|
| Populating POSIX attributes to eDir accounts |
 |
Thu, 29 Nov 2007 14:42:40 GMT |
We are trying to implement eDirectory authentication on our AIX box.
Currently we have about 1,800 users in our AIX passwd file, so I don't
want to have to manually add the POSIX attributes for all of the users
using the ConsoleOne UNIX snapin.
I have developed a VB.NET program using the Novell ActiveX NDAP control to
populate the uidNumber, gidNumber and homeDirectory attributes for each
eDirectory account which I have retrieved from the AIX passwd file. My
issue is that the program works if the attributes have been previously
populated using the ConsoleOne UNIX snapin. However, my program fails
with an error 608 (illegal directory field) when it tries to populate the
gidNumber, uidNumber and homeDirectory attributes of an account that has
never been touched by the ConsoleOne UNIX snapin. A snippet of the source
code is below:
'The login_name variable contains the login name retrieved form the
AIX passwd file.
'The context variable contains the users' context in NDAP format.
nwdir1.FullName = context
Try
Entry = nwdir1.Entries.Item(login_name)
Catch ex As Exception
'The login_name could not be found.
Continue Do
End Try
Entry.SetFieldValue("uidNumber", uidNumber)
Entry.SetFieldValue("gidNumber", gidNumber)
Entry.SetFieldValue("homeDirectory", "\home\" &
login_name)
Entry.Update()
|
| Post Reply
|
| Re: Populating POSIX attributes to eDir accounts |
 |
Thu, 29 Nov 2007 15:51:27 GMT |
These attributes belong to the auxiliary class 'posixAccount' which must be
added to the user objects before adding the attributes.
Read the user attribute "Object Class", add the value
"posixAccount", and
save it back before or when doing the other attribute changes.
Wolfgang
|
| Post Reply
|
| Re: Populating POSIX attributes to eDir accounts |
 |
Wed, 05 Dec 2007 16:33:19 GMT |
Thanks Wolfgang, worked like a champ. I modified my VB.NET code to add
the string "posixAccount" to the Object Class attribute of the user
object
prior to populating the uidNumber, gidNumber and homeDirectory attributes.
My working code is as follows:
'Populate the gidNumber, uidNumber and homeDirectory POSIX attributes
for
'an eDirectory account. The variable context will contain the
eDirectory
'context of the user object in NDAP format. The variable Login_Name
will
'contain the eDirectory account name.
context = rs.Fields("context").Value
Try
nwdir1.FullName = context
catch ex As Exception
'The context could not be found.
Continue Do
End Try
Try
Entry = nwdir1.Entries.Item(login_name)
Catch ex As Exception
'The login_name could not be found.
Continue Do
End Try
'See if the posixAccount object class has been added already.
vnt = Entry.GetFieldValue("object class", "", True)
found = False
For x = 0 To UBound(vnt)
If LCase(vnt(x).ToString) = "posixaccount" Then
found = True
Exit For
End If
Next
If Not found Then
'The user is not ssociated with the posixAccount class.
Entry.AddFieldValue("Object Class", "posixAccount")
End If
Entry.SetFieldValue("uniqueid", login_name)
Entry.SetFieldValue("uidNumber", uidNumber)
Entry.SetFieldValue("gidNumber", gidNumber)
Entry.SetFieldValue("homeDirectory", "home" &
login_name)
Entry.Update()
If there are any other attributes that I should be setting, please let me
know.
I also have another question regarding the future of the NDAP / LDAP
ActiveX controls. I have developed about 40 VB 6 / VB.NET applications
that rely on these controls to manage our eDirectory tree and integrate
eDirectory with our ERP solution. Since Novell is not actively developing
/ supporting these controls anymore, what alternative technology is there
for manipulating eDirectory using Microsoft VB.NET?
In my opinion it's critical that Novell continue to offer a way of
programmatically accessing eDirectory, the NSS file system and GroupWise
using Microsoft development environments. Most programmers are not going
to re-tool to develop LINUX applications when the usability of development
tools / environments available on LINUX is not even remotely close to what
Microsoft offered with Visual Studio 6, let alone VS 2005. Furthermore
most end users are currently running Windows, not LINUX. So programmers
who develop client as well as server based applications would have to have
a dual skill set. If eDirectory isin't going to be accessible using
Microsoft development tools, we need a new directory that is.
|
| Post Reply
|
|
|
|
|
|
|
|
|
|