in a postinstall script in a package. I had to strip out other parts because it's part of a bigger script so I recommend testing it.
The script gets you the information via the API and places it in a text and XML file.

#!/bin/bash

#Working directory for script to reference resources
declare -x install_dir=`dirname $0`

#Enter in the URL of the JSS we are are pulling and pushing the data to. (NOTE: We will need the https:// and :8443. EX:https://jss.company.com:8443 )
jssURL="https://jss.company.com:8443"

#Enter in a username and password that has the correct permissions to the JSS API for what data we need
jssUser="username"
jssPass="password"

#Get list of departments from JSS
/usr/bin/curl -k -v -u "$jssUser":"$jssPass" "$jssURL"/JSSResource/departments -X GET -o "$DeptXML"

#Default file path we will use to place XML file for JSS API submission
#Feel free to edit these to the location of your choice
declare -x DeptTxtFile="$3/Library/Management/Firstboot/dept.txt"

#Name for XML files pulled from JSS
declare -x DeptXML="$install_dir/departments.xml"

#Create directory for firstboot upload
#Feel free to edit these to the location of your choice
/bin/mkdir -p "$3/Library/Management/Firstboot/"

function Dept(){
tmpDeptFile="$install_dir/DeptList.txt"

Dept=$(xpath "$DeptXML" '/departments/department/name' 2>&1| sed 's/-- NODE --//g' | sed 's/<name>//g' | sed 's/</name>//g' | sed 's/Found.*nodes://g')

IFS=$'
'

for i in $Dept; do
    DeptsArray+=($i)
    /bin/echo $i >> "$tmpDeptFile"
    /bin/chmod 777 "$tmpDeptFile"
done

department=`/usr/bin/osascript <<EOT
    tell application "System Events"
    with timeout of 43200 seconds
    activate
--  Create an empty list called DepartmentsList
    set DepartmentsList to {}

--  Populate list with contents read from a file
    set DepartmentsFile to paragraphs of (read POSIX file "$tmpDeptFile")

--  Iterate through each line in file to add to DepartmentsList
    repeat with i in DepartmentsFile
        if length of i is greater than 0 then
            copy i to the end of DepartmentsList
        end if
    end repeat

--  For testing to make sure the right number of items are counted in the list
--  display dialog count of DepartmentsList
    choose from list DepartmentsList with title "Department List" with prompt "Please select a department to associate to computer:"
    end timeout 
    end tell
EOT`

/bin/echo "$department"
}

if [ -f "$tmpDeptFile" ]; then
    rm -f "$tmpDeptFile"
fi

/usr/local/bin/jamf recon -department "$DeptTxtFile"

Like I said you may want to test this.

View solution in original post

thoule
Valued Contributor II

If you want to pull DEPTs from your JSS, then you do need an API call as @bpavlov says. Be careful with the name and password in there as your users will be able to see that code and use that name/password for evil.

Another option is to create an Applescript Xcode app instead of basic applescript which lists the same departments as your JSS. Benefit: easier to write for non-scripter. Downside: update a Dept in JSS, you'll need to rebuild the app. I posted a little page recently on how to create a simple xcode app. http://tmhoule.blogspot.com/2015/10/empower-your-users-with-simple-xcode.html

EDIT: You could put the deptartments right in the Applescript, but you'll need to edit this script if/when you change your departments.

#!/bin/sh userDept=$(osascript -e 'tell application "SystemUIServer" set myDeptList to {"one","two","three","four","five","six","seven"} set myDept to (choose from list myDeptList) end tell') /usr/local/bin/jamf recon -department $userDept

View solution in original post

13 REPLIES 13

bpavlov
Honored Contributor

I believe you have to type the username.

I would use a combination of Apple Script dialogs and the jamf recon command to add the appropriate information. Do "sudo jamf help recon" so you can see the flags:

Usage:   jamf recon


    -saveFormTo     Saves the contents of the HTTP form to a file


The following options allow you to specify inventory information for the computer:

    -assetTag       The asset tag of the computer

    -endUsername    The user name of the primary user

    -realname       The real name of the primary user

    -email          The email address of the primary user

    -position       The position (job title) of the primary user

    -building       The text representation of a building in the jSS

    -department     The text representation of a department in the JSS

    -phone          The phone number of the primary user

    -room           The room that the computer is in

    -ldapServerID   The JSS ID of the LDAP server to which the primary user belongs

    -userID         The user ID of the primary user's account in the LDAP server.


The following options allow you to update the computer's management account information in the JSS:

    -sshUsername    A username that is used to connect to the computer over SSH.

    -sshPassword    A password that is used to connect to the computer over SSH.

    -sshPasshash    A hashed copy of a password that is used to connect to the computer over SSH

EDIT: To clarify, create a package with a postinstall script that uses the AppleScript dialogs and the jamf recon command accordingly. Alternatively, you could also have a script by itself. Have that package (or script) run on enrollment via policy using the "enrollment complete" trigger.

adamcodega
Valued Contributor

Agreed, you can set department and etc with the Recon command, don't have to touch the API.

