4. USER
This chapter need to be updated for version 3.xx.
Action on user objects.
At the moment there are three operations that can be executed on a user
object:
- Update: the selection of users will be updated by a template or
some attribute to be cleared. If a CFl/CSV file is selected the objects can be
updated with information from the csv-file.
- Create: Only available in combination with a csv-file. The attribute
information can be based on information from the csv-file and/or a template. In
case of a combination and duplicate attribute information the information from
the csv-file will be used. If you want to create users with a LDIF-file and
want to "add" a template, you have to use ICE or ConsoleOne for the import of
the user objects, and then use the LDIF-file as a selection file and select the
template. The program can also create a Groupwise account, based on information
from the template of CSV-file.
- Delete: The program can delete user accounts and Groupwise account. At
the moment the program can not delete the NDS-account and leave the Groupwise
account, because the the information in the Groupwise database is not correctly
updated.
- Rename: Not implemented yet.
- Move: The program can move users withoin the tree to another location.
If the user has a groupwise account, then the program will also update the
groupwise information. You have to use a csv file.
- Export: This is possible to create an export of all the Text and
numeriek attributes of an user selection.
- Delete values. Not implemtend yet.
- Check uniqueID. The program checks it the uniqueID value in the
eDirectory is unique in the selection.
- Check CN length <20 (and unique). This can be important if you use
the CN value for apple user accounts.
If
a csv-file is selected, it is possible to use the csv-file as the source of
attibute information to be updated or during a create. If set, there will be an
extra sub-tab-page Attr-CSV available. On this page it is possible to select
the attributes that must be read from the CSV-file. Default all defined
attributes of the CSV-file will be used. On the Attr-CSV tab there is an option
"Clear attribute before update", default this option is set. This option will
prevent multiple values to be added to multivalue attibutes like "Given Name,
Surname", during a update.
Plaatje
toevoegen
It is possible to update a user-object with the information of a template. To
do this you have to select the template object and select the attributes you
want to update on the Sub-tab Template and set the option "Execute Template".
The option "Do Not add to Template" will prevent that the user is added to the
memberlist of a Template. If you just want to update some information of
User-object this can be usefull. If "Execute Template" is not set, then the
program will just add the user to the membership attribute of the template (if
"Do Not Add to Template" is not set).
The program cannot execute a setup script!
Also, there is an option to add DLL support for custom support of attributes.
These attributes are red in the window above. It is possible to add a max of
255 dll's for custom attribute support. For more information see the section
"Configuration".
Information about the template dll's can be found in the last chapter "DLL
Support HOMES"
It is possible to remove attributes from a user-object. On the sub-tab
"Clear" you can select which attribute need to be removed. Warning: You can not
remove mandatory attribues and deleted is deleted, there is no revoke
option.
Template attributes are marked in red. It is not possible to delete naming
and mandatory attributes (they are visible in the list! (surname is
mandatory)). Check all attributes that need to be cleared.
In a template object there are attributes that belong to the template object
and there are attributes that are used for the settings of the User object. See
TID 2909062 on the Novell website.
See Appendix A for more information.
There
are 6 options for settinging the password.
- Generate random
- Read from CSV-file only in combination wit csv-select file
- Use Password dll
- Use Template support dll only in combination with Template and a dll with
password support
- Read from Passwod file
- Clear password.
You cab set the netware and/or groupwise password.
update user password The netware password will be updated.
update GW password The GW password will be updated, depending on the
setting
"GW-passw is NDS passw"' ,,,,,,
The
program can create an alias for the users in the selection. You have to give
the "context" where the aliases must be created and it is possible to prefix
and/or suffix the "Username" with the given text. Leave prefix and suffix blanc
if the Alias name must be the same as the user object.
On
this page you can add groupmembership, organization roles, Groupwise
Distribution Lists and Applicatians. On the right of the tab-page there is a
scroll bar, on scrolling down the distribution and appliations options will
show.
Here
you have to select which source the program uses for the information about the
groups, roles etc. There are three options at the moment:
- Direct, Fill in the information in this tab-page, and the program will use
it.
- Def-file, a def-file contains the information about the alias, groups etc,
See the paragraph "Def-file" below. Fill in the filename to be used as the
definition file in the box directly below the source option.
- CSV-file. This option is not supported yet.
-
Set
"add groupmembership" and add all the groups that need to be added. There is no
option yet for creating groupmemberships with the CSV-file. This can also be
done with the option Template where the group definitions are given in the
template.
Set
"add roles" and add all the organizational roles that need to be added. There
is no option yet for creating role memberships with the CSV-file.
Set
"add Distribution Lists" and add all the Distribution lists add Groups (that
are distribution lists).
Set
"Add Applications" and add all the application opbject the user must have. At
the bottom of the page, it is possible to set the association flags.
to
do:
There
are three delete options:
- Delete user account, leave Groupwise account (not possible at the
moment)
- Delete User and Groupwise account
- Delete Groupwise account but leave User-account.
The
program needs a "context mapping file"so It can map the old user context to the
new context. There are three types of mapping:
- user dn to a new context
- a container to a new context
- top of a subtree to a new top of a subtree.
No other information is needed at the moment, new versions will need more info.
The program will show a new tab "move" on the tab it is possible to
create/select the mapping file.
