5. HOME DIRECTORIES.
The home directory settings consist of three areas:
- What to do
- Home directory source
- Settings.
Currently
the following options are available, the first two are available in both Homes
and MassUser. The others are only available in the licensed version of
MassUser.
Homes and MassUser:
- The program can create/repair home directory information (the NDS home
attribute, the directory entry, or directory attributes) make sure you set the
home directory source and settings.
- The program can delete home directories, it always uses the home directory
attribute in NDS. It will delete all files and directory entries in the home
directory of a user. Before deleting it it will clear any read-only or delete
inhibit flags. There is no confirmation requested or done before a
delete. See the chapter "Delete Home directories" for more information on how
to do a conditional delete and/or user object delete.
MassUser only:
- Copy home directories - The program uses the home directory attribute as the
source of the home directory to copy and you can define the destination with
useBelow or a selection file (LDIF or CFL/CSV).
- Find Obsolete directories. For more information see the section "Find
Obsolete directories".
- Export home directory attribute. The program will create a LDIF-file with the
"dn" and "home directory" attribute. You can use this file as a backup of the
home directory attribute.
- Check Home directory. No other settings are required. For more information
see the section "Check Home directory".
- Home directory UserSpace/DirectoryQuota Export
- Read homedirectory from disk and compair character case
- check unique Posix home directory (only if the eDirecotory schema contans the
correct classes)
- check unique Apple home directory (only if the eDirecotory schema contans the
correct classes)
- no operation, only mapping option for extra dir.
There
are six options for selecting the source of the home directory.:
-
The NDS-home directory attribute
|
Use
this source if the attribute is set and you want to update/change a home
directory entry or attributes like trustee rights or quota's.
|
-
Template
Only MassUser and if a template is set on the user page
|
The
program uses homedirectory information of the given template. The rights to the
homedirecotry in the template are iignored. The program will use the settings
under "Trustee ......"
|
-
HomeDirectory from file
|
See
selection file for more info
|
-
Use Mapping file
|
see
homedirectory mapping file
|
-
Regular Expressions (massuser)
|
see
regular expressions
|
-
Select a volume and optional a "base" directory
|
The
program will add the login name as a subdirectory to this path. Warning:
if the login name is longer than 8 characters you need to have long filename
support on the home directory volume, there is no check for this. See also
extra options path definitions
|
A
copy or move requires two directories, the program will always use the
home-directory attribute as the source of the copy, and one of the other
homedirectory sources as the destination.
For more information on copy/move see chapter Copy/Move home directories.
Not
all options ("what to do") need additional settings. But the following will
require additional settings: "repair", "copy" and "find obsolete".
Use
this option if you know that the NDS-attribute does not need updated. By
leaving it selected even when the information is up to date you will generate a
lot of unneeded NDS traffic.
You
can use this option in cases where you know that the directory entry already
exists. For example you may want to set this option if you want to update the
user-space restrictions or want to set the owner-attribute of all files and
directories in a home directory. The program will write an error message to the
log-window if a home directory doesn't exist.
The
default settings are:
- all file-rights for the user in the home-directory except access-control.
(trustee-rights)
- Delete Inhibit and Rename Inhibit directory attribute, so the users can't
delete/rename there own home-directory.
By deselecting this option, the program will not set the trustee-rights and/or
directory attributes.
Other trustee rights to existing home-directories are always preserved.
This
option is useful if you migrate the home-directories from one server to another
and you have userspace restrictions turned on. In most cases the owner of the
files is changed to the user that moved the data, so userspace restrictions do
not work correctly then. When you turn this option on the program will set the
owner for all directories and files. This can take a very long time depending
on the number of files on the server. If you are using MassUser to copy the
data and set the home-directories, in most cases it is best to turn this option
off because of the time concern. Once the data has been copied run the program
again with this option turned on and it will go back through and set the new
owner.
sample settings:
* Select the correct "selection" context/group......
* Check Home directories (is default)
* Select repair home directory
* select Use HomeAttr in NDS for creation Homedir.
* check Do not create directory
* Uncheck the Set trustee rights and directory attribute. (default is
checked)
* do not check set userspace and directory quota's (is default)
* check Set Owner.
Select
the directory where the program can find the default directory structure. This
can be local or the network. See also the free program defstruct on the website
and its configuration for more information.
On this tab-page you can set the UserSpace restrictions or DiskQuota's. For
both options the same conditions are available.
-
`Fixed value' - all home directories get the same Userspace Restriction or
DiskQuota.