While I don't ask the user for their username, I do use cocoaDialog to set department in my enrollment script, triggered by "On Enrollment". You can check it out on my GitHub.

thoule
Valued Contributor II

Here's an example using basic shell and applescript

#!/bin/sh userDept=$(osascript -e 'tell application "SystemUIServer" set myDept to text returned of (display dialog "What is your dept?" default answer "") end tell') /usr/local/bin/jamf recon -department $userDept

diana
New Contributor II

Wow that's a lot easier, no way to reference the Departments currently in my JSS though?

bpavlov
Honored Contributor

You would need to use the API for that. Here's what I use. It's meant to be run in a postinstall script in a package. I had to strip out other parts because it's part of a bigger script so I recommend testing it.
The script gets you the information via the API and places it in a text and XML file.

#!/bin/bash

#Working directory for script to reference resources
declare -x install_dir=`dirname $0`

#Enter in the URL of the JSS we are are pulling and pushing the data to. (NOTE: We will need the https:// and :8443. EX:https://jss.company.com:8443 )
jssURL="https://jss.company.com:8443"

#Enter in a username and password that has the correct permissions to the JSS API for what data we need
jssUser="username"
jssPass="password"

#Get list of departments from JSS
/usr/bin/curl -k -v -u "$jssUser":"$jssPass" "$jssURL"/JSSResource/departments -X GET -o "$DeptXML"

#Default file path we will use to place XML file for JSS API submission
#Feel free to edit these to the location of your choice
declare -x DeptTxtFile="$3/Library/Management/Firstboot/dept.txt"

#Name for XML files pulled from JSS
declare -x DeptXML="$install_dir/departments.xml"

#Create directory for firstboot upload
#Feel free to edit these to the location of your choice
/bin/mkdir -p "$3/Library/Management/Firstboot/"

function Dept(){
tmpDeptFile="$install_dir/DeptList.txt"

Dept=$(xpath "$DeptXML" '/departments/department/name' 2>&1| sed 's/-- NODE --//g' | sed 's/<name>//g' | sed 's/</name>//g' | sed 's/Found.*nodes://g')

IFS=$'
'

for i in $Dept; do
    DeptsArray+=($i)
    /bin/echo $i >> "$tmpDeptFile"
    /bin/chmod 777 "$tmpDeptFile"
done

department=`/usr/bin/osascript <<EOT
    tell application "System Events"
    with timeout of 43200 seconds
    activate
--  Create an empty list called DepartmentsList
    set DepartmentsList to {}

--  Populate list with contents read from a file
    set DepartmentsFile to paragraphs of (read POSIX file "$tmpDeptFile")

--  Iterate through each line in file to add to DepartmentsList
    repeat with i in DepartmentsFile
        if length of i is greater than 0 then
            copy i to the end of DepartmentsList
        end if
    end repeat

--  For testing to make sure the right number of items are counted in the list
--  display dialog count of DepartmentsList
    choose from list DepartmentsList with title "Department List" with prompt "Please select a department to associate to computer:"
    end timeout 
    end tell
EOT`

/bin/echo "$department"
}

if [ -f "$tmpDeptFile" ]; then
    rm -f "$tmpDeptFile"
fi

/usr/local/bin/jamf recon -department "$DeptTxtFile"

Like I said you may want to test this.

thoule
Valued Contributor II

If you want to pull DEPTs from your JSS, then you do need an API call as @bpavlov says. Be careful with the name and password in there as your users will be able to see that code and use that name/password for evil.

Another option is to create an Applescript Xcode app instead of basic applescript which lists the same departments as your JSS. Benefit: easier to write for non-scripter. Downside: update a Dept in JSS, you'll need to rebuild the app. I posted a little page recently on how to create a simple xcode app. http://tmhoule.blogspot.com/2015/10/empower-your-users-with-simple-xcode.html

EDIT: You could put the deptartments right in the Applescript, but you'll need to edit this script if/when you change your departments.

#!/bin/sh userDept=$(osascript -e 'tell application "SystemUIServer" set myDeptList to {"one","two","three","four","five","six","seven"} set myDept to (choose from list myDeptList) end tell') /usr/local/bin/jamf recon -department $userDept

diana
New Contributor II

Appreciate the help everyone! I'll have to give these a go, definitely want to steer clear of having the username and password in plain text...

Cheers!

brock_walters
Contributor

Hi guys -

I posted this a few weeks ago on Linkedin but I think it's worth a look in this case. Here's how JAMF IT handles deploying scripts that have security-sensitive parameters potentially in plain text:

github.com/jamfit/Encrypted-Script-Parameters

Enjoy!

robertojok
Contributor

This is interesting stuff. I would like the same mechanism implemented in our environment so users can select their Site, department and room during enrolment.

gerald_fernando
New Contributor

Hi Guys

i know this is an old discussion and i am bit new to casper. Just one question to "thoule" the script you provided works fine but if there is a space in between a department name e.g press office, JSS will not update the assets department accordingly. Any reason why? thanks

thoule
Valued Contributor II

@gerald.fernando

You would need to quote it so it is seen as a single parameter.

/usr/local/bin/jamf recon -department "$userDept"

gerald_fernando
New Contributor

Thank you...!!! that worked.

beatlemike
Release Candidate Programs Tester

@bpavlov weird I just get connection errors

connect to 34.196.76.108 port 8443 failed: Operation timed out