[Casper] Open Directory binding
Thomas Larkin
tlarki at kckps.org
Thu Aug 14 15:16:58 PDT 2008
I bind all clients to the ODM in the image, and then have post imaging and building level subnet policies that will rebind the client to the specific ODR that is in that building. here is my script.
#!/bin/sh
#This script binds a 10.4.11 or 10.5 client to an LDAP (OD) server.
oldserver="odm.domain.com"
newserver="odr.domain.com"
/usr/sbin/dsconfigldap -r $oldserver
/usr/bin/dscl localhost -delete /Search CSPSearchPath /LDAPv3/$oldserver
/usr/bin/dscl localhost -delete /Contact CSPSearchPath /LDAPv3/$oldserver
sleep 10
/usr/sbin/dsconfigldap -a $newserver
/usr/bin/dscl localhost -create /Search SearchPolicy dsAttrTypeStandard:CSPSearchPath
/usr/bin/dscl localhost -merge /Search CSPSearchPath /LDAPv3/$newserver
/usr/bin/dscl localhost -create /Contact SearchPolicy dsAttrTypeStandard:CSPSearchPath
/usr/bin/dscl localhost -merge /Contact CSPSearchPath /LDAPv3/$newserver
So, effectively it removes the binding to the ODM, sleeps for 10 seconds for all connections to clear and then rebinds the client to specified ODR at the building the client is in. This helps reduce traffic for authentication over the WAN. I have it as a post image script and a policy that runs once per a computer on smart groups based on VLAN.
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
cell: 913-449-7589
office: 913-627-0351
>>> <NATHANIEL.LINDLEY at spps.org> 08/14/08 4:28 PM >>>
Can someone point me in the right direction for pushing/automating Open
Directory binding with Casper Remote or policy? I'm thinking it will be
dscl commands on 10.5, but will that work for 10.4?
We need to remove current OD bindings from clients and then create a new
OD binding on a whole bunch-o-machines.
Thanks,
-Nathaniel
SPPS
More information about the Casper
mailing list