- `Set if user has no space restriction set' or `Set if no DirectorySPace
restriction is set on homedirecotry' - The program will only set restrictions
for users who currently have no restrictions set.
- 'Minimum value unless, all users with a Userspace Rest or Diskquota smaller
than the value given, will be set to the value. All users without a
restriction/quota or larger value will be left alone.
- `Value is minimum free space' - all users that have a smaller free space,
will be modified. If user has no space restriction, then the request is
ignored!
- Add value - adds to all restrictions/quotas the given value if max is left
blank. You can restrict the restrictions/quota's to a max-value, fill in the
value in KB. If a user has no restriction or already has more than the
max-value, its restriction will not be modified. By entering a negative number,
the userspace restrictions are reduced. Note: No check is done for
users using more than they have!
-
If
you have selected a CFL/CSV selection file, you can also use this file for
setting the userspace restrictions. All conditions above are valid, only the
value used is read from the CSV-file. The max-value cannot be set by the
CSV-file, you can leave the value-field blank.
If you want to remove a Userspace restriction or DiskQuota, enter the value
0 (zero).
(For users of versions before 2.14, you now have to enter 0 to remove these
restrictions, leaving it blank for deleting restrictions is no longer
allowed).
Fill in the amount in KB (multiple of 4Kb).
WARNING
Be careful if you set a lot of DirectoryQuotas on a NSS-volume which
currently did not have Direcotry Quotas set. This can cause the server to
become very slow if there are a lot of subdirectories in the home
directories. In this situation it is best to select fewer users at once, and
give the server time to process the DirectoryQuota set option. This should be
resolved in Netware 6.5.
For
the problem above there is an extra option on the User/Dir space tab. If you
turn on this setting you can specify how long the program should wait after
setting a userspace restriction or directory space limit. The program will wait
after every user it updates.
Only
available in MassUser and if the schema contains the correct classes.
Here you can define how the program should create/modify the apple and poisx
homedirectory.
For the apple and posix homedirectory the simular rules apply for the
definition of the homedirectory. The program can not copy/move apple/posix
homedirectory data, it can only set the new location!.
The
apple-homedirecotry information is stored in an auxiliary class that is added
to the user object. The program can add this auxiliary class automatically
(with default empty mandatory attributes), or you can skip any user object that
does not have an auxiliary class attached to it.
For Posix the program will always add the auxiliary class, This class will also
be added if you add the Apple class
The
homedirectory isn't actually deleted, the directory is only cleared. Any
file/directory is deleted even if the file/directory is readonly, delete
inhibit.
This
option is only available in Homes.exe in MassUser use the User main-tab and
select delete action.
Note: The program will not delete any Groupwise account. Be sure there
are no other dependencies on the user object. This can be a very dangerous
option. The program will warn you if you try to delete more than 10 users at
the same time. (note option is not supported in version 3.02).
confirmation will be supported in the future.
The
program can copy the home directories of the user(s) to another location. You
can copy the files onto the same server or over to another server in the
same tree. The copy function will use the long-names for the copy. The
DOS-names aren't preserved, so if you have applications that uses the dos-names
it may be a problem! The copy option has 6 additional settings on an additional
sub-tab page:
- verify data after copy, this will slow-down the copy action
dramatically.
- delete after copy, it is actually a move action.
- attributes, if checked the program will also copy the attributes like
modifier, creation date etc.
- trustee, if checked the program will copy the trustee assignments.
- Always/Newer, if always is selected, the files are copied even if the file
already exists. If newer is selected, only newer or non-existent files are
copied.
The program will use the Home Directory attribute of the user as the source
and depending on the settings it will use the csv-file/ldif-file information or
the given value for the destination (or mappingfile). The program checks to see
that source and destination aren't the same, if it didn't in combination with
"delete after copy" this could be dissaterous for your data. (since everything
would be gone!!).
Warning: There is no test for directory overlap, so don't make the
destination a subdirectory of the source or the source a subdirectory of the
destination, since this will result in a "endless" loop and it will fill-up the
volume.
If "set Owner" is selected, then the creator (=owner) attribute of all
directories and files are set to the user of the home directory, even if
attributes aren't selected.
The situation "delete after copy" checked, and "do not set home directory
attribute" checked will cause a problem, because the home directory attribute
of the user points to a non-existent directory.
Any file that couldn't be copied for some reason will not be deleted
even if the option "delete after copy" is set!
Warning: The program doesn't check to see if there is enough space to
copy, make sure there is enough disk-space and there are no restriction set or
that these are sufficient!
This version will only copy the file-data and optionally the (DOS) attributes
and Trustees. Mac and NFS information is not copied!
