Article

lhaeger's picture
article
Reads:

3206

Score:
0
0
 
Comments:

0

Checking Password Sync between Systems, in Bulk

Author Info

21 February 2007 - 4:43am
Submitted by: lhaeger

Author Blog
Author Profile

Tags

Tags Map

(View Disclaimer)

Problem

A Forum reader recently asked:

"Does anyone know of a tool where you can check password sync between systems in bulk?"

And here's the response from Lothar Haeger ...

Solution

For two synced eDirectory trees, you can build a password check policy into the driver and trigger. For example, you can do this from a helper attribute that you can bulk-set with iManager. The sync status can then be written back to the helper attribute. Finally, you can turn the results into an Excel spreadsheet with Wolfgang Schreiber's excellent dsreport.exe (see www.novell.com/coolsolutions/tools/1448.html).

The policy would look something like this:

	<rule>
	<description>Read</