Example:
Tree:
wb
+ dh
+ auta
+ hv
+ auta
+ subc
+ fina
+ civw
+ lb
+ auta
+ tw
+ auta
+ subc
+ fina
+ civw
mapping info:
old
location
|
maps
to
|
|
booj.auta.tw.wb
|
auta.lb.wb
|
different
users from the same context to a different locatio
|
berm.auta.tw.wb
|
auta.hv.wb
|
|
|
|
|
auta.tw.wb
|
auta.dh.tw
|
all
users to a new location (no checkmark before context)
|
|
|
|
tw.wb
|
hv.wb
|
top
of subtree. (checksign before the context)
|
The
program will first try to map the users to there new location, if there is no
user extry, it will try to map the context of the user to the new location. If
there is still no mapping it tries to find a "subtree mapping" If ther is still
no mapping the move will fail. The order of the mapping rules are unimportant,
the program will sort the mappings.
In the example:
- booj will go to auta.lb.wb
- berm will fo to auta.hv.wb
- all other users in auta will be moved to auta.dh.wb
- all users of subc.aut.tw.wb will be moved to subc.auta.hv.wb
- all users of fena and civw will be moved to there contexts under hv.
- all users directly in tw will be moved to hv.
It is possible to move users from one level to another level in the
eDirectory.
At the moment the destination context must exist, otherwise the move will fail.
With the button create mapping file it is possible to create a mapping file for
al users in the selected context of for just all the subcontexts. The program
will also ask for the filename.
After creating the mappingfile the program will show the result in the left
(source) column of the window above. Here you remove any context mapping that
is not needed and add user of other context mappings.
Select every context in the source column and select edit (or double click
value). The program shows the following window:
Select the destination.
The program will add the current treename to the contexts, at the moment it is
only possible to move user within the tree, in a next version the program can
move (copy) users to a different tree. Don't forget to save the information
(blue floppy on the right).
The structure of the mappingfile:
AUTA.TW.WB.TEST=AUTA.DH.WB.TEST;0
TW.WB.TEST=HV.WB.TEST;1
Booj.AUTA.TW.WB.TEST=AUTA.LB.WB.TEST;0
Berm.AUTA.TW.WB.TEST=AUTA.LB.WB.TEST;0
On the left is the old context (extended with the treename) and on the
rights after the = there is the new context (extended with the treename)
followed by ;0 or ;1. A "1" means top of subcontext tree. It is possible to
create a mappingfile by hand, as long as the stucture is ok.
Use
the selection button on the right of the filename field. After selecting the
mappingfile the program will show the information. It is possible to change the
information. Don't forget to save the changed information.
This page will be moved to the maintab "other"so it can be used for moving
Homedirectories and Extradir in future versions (especially inter tree
move/copy).
This
function lets you export all the simple text, numeric and time attributes.
Typedname and other attributes will be supported in a future version.
On the general tab there are no usefull fields that can be set. On the new
tab "Export" you can select which attributes must be exported. The program will
create one of more exportfiles, depending on the definitions of the attributes
in the eDirectory and the file m2s.txt. Many attributes in the eDirectory can
contain more than one value e.g. MemberShip (the groups a user is member
of).
The program will create an extra file for every multivalue attribute in the
selection. At the moment only 19 multivalue values can be exported during one
run, all single valued values are saved in the first file.
Why does the program create a file for every multivalue attribute?
In the first file the program will create a record for every user in the
selection list, in the record are all the single value attributes. The records
starts with one or two fields depending on the setting "cn+context" or "dn".The
diffrence is that with cn+context there are two fields, the first will contain
the commonname the second field the context of the user. The combination will
be a unique key. If you don't want the cn and context seperate, you can select
the "dn" of the user in this case there is only one field with the fullname of
the user. This will be a unique key. The program will create for every
multivalue attribute a seperate file, the file will contain for every value of
the attribute a record with the cn+context of dn and the value. So the
combination of cn+context or dn can be used as a key in a relational database.
If the multivalue attribute of an user is empty then there is not record in the
export file for that user.
Multivalue attributes can be very usefull (file groupmembership), but there are
also a lot of attributes like givenname, surname that are multivalue but will
contain (in most cases) only one value. In the file m2s.txt it is possible to
"force" a multivalue attribute into a singlevalue attribute, the program will
put those attributes in the first file.
Part of the m2s.txt file (in the program directory)
employeeStatus=0
employeeType=0
Entrust:User=0
Equivalent To Me=1
Full Name=0
Given Name=0
Group Membership=1
Higher Privileges=0
homePhone=0
Initials=0
instantMessagingID=0
If a multivalue attribute is set to 0, then the program treats the attribute
as a singlevalue attribute. If a mltivalue attribute is set to 1 or is not in
the file, then the program treats is as a normal multivalue attribute.
internationaliSDNNumber=0
Internet EMail Address=0
IWS:User Comment=0
-
The black attributes are single valued attributes definitions in the
eDirectory.
- Blue attributes are "forced "single valued" in the m2s.txt file.
- Green are multivalued atrributes
-
There is no support for auxiliary classes available at the moment.!
Here the program will export Creator, givenname and groupmemberships:
On save there are three different "export file" formats:
- "value" <tab> "value" <tab> "value"
- "value" , "value" , "value"
- "value" ; "value" ; "value"
The program checks it the uniqueID value in the eDirectory is unique in the
selection.
This
can be important if you use the CN value for apple user accounts
|
