Visitor Stats


Visits today:20
Visits yesterday:72
Visits in this month:1043
Visits total:103850
Bots today:15


4. User

4. USER


 

Image

This chapter need to be updated for version 3.xx.
Action on user objects.
At the moment there are three operations that can be executed on a user object:

- Update: the selection of users will be updated by a template or some attribute to be cleared. If a CFl/CSV file is selected the objects can be updated with information from the csv-file.
- Create: Only available in combination with a csv-file. The attribute information can be based on information from the csv-file and/or a template. In case of a combination and duplicate attribute information the information from the csv-file will be used. If you want to create users with a LDIF-file and want to "add" a template, you have to use ICE or ConsoleOne for the import of the user objects, and then use the LDIF-file as a selection file and select the template. The program can also create a Groupwise account, based on information from the template of CSV-file.
- Delete: The program can delete user accounts and Groupwise account. At the moment the program can not delete the NDS-account and leave the Groupwise account, because the the information in the Groupwise database is not correctly updated.
- Rename: Not implemented yet.
- Move: The program can move users withoin the tree to another location. If the user has a groupwise account, then the program will also update the groupwise information. You have to use a csv file.
- Export: This is possible to create an export of all the Text and numeriek attributes of an user selection.
- Delete values. Not implemtend yet.
- Check uniqueID. The program checks it the uniqueID value in the eDirectory is unique in the selection.
- Check CN length <20 (and unique). This can be important if you use the CN value for apple user accounts.

4.1. Update/Create

4.1.1. Use Attributes from CSV-file.

If a csv-file is selected, it is possible to use the csv-file as the source of attibute information to be updated or during a create. If set, there will be an extra sub-tab-page Attr-CSV available. On this page it is possible to select the attributes that must be read from the CSV-file. Default all defined attributes of the CSV-file will be used. On the Attr-CSV tab there is an option "Clear attribute before update", default this option is set. This option will prevent multiple values to be added to multivalue attibutes like "Given Name, Surname", during a update.

4.1.2. Template.

Plaatje toevoegen
It is possible to update a user-object with the information of a template. To do this you have to select the template object and select the attributes you want to update on the Sub-tab Template and set the option "Execute Template". The option "Do Not add to Template" will prevent that the user is added to the memberlist of a Template. If you just want to update some information of User-object this can be usefull. If "Execute Template" is not set, then the program will just add the user to the membership attribute of the template (if "Do Not Add to Template" is not set).

The program cannot execute a setup script!
Also, there is an option to add DLL support for custom support of attributes. These attributes are red in the window above. It is possible to add a max of 255 dll's for custom attribute support. For more information see the section "Configuration".
Information about the template dll's can be found in the last chapter "DLL Support HOMES"

4.1.3. Template File.

4.1.4. Clear Attributes.

 

Image

It is possible to remove attributes from a user-object. On the sub-tab "Clear" you can select which attribute need to be removed. Warning: You can not remove mandatory attribues and deleted is deleted, there is no revoke option.

 

Template attributes are marked in red. It is not possible to delete naming and mandatory attributes (they are visible in the list! (surname is mandatory)). Check all attributes that need to be cleared.
In a template object there are attributes that belong to the template object and there are attributes that are used for the settings of the User object. See TID 2909062 on the Novell website.
See Appendix A for more information.

4.1.5. Password.

There are 6 options for settinging the password.

- Generate random
- Read from CSV-file only in combination wit csv-select file
- Use Password dll
- Use Template support dll only in combination with Template and a dll with password support
- Read from Passwod file
- Clear password.
You cab set the netware and/or groupwise password.
update user password The netware password will be updated.
update GW password The GW password will be updated, depending on the setting
"GW-passw is NDS passw"' ,,,,,,

4.1.6. Alias.

The program can create an alias for the users in the selection. You have to give the "context" where the aliases must be created and it is possible to prefix and/or suffix the "Username" with the given text. Leave prefix and suffix blanc if the Alias name must be the same as the user object.

4.1.7. Extra Groups.

On this page you can add groupmembership, organization roles, Groupwise Distribution Lists and Applicatians. On the right of the tab-page there is a scroll bar, on scrolling down the distribution and appliations options will show.

4.1.8. Source

Here you have to select which source the program uses for the information about the groups, roles etc. There are three options at the moment:

- Direct, Fill in the information in this tab-page, and the program will use it.
- Def-file, a def-file contains the information about the alias, groups etc, See the paragraph "Def-file" below. Fill in the filename to be used as the definition file in the box directly below the source option.
- CSV-file. This option is not supported yet.
-

4.1.9. Group Membership.

Set "add groupmembership" and add all the groups that need to be added. There is no option yet for creating groupmemberships with the CSV-file. This can also be done with the option Template where the group definitions are given in the template.

4.1.10. Organizational Role membership

Set "add roles" and add all the organizational roles that need to be added. There is no option yet for creating role memberships with the CSV-file.

4.1.11. Distribution List

Set "add Distribution Lists" and add all the Distribution lists add Groups (that are distribution lists).

4.1.12. Applications

Set "Add Applications" and add all the application opbject the user must have. At the bottom of the page, it is possible to set the association flags.

4.1.13. Def-file save and restore

to do:

4.2. Apple/Posix

 

4.3. Delete options.

There are three delete options:

- Delete user account, leave Groupwise account (not possible at the moment)
- Delete User and Groupwise account
- Delete Groupwise account but leave User-account.

