Re: Lookup/Edit eDirectory from login script
a...@novell.com
Hash: SHA1
Well a couple thoughts come to mind. First you could have your
"attribute" be a group membership which you could then check via a Login
Script I believe. For example you could have a group of 'acceptedAUP' and
if your user is not a member of that group (checked via Login Script) you
could display it. If it is "confirmed" (I'm assuming you have some
application to display the agreement and now accept the confirmation) then
that same application could also add the user to the group somehow. This
part would require the application to somehow have rights to do this which
may be tricky. It could start a workflow or you could just grant rights
to an identity outright and hard-code those credentials into the
application very carefully so users can't get access to it. Be sure if
you do this to modify both the user and group side as the objects refer to
eachother and may both need to be modified properly.
Novell SecureLogin may do this for you. I am fairly sure it can read user
attributes and act based on them, and then I think it may also be able to
write back to eDirectory and even if it cannot you could write it to call
a program with secret (known only to you as the administrator and it
(SecureLogin)) credentials to make the group/user modification or user
attribute modification.
Good luck.
lissa12 wrote:
> I've been looking for an application that will do this (to no avail) -
> Novell's MOTD comes close but not quite close enough.
>
> I hope you might have some ideas (of where else to look, or maybe a
> homegrown solution).
>
> When a user logs into Netware I want something (presumably a login
> script) to look up a database (presumably edirectory) to see if a
> particular attribute is set.
>
> This attribute will indicate whether the user has already accepted the
> terms and conditions for system use (AUP)
>
> If the attribute isn't set then the script displays the AUP and the
> user must confirm. The script updates the attribute in edirectory.
>
> If the attribute is set then the AUP isn't displayed and the user can
> log in directly.
>
> Questions:
>
> 1. Is there an off the shelf App that will do this (we can slot this
> into whatever login script is currently running)
>
> 2. Is it possible to do this using the Netware Login Script (can this
> interact directly with eDirectory) - Maybe there's a diffreent
> scripting option which can interact directly.
>
> 3. Or should I give up on Netware doing it and try to cobble something
> together using Windows registry and VB, or maybe just use a mapped
> drive and 'touch' a file (doesn't scale well though).
>
> Any ideas gratefully received
>
> Brightwell
>
>
>
> 'donations online'
> (http://www.convio.com/products/convio-online-marketing/convio-fundraising-and-donations.html)
> 'professional resume writer' (http://www.resumein1hour.com/)
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIcBAEBAgAGBQJKFAXfAAoJEF+XTK08PnB5kSAQANJtHZUYcZg2UyDiBbfWssA2
vNIGxPHxnNCA+ItoEc6j9tjlC4exVrs1cwgswv/69/h9OkZ08sRi4z8jKVEqokLp
Rr4vovnT9ATMr+6+GUbj7ke9cfKoiHZFtvBLhHOUoyT4OCanIA3au7mKC2Uy5PKm
c61YFAXdq+VjXmCNNcpsjSS3CtQfKRDX6u4emXKEy4uVHbdFM/qlxZn/yATOzIkl
b42zNS6kUGQ+W7lGefEncZlvqNim9kYpOJ1tgn8cMPL/tq33ejPeLvPjmjYeiS5o
CqmSpCa8CrsYAE7TN3mEDaaF4tjpYRYGskLF65muBA5IU+ajuAfp/V/2yJ3gQAb6
KFid74I6FPX7lUDl7j4J0lZzcQssqOzJBK55o+/xO3z1F9QIJU9gES7CnzXFOmX3
aQn2FDnYYjN7Qk7W9wftBx0HOlXqLZxp8Rr++drUYDKySOIcJZ/mY5QU/qe9jY5q
S5Mk9hDmJWl+zMKBit1ThWEUNmmq+NiRmkHwFN7d/ehVoQOG4IE0ehPkHADTO6HZ
oOMOV3oemj1A5NwxF2TX8ZSpotMSgsryAfXArO3roi1cNJrs216ndE925QxgBEyQ
t+r3aGce0YbT/Go5CNcxrJ78smFUyGOGzrfq9/MZARJdZw80BxFeGB+ETWOPK7q4
LJ0sFKBBmAz4kmaTzoJ+
=5gpo
-----END PGP SIGNATURE-----