--
Peter
eDirectory Rules!
http://www.DreamLAN.com
>
> I have an app that determines if a user is logged in by examining the
> NetworkAddress attribute. If it is non-null (i.e., IP address in there),
> then I assume the user is logged in.
>
> Is this function no longer guaranteed in later releases?
>
> Does anyone have information on this? Was there a particular release
> where this functionality changed, such that I can't rely on it anymore?
>
> Are there alternatives or workarounds available? I remember hearing
> about an event model interface/API that could perform this function..
>
> Thanks for any help.
>
> Steve
>
> [note: I posted this in Windows eDir forum also. Sorry for spam]
you can disable update of login attributes via iMonitor, some 8.8x version did that by default, some TIDs explain how to reaktivate it. Also, LDAP binds on 8.8x bypass NMAS by default, thus not updating "Network Address", again some TIDs explain how to enable that. Relyability is another issue, there are variou TIDs that explain under which circumstances the attribute might remian set even with the user being logged out. and finally, some platforms (esp. Linux) set that attribute incl. the port number, which might break your app because you cannot search on those values with the IP part only, and the port is a random high port in the 5-digit range (can be worked around with IDM if you are licensed). Here's something to read for further details:
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=3560430&sliceId=1&docTypeID=DT_TID_1_1&dialogID=109265890&stateId=0%200%20109267560
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=3126075&sliceId=1&docTypeID=DT_TID_1_1&dialogID=109265890&stateId=0%200%20109267560
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=10087899&sliceId=&docTypeID=DT_TID_1_1&dialogID=109265890&stateId=0%200%20109267560
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=10065058&sliceId=&docTypeID=DT_TID_1_1&dialogID=109265890&stateId=0%200%20109267560
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001262&sliceId=1&docTypeID=DT_TID_1_1&dialogID=109265890&stateId=0%200%20109267560
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000533&sliceId=1&docTypeID=DT_TID_1_1&dialogID=109265890&stateId=0%200%20109267560
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001188&sliceId=1&docTypeID=DT_TID_1_1&dialogID=109265890&stateId=0%200%20109267560
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=3618317&sliceId=1&docTypeID=DT_TID_1_1&dialogID=109265890&stateId=0%200%20109267560
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=10092006&sliceId=&docTypeID=DT_TID_1_1&dialogID=109265890&stateId=0%200%20109267560
Cheers, Lothar
> I have an app that determines if a user is logged in by examining the
> NetworkAddress attribute. If it is non-null (i.e., IP address in there),
> then I assume the user is logged in.
>
> Is this function no longer guaranteed in later releases?
IMHO, that hasn't been reliable since NDSv7 in 2000. But nothing has
changed that I know of to make it more or less reliable now than it has
been at any other time in the last 10 years.
> Does anyone have information on this? Was there a particular release
> where this functionality changed, such that I can't rely on it anymore?
There's a setting you can change in iMonitor to disable update of login
attributes. If you haven't turned that off, then you should be getting
Network Address attributes. You might search the forums here for older
discussions of "stuck" Network Address values.
There was also a thread, recently, with a few people reporting that they
weren't getting Network Address values at all, but I have not (so far)
been able to reproduce that symptom here. You might revue that thread for
details to see if it matches what you're seeing.
> Are there alternatives or workarounds available? I remember hearing
> about an event model interface/API that could perform this function..
LDAP persistant search would be one way to do it, maybe. I don't know if
that would work or not, because it would be hooking in to get changes in
attribute values, but if you're not seeing the value change (create),
then I'm thinking that the event engine wouldn't see it either.
You could set up an IDM "Null" driver and see if that would catch the
Network Address being added when a user logs in. That could be an
interesting test.
--
---------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Novell Knowledge Partner http://forums.novell.com
Please post questions in the newsgroups. No support provided via email.
> You could set up an IDM "Null" driver
But its still event-based, though - so if the attribute isn't getting
updated, no event trigger?
> David Gersic wrote:
>
>> You could set up an IDM "Null" driver
>
> But its still event-based, though - so if the attribute isn't getting
> updated, no event trigger?
Right. I'm wondering if it's a case of "it never gets created" or one of
"it gets created then removed immediately afterward". Without something
hooked in to the event system, we can't tell for sure. And since the
relevant API (NWDSRegisterForEvent) is only published on NetWare, and
this is the edir.linux group, that means IDM is the only way to get
something hooked in to the event queue.
> means IDM is the only way to get
> something hooked in to the event queue.
You can do it via LDAP ...
> I've heard LDAP provides the ability
> to register for call-backs/events to monitor login and logout. Am I
> correct about that? Where could I get information about this method?
It is not native to LDAP but its a Novell extension so you need to use
Novell's LDAP NDK (http://developer.novell.com).