Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: Default networkAddress attr. no longer set w/ login?

5 views
Skip to first unread message

Peter Kuo

unread,
Dec 10, 2009, 7:31:21 PM12/10/09
to
This function is not guaranteed for ANY version of eDir as there has been
a long running 'battle' over the non-population of the network address
attribute by various people over the years.


--


Peter
eDirectory Rules!
http://www.DreamLAN.com

Lothar Haeger

unread,
Dec 11, 2009, 4:07:19 AM12/11/09
to
-------------- sklekas wrote:

>
> I have an app that determines if a user is logged in by examining the
> NetworkAddress attribute. If it is non-null (i.e., IP address in there),
> then I assume the user is logged in.
>
> Is this function no longer guaranteed in later releases?
>
> Does anyone have information on this? Was there a particular release
> where this functionality changed, such that I can't rely on it anymore?
>
> Are there alternatives or workarounds available? I remember hearing
> about an event model interface/API that could perform this function..
>
> Thanks for any help.
>
> Steve
>
> [note: I posted this in Windows eDir forum also. Sorry for spam]

you can disable update of login attributes via iMonitor, some 8.8x version did that by default, some TIDs explain how to reaktivate it. Also, LDAP binds on 8.8x bypass NMAS by default, thus not updating "Network Address", again some TIDs explain how to enable that. Relyability is another issue, there are variou TIDs that explain under which circumstances the attribute might remian set even with the user being logged out. and finally, some platforms (esp. Linux) set that attribute incl. the port number, which might break your app because you cannot search on those values with the IP part only, and the port is a random high port in the 5-digit range (can be worked around with IDM if you are licensed). Here's something to read for further details:

http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=3560430&sliceId=1&docTypeID=DT_TID_1_1&dialogID=109265890&stateId=0%200%20109267560
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=3126075&sliceId=1&docTypeID=DT_TID_1_1&dialogID=109265890&stateId=0%200%20109267560
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=10087899&sliceId=&docTypeID=DT_TID_1_1&dialogID=109265890&stateId=0%200%20109267560
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=10065058&sliceId=&docTypeID=DT_TID_1_1&dialogID=109265890&stateId=0%200%20109267560
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001262&sliceId=1&docTypeID=DT_TID_1_1&dialogID=109265890&stateId=0%200%20109267560
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000533&sliceId=1&docTypeID=DT_TID_1_1&dialogID=109265890&stateId=0%200%20109267560
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001188&sliceId=1&docTypeID=DT_TID_1_1&dialogID=109265890&stateId=0%200%20109267560
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=3618317&sliceId=1&docTypeID=DT_TID_1_1&dialogID=109265890&stateId=0%200%20109267560
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=10092006&sliceId=&docTypeID=DT_TID_1_1&dialogID=109265890&stateId=0%200%20109267560

Cheers, Lothar

David Gersic

unread,
Dec 11, 2009, 9:14:27 AM12/11/09
to
On Thu, 10 Dec 2009 23:16:02 +0000, sklekas wrote:

> I have an app that determines if a user is logged in by examining the
> NetworkAddress attribute. If it is non-null (i.e., IP address in there),
> then I assume the user is logged in.
>
> Is this function no longer guaranteed in later releases?

IMHO, that hasn't been reliable since NDSv7 in 2000. But nothing has
changed that I know of to make it more or less reliable now than it has
been at any other time in the last 10 years.


> Does anyone have information on this? Was there a particular release
> where this functionality changed, such that I can't rely on it anymore?

There's a setting you can change in iMonitor to disable update of login
attributes. If you haven't turned that off, then you should be getting
Network Address attributes. You might search the forums here for older
discussions of "stuck" Network Address values.

There was also a thread, recently, with a few people reporting that they
weren't getting Network Address values at all, but I have not (so far)
been able to reproduce that symptom here. You might revue that thread for
details to see if it matches what you're seeing.


> Are there alternatives or workarounds available? I remember hearing
> about an event model interface/API that could perform this function..

LDAP persistant search would be one way to do it, maybe. I don't know if
that would work or not, because it would be hooking in to get changes in
attribute values, but if you're not seeing the value change (create),
then I'm thinking that the event engine wouldn't see it either.

You could set up an IDM "Null" driver and see if that would catch the
Network Address being added when a user logs in. That could be an
interesting test.


--
---------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Novell Knowledge Partner http://forums.novell.com

Please post questions in the newsgroups. No support provided via email.

Peter Kuo

unread,
Dec 11, 2009, 8:01:43 PM12/11/09
to
David Gersic wrote:

> You could set up an IDM "Null" driver

But its still event-based, though - so if the attribute isn't getting
updated, no event trigger?

David Gersic

unread,
Dec 11, 2009, 9:59:22 PM12/11/09
to
On Sat, 12 Dec 2009 01:01:43 +0000, Peter Kuo wrote:

> David Gersic wrote:
>
>> You could set up an IDM "Null" driver
>
> But its still event-based, though - so if the attribute isn't getting
> updated, no event trigger?

Right. I'm wondering if it's a case of "it never gets created" or one of
"it gets created then removed immediately afterward". Without something
hooked in to the event system, we can't tell for sure. And since the
relevant API (NWDSRegisterForEvent) is only published on NetWare, and
this is the edir.linux group, that means IDM is the only way to get
something hooked in to the event queue.

Peter Kuo

unread,
Dec 11, 2009, 10:43:15 PM12/11/09
to
David Gersic wrote:

> means IDM is the only way to get
> something hooked in to the event queue.

You can do it via LDAP ...

Peter Kuo

unread,
Dec 22, 2009, 7:45:39 PM12/22/09
to
sklekas wrote:

> I've heard LDAP provides the ability
> to register for call-backs/events to monitor login and logout. Am I
> correct about that? Where could I get information about this method?

It is not native to LDAP but its a Novell extension so you need to use
Novell's LDAP NDK (http://developer.novell.com).

0 new messages