Setting up user account group memberships on Novell eDirectory

To setup user account group memberships on Novell eDirectory, you need to update the attributes of two directory service items: the user account and the group. This is specified by the eDirectory service schema.

The following table shows the attribute updates in order to add a user account to a group:

Table 7: Required attribute value changes to update group membership in Novell eDirectory.

The example project is not very user-friendly but shows exactly how to use the LDAP script actions. The example project can be found at the following location, relative to the UMRA Console program directory:

.\Example Projects\LDAP\Novell\AddToGroup\Novell eDirectory - Add User To Group.ufp

The UMRA application consists of a single project with a form and script. The form show some text fields and two input fields for the distinguished names of the user account and the group.

Figure 35: Form to enter the distinguished names of the user accounts and group.

A more user-friendly form is available from the example project, described in the next topic.

The values entered in the form input fields are stored in the variables %UserDN% and %GroupDN%.

When the end-user clicks the Add button, the script of the project is executed. The script first initializes the session with the LDAP Server. Next, the modification data to update the user account attributes are initialized.

Figure 36 Script action to initialize the LDAP modification data to update user account attributes groupMembership and securityEquals.

Two attributes of the user account, groupMembership and securityEquals are updated by adding the value of the distinguished name of the group (%GroupDN%).

Figure 37: Script action to update the attributes of the user account.

Next, the attributes of the group are updated.

This time, two attributes of the group, uniqueMember and equivalentToMe are updated by adding the value of the distinguished name of the user account (%UserDN%).

Figure 38 Script action to initialize the LDAP modification data to update group attributes uniqueMember and equivalentToMe.

When the last action is executed successfully, the user account has become a member of the group.

Figure 39: Script action to update the attributes of the group.

If the last action fails, it is advised to remove the values from the user account attributes that were added in the previous modification action. To keep the script clean and clear, this action is not part of the example script.

The UMRA Service log file shows all of the action executed.