OS X (Apple)

copy and paste the script in AppleScript

or


use a text editor and create a Shell Script

Code:

#!/bin/bash
clear
bold=`tput smso`
offbold=`tput rmso`
echo "Section 1";
aName=joeuser

#check for user
CKU1=`dscl /LDAPv3/ldap1.mydomain.com/ -read Users/$aName RecordName UniqueID`
echo -e "--------------------------------------------------- ";
echo $CKU1
echo -e "--------------------------------------------------- ";
if [[ -z $CKU1 ]] 
then 
echo blamo the account is NOT active on ldap1
else
echo -e "\033[33;32m OK \033[31;0m,.. the User is\033[32;32m ${bold} ACTIVE ${offbold}on LDAP1 \033[32;0m"
fi

So I've tried to copy/paste both suggested codes from [MA]Flying_Meat and the most recent one from doctorfoo1 into AppleScript, but when I go to save out and compile both error out with a syntax error.

[MA]Flying_Meat: yours errors on line 2 right at the . after dscl

doctorfoo1: yours errors on the ` just before tput

I'm beginning to remember why I got so frustrated trying to learn java and giving up.

okay ,..
your probably getting a dscl error. have you tried the dscl read directly in the terminal ?

Code:

dscl /LDAPv3/ldap1.mydomain.com/ -read Users/$aName RecordName UniqueID

if that fails, you need to connect your MAC ( the one doing the work ) to the Directory.
depending on your OS version, open Directory utility and add your LDAP server to the list of services and search policies.

osx 10.6.8 you'll find the utility in /System/Library/CoreServices/Directory Utility

"Users log in with their AD accounts and user folders are created locally and pulled from the default new user template that I've modified to suit our environment."

I presume the account credentials are cached locally. If not, then all you have to do is remove the home folder.

If the account credentials are cached locally, then the user can log in without a network connection. You will need to delete the locally cached user account data using the dscl command.

You can try:
dscl localhost -read...
or:
dscl localonly -read...

But dscl . -read... is valid according to the man page for dscl:
man dscl

ldap may be a dead end, as you are binding machines to AD, which doesn't generally require configuring the generic ldap directory service at all.

All of the machines are already bound to the Active Directory from the Directory Utility. At this point all units are on 10.6.8, we'll soon be moving to 10.7 however I'd like to get this figured out prior to the upgrade. User account data is not cached to the machine so if the network cable is unplugged and I delete the Home folder for a specific user, they are not able to log in again until that network connection is reestablished so it can find the AD when someone tries to log in again.

In the past I've simply gone around to each machine about once a week and removed the entire contents of the /Users folder in the Terminal using sudo and rm -R, except for the local admin and the Shared folder. So I'm just trying to script that manual process.

Does that help clarify?

When I paste the script you wrote into AppleScript Editor [MA]Flying_Meat, I then hit Compile, and then it errors. Should I not be trying to compile this? And when I just go to save it as LogoutHook.sh and not compile, it says I have to save it as a .scpt. Should I be trying to save it as just text? (If it can ever get to that point)

It is a shell script, which is basically just a strict text document with execute privileges.

My favorite text editor is TextWrangler. Its free and saves documents as text by default. TextEdit can too, but you need to set the preferences to save as text, and be aware that the Lion version of TextEdit is known to save version info, which can muck with what otherwise would be strictly text. Get TextWrangler from the BareBones web site, not the App Store, as the App Store version is a little crippled due to App Store policy. It's a great product.

If you would like to become more familiar with Unix text editing, but require a somewhat smaller learning curve than VI, then try using nano.
There is a help menu at the bottom of the nano "window"

sudo nano LogoutHook.sh
You can copy and paste into the nano window at the current cursor position, but with most things Unix, there isn't much in the way of mouse support within the application. :P

Ok, I've got the script in place, and the write command set, but I think the code had an error in it?

Code:

# If user is an admin, exit script 
dscl . -read /Groups/admin GroupMembership | grep -q "$USER"
if [ "$? -eq 0 ]; then
# the next line could be substituted for the previous 2 lines
#if [ $USER = "adminuser1" ] || [ $USER = "adminuser2" ] || [ $USER = "adminuser3" ]; then 
echo "LOGOUT: admin folders will not be deleted."
exit 1
fi 

# If home directory exists, delete 
if [ -d "/Users/$USER" ]; then 
echo "LOGOUT: user account cleanup."
rm -R /Users/"$USER" 
dscl . -delete /Users/"$USER"
fi 
exit 0

I put a closing " after the first if [ "$? -eq 0 and now it runs properly. Hehehe, however, it didn't see my admin user as an admin and wiped that out. When I use the substituted line that specifies the user it then works properly.

Totally awesome. Thank you so so much for the help.

Now, is there a way to put a time stamp on that? So say I want to delete the user folder after a period of 24hrs. So if a user doesn't come on that machine for 24 hrs then it gets wiped, but if they happen to come and use that same machine within the specified time period, it skips it.