Change your Update policy to be this
jamf recon -endUsername `who | grep -i console | head -n 1 | awk '{print $1}'`
This Couppled with the servers LDAP lookup options means the JSS does all the LDAP lookups for you, no need to have the client do strange things