From version 2.19 and up:
After the copy, the program will apply any userspace or directory quota
restictions if they are set.
The option "Set Trustee and Directory Attributes" is also processed in this
version.
The
program first collects all the home directory attributes of the selection. It
will then read all the subdirectories given by "Use volume/path selection from
below". The program will match the subdirectories with the collected home
directory attributes. The program can match home directory definition where the
"path" part start with "\":, "\\" or no slash.
On the tab Obsolete, it is possible to select the option "Delete Obsolete
Directories". The program will delete the directories that belong to nobody.
(In the next version the program will also look at trustees!)
If the option confirmation is selected the program will find the obsolete
directories and will show the list. Select all the directories that must be
delete and select the button on the right (cross). The green/red checkmark wil
select/unselect all directories. The "leave" button is leave this screen and
the directories are not deleted.
The option export is not supported yet., and there will be an option for
excluding directories in the furture.
The
program will do three checks. First it will check for the existence of the
home directory attribute. Then it will look for "multiple" users of the same
home directory (two users have the same home directory). Finally it will
check for the existence of the directory.
The
program shows a new window:
You can sort on any column by clicking on the column header. If you want to
save the information in a CSV-file, select save. At this point another window
will appear where you can select what information you want to save:
You can select which column you want to export. If you check Header line, the
program puts a header line in the CSV-file.
If you select Username and User Context and Volume Limit or Directory Quota
then the program can also create a CFL-file. You can use the combination of the
CFL/CSV-file for updating the UserSpace restriction or Directory Quota.
You have to give the csv-file a name to save as.
If
there is a one to one relation ship between a context (subtree) and the
location of the homedirectory, then a mappingfile can define the relationship.
In MassUser the mappingfile can also define the relationship for a posixAccount
homeDirectory and apple-homedirectory.
Sometimes the character case in the eDirectory and the filesystem aren't the
same. On Windows/Netware this is not a problem, but if you are using apple
and/or unox/linux this will be a problem Sometimes you want to "normalize" the
character cases of the homedirectories. There are 5 selection options and 2
extra repair/fix options
.
Update
Directory
|
The
program will read the path from the homedirectory attribute, if the case is
different, then the path name on het filesystem is updated
|
Update
NDS
|
The
program reads the path name from the filesystem and will update the
eDirectory-homedirectory attribute if different
|
Force
Capitals
|
This
will force the user directory to uppercase, and will update the filesystem and
eDirectory
|
Force
Lowercase, cap first
|
This
will force the user directory to lowercase, and will then force the first given
number of characters to uppercase. 0 will lead to all lowercase. After that it
will update the file-system and homeDirectory attribute.
|
Just
cjeck below
|
This
will only do the two other repairs/fixes that are available
|
|
|
Remove
trailing space
|
Sometimes
there is a trailing space added to the homedirectory path in the eDirectory
(most common due to LDIF import). This is not a problem for windows and the
MAP.exe, but not all applications remove this space
If checked, then the program will remove the space
|
Normalize
slashes
|
It
is pefectly legal to use a / of \ in a path definition for homeDirectories in
the eDirectory. This option will replace any / to \ in the path definition of
the homedirectory attribute in the eDirectory.
|
The
program will check all the posix or apple homedirectories of the current user
selection. The program will report any non-unique directories. There are no
additonal settings. This option will only be available if the schema does
contain the correct classes.
If
you do want to use the mapping option in combiantion with the extradir, and you
don't want to change anything to the users homedirectory, you can select this
option. This will enable the mapping option on the ExtraDir main tab and
enabled the mapping sub-tab, so you can set the extradir option there.
to
do...
This
is an option to make the homedirectory mapping conditional on the context where
the user object is located in the eDirectory. There is also an extra option
where (some part of the) name also definies the homedirecotry path.
First select the mapping file of create a new file (N-button).
This option is only used in combination the the apple/posix options. For
just a netware homedirectory you can skip the page (uncheck Attribute
query).
On the user query tab you can select with attribute used be used for the query
(cn or uniqueid). Then where to look in the attribute value (starts with,
contains or ends with)
Fill in the edit window on the right the string to look for then a "=" and
then at least two values seperated with a comma, the first value is the GID??
and the second value can be use for substitution in the Apple/Posix path
definitions. You can give more values and use those for substitutions. This all
is setup for a large primary school.
On the OU-mapping tab, there are 4 buttons at the bottom.
- Edit (or dubble click a line)
- Add: Creates a new line
- Del: removes the selected line
- Save: saves the mappingfile
On edit and new the program will show the following window:
First give the context where this mapping must be applied.