4.4. Move

The program needs a "context mapping file"so It can map the old user context to the new context. There are three types of mapping:

- user dn to a new context
- a container to a new context
- top of a subtree to a new top of a subtree.
No other information is needed at the moment, new versions will need more info. The program will show a new tab "move" on the tab it is possible to create/select the mapping file.
Example:
Tree:
wb
+ dh
+ auta
+ hv
+ auta
+ subc
+ fina
+ civw
+ lb
+ auta
+ tw
+ auta
+ subc
+ fina
+ civw
mapping info:

old location

maps to


booj.auta.tw.wb

auta.lb.wb

different users from the same context to a different locatio

berm.auta.tw.wb

auta.hv.wb





auta.tw.wb

auta.dh.tw

all users to a new location (no checkmark before context)




tw.wb

hv.wb

top of subtree. (checksign before the context)

The program will first try to map the users to there new location, if there is no user extry, it will try to map the context of the user to the new location. If there is still no mapping it tries to find a "subtree mapping" If ther is still no mapping the move will fail. The order of the mapping rules are unimportant, the program will sort the mappings.
In the example:

- booj will go to auta.lb.wb
- berm will fo to auta.hv.wb
- all other users in auta will be moved to auta.dh.wb
- all users of subc.aut.tw.wb will be moved to subc.auta.hv.wb
- all users of fena and civw will be moved to there contexts under hv.
- all users directly in tw will be moved to hv.
It is possible to move users from one level to another level in the eDirectory.
At the moment the destination context must exist, otherwise the move will fail.

4.4.1. How to create a user mapping file.


Image
With the button create mapping file it is possible to create a mapping file for al users in the selected context of for just all the subcontexts. The program will also ask for the filename.
After creating the mappingfile the program will show the result in the left (source) column of the window above. Here you remove any context mapping that is not needed and add user of other context mappings.
Image
Select every context in the source column and select edit (or double click value). The program shows the following window:
Select the destination.
The program will add the current treename to the contexts, at the moment it is only possible to move user within the tree, in a next version the program can move (copy) users to a different tree. Don't forget to save the information (blue floppy on the right).
The structure of the mappingfile:

AUTA.TW.WB.TEST=AUTA.DH.WB.TEST;0
TW.WB.TEST=HV.WB.TEST;1
Booj.AUTA.TW.WB.TEST=AUTA.LB.WB.TEST;0
Berm.AUTA.TW.WB.TEST=AUTA.LB.WB.TEST;0

On the left is the old context (extended with the treename) and on the rights after the = there is the new context (extended with the treename) followed by ;0 or ;1. A "1" means top of subcontext tree. It is possible to create a mappingfile by hand, as long as the stucture is ok.

4.4.2. Select an existing mappingfile.

Use the selection button on the right of the filename field. After selecting the mappingfile the program will show the information. It is possible to change the information. Don't forget to save the changed information.

This page will be moved to the maintab "other"so it can be used for moving Homedirectories and Extradir in future versions (especially inter tree move/copy).

4.5. Export.

This function lets you export all the simple text, numeric and time attributes. Typedname and other attributes will be supported in a future version.

 

On the general tab there are no usefull fields that can be set. On the new tab "Export" you can select which attributes must be exported. The program will create one of more exportfiles, depending on the definitions of the attributes in the eDirectory and the file m2s.txt. Many attributes in the eDirectory can contain more than one value e.g. MemberShip (the groups a user is member of).
The program will create an extra file for every multivalue attribute in the selection. At the moment only 19 multivalue values can be exported during one run, all single valued values are saved in the first file.
Why does the program create a file for every multivalue attribute?

In the first file the program will create a record for every user in the selection list, in the record are all the single value attributes. The records starts with one or two fields depending on the setting "cn+context" or "dn".The diffrence is that with cn+context there are two fields, the first will contain the commonname the second field the context of the user. The combination will be a unique key. If you don't want the cn and context seperate, you can select the "dn" of the user in this case there is only one field with the fullname of the user. This will be a unique key. The program will create for every multivalue attribute a seperate file, the file will contain for every value of the attribute a record with the cn+context of dn and the value. So the combination of cn+context or dn can be used as a key in a relational database. If the multivalue attribute of an user is empty then there is not record in the export file for that user.
Multivalue attributes can be very usefull (file groupmembership), but there are also a lot of attributes like givenname, surname that are multivalue but will contain (in most cases) only one value. In the file m2s.txt it is possible to "force" a multivalue attribute into a singlevalue attribute, the program will put those attributes in the first file.
Part of the m2s.txt file (in the program directory)

employeeStatus=0
employeeType=0
Entrust:User=0
Equivalent To Me=1
Full Name=0
Given Name=0
Group Membership=1
Higher Privileges=0
homePhone=0
Initials=0
instantMessagingID=0

If a multivalue attribute is set to 0, then the program treats the attribute as a singlevalue attribute. If a mltivalue attribute is set to 1 or is not in the file, then the program treats is as a normal multivalue attribute.

internationaliSDNNumber=0
Internet EMail Address=0
IWS:User Comment=0

-

Image

The black attributes are single valued attributes definitions in the eDirectory.
- Blue attributes are "forced "single valued" in the m2s.txt file.
- Green are multivalued atrributes
-
There is no support for auxiliary classes available at the moment.!

Image

Here the program will export Creator, givenname and groupmemberships:

On save there are three different "export file" formats:
- "value" <tab> "value" <tab> "value"
- "value" , "value" , "value"
- "value" ; "value" ; "value"

4.6. Check uniqueID.

The program checks it the uniqueID value in the eDirectory is unique in the selection.

4.7. Check CN length <20 (and unique).

This can be important if you use the CN value for apple user accounts