TestimonialLast summer we migrated our entire network from Windows NT to Windows 2003 in 7 weeks, using Windows XP for the workstations. One last job was left: In 2 days time, 300 colleagues and 3000 students would need to access the network. This meant that the user accounts would have to be created in Active Directory, put into the right OU and assigned to security groups. Also, students get their ow...  We help you!Want to know more? A price quote or online demo? Call us +852 - 2512 8491 sales@logon-int.com Give me an online demoTestimonialThe User Management tool is great for organizations with limited staff to allow user creation and Exchange mailbox creation without having to worry about giving staff members too much access to critical systems. Not to mention it is easy to use for the end users. James SeymourIndustrial Distribution Group Read more... |
Setting up user account group memberships on Novell eDirectoryTo setup user account group memberships on Novell eDirectory, you need to update the attributes of two directory service items: the user account and the group. This is specified by the eDirectory service schema. The following table shows the attribute updates in order to add a user account to a group:
Table 7: Required attribute value changes to update group membership in Novell eDirectory. The example project is not very user-friendly but shows exactly how to use the LDAP script actions. The example project can be found at the following location, relative to the UMRA Console program directory: .\Example Projects\LDAP\Novell\AddToGroup\Novell eDirectory - Add User To Group.ufp The UMRA application consists of a single project with a form and script. The form show some text fields and two input fields for the distinguished names of the user account and the group.
Figure 35: Form to enter the distinguished names of the user accounts and group. A more user-friendly form is available from the example project, described in the next topic. The values entered in the form input fields are stored in the variables %UserDN% and %GroupDN%. When the end-user clicks the Add button, the script of the project is executed. The script first initializes the session with the LDAP Server. Next, the modification data to update the user account attributes are initialized.
Figure 36 Script action to initialize the LDAP modification data to update user account attributes groupMembership and securityEquals. Two attributes of the user account, groupMembership and securityEquals are updated by adding the value of the distinguished name of the group (%GroupDN%).
Figure 37: Script action to update the attributes of the user account. Next, the attributes of the group are updated. This time, two attributes of the group, uniqueMember and equivalentToMe are updated by adding the value of the distinguished name of the user account (%UserDN%).
Figure 38 Script action to initialize the LDAP modification data to update group attributes uniqueMember and equivalentToMe. When the last action is executed successfully, the user account has become a member of the group.
Figure 39: Script action to update the attributes of the group. If the last action fails, it is advised to remove the values from the user account attributes that were added in the previous modification action. To keep the script clean and clear, this action is not part of the example script. The UMRA Service log file shows all of the action executed. |