Fill in for the different options the correct directory path. Apple and Posix
will only be enabled if the schema contains the corrrect classes. Extra in this
option is that you can overwrite the global setting for the userdirectoryname.
(default cn). Here you can select also the UID (uniqueID). For extra directory
there also an option for using an other attribute, you have to set the
attribute name on the extra-directory main-tab (for all context you have to use
the same attribute).
There are a few extra character sequences you cna use in the path definitions:
%a1,%a2,
%a3. %a4, %a5
|
The
program will take the 1 to 5 first character of the user (CN or UID) and
replace the %ax with the characters. This can be usefull if you want to put all
the users with the same starting character into a subdir.
e.g. somepath\%a1
all users starting with a will be created in somepath\a\username and all
starting with k in somepath\k\username
|
%nn
|
This
is a special situation, %nn will be replaced by the username, but the program
will not add the username at the end of the path anymore. This can be usefull
if you want to create a path like somepath\username\somedir
define somepath\%nn\hdir.
e,g,
user booj will give somepath\booj\hdir as the homedirectory.
|
*w1*
...*w<nr>*
|
This
is used in combination with the user query option., w1 is the second value
after the = entered on the user query tab. If you did give more values you can
use *w2* etc
|
For
Posix there is also an option the set the GID. uitzoeken
See also "Extra options for path definitions" for more complex mapping
functions.
The program supports regular expressions based on the full user name
(untyped) or commonname.,
Depending on the selection for regular expression some or all the options above
are enabled. Here you can select which attribute to use for the regual
expression and if you want the user context too for the expression (so you can
create "context" sensative mappings)
For every enabled option (netware/apple/posix) you have to give the expression
rules.
In the sample below, all users with there names starting with a A until K have
there homedirectory on volumeAK and L until Z on volumeLZ. On the general tab
the add context settings is unchecked and on the netware tab the following two
expression rules are entered. Because regualr expressions are case sensative,
there is a check on lowercase and uppercase characters. For the template you
have to give the UNC-path. Because a \ has a special meaning in regualr
expressions you have to give a double backslash.for every \ you want to enter.
(so you need to give 4 \'s in from of the servername 2 between de servername
and volume and two between de volume and path. If there are extra
subdirectories don't forget to give the extra \.
On edit or dubble click a line and add the program will show:
Enter the expression and enter the "template".
Warning: at the moment the program can't handle a = in the expression and/or
template!
On the test tab, you cantest your expressions.
Give the username in the edit box above the Test-button. Press test and the
program will show you the result. If there is no match then the program will
show an empty result. So you know that your expression isn't correct or you
need to add an extra expression.
The program wil evalutate the expressions from top to bottom until it find a
match. You can change the order of the expressions with the two blue arrow's on
the left. So you can add new exceptions to your rule set and place them at the
correct level.
See also chaper Regular expressions, there is a complete overview of the
regular expressions and there are a few more samples what you can do.
In
the path part definition of a homedirectory you can use the following special
character sequences.
%a1,%a2,
%a3. %a4, %a5
|
The
program will take the 1 to 5 first character of the user (CN) and replace the
%ax with the characters. This can be usefull if you want to put all the users
with the same starting character into a subdir.
e.g. somepath\%a1
all users starting with a will be created in somepath\a\username and all
starting with k in somepath\k\username
|
%nn
|
This
is a special situation, %nn will be replaced by the username, but the program
will not add the username at the end of the path anymore. This can be usefull
if you want to create a path like somepath\username\somedir
define somepath\%nn\hdir.
e,g,
user booj will give somepath\booj\hdir as the homedirectory.
|
It is also possible to add some more advanced options in the path definitions.
This can also be used in combination with mapping and regular expressions.
%value(attributename)
|
copy
of the first** value of the given attribute of the current user
|
%substr(attributename,start,length)
|
a
substring of the first value of the attribute (see below)
|
%strstr(attributename,length)
|
the
first (length) number of characters of the first value of the attribute
|
%endstr(attributename,length)
|
the
last (length) number of characters of the first value of the attribute
|
** If a multivalued attribute is given, then the program will only use the
first value. It is possible that the eDirectory gives different first values on
different runs of the program!
The
program will copy length number of characters from the value of the attribute
starting at the given (start) position. The first position character of the
value is 1 (one). If there are less character than length in the value form
start to end, then the resturned value is shorter than length and is equal to
all characters from the start position to the end of the value. If the start
position is beyond the end of the value-string then nothing is returned!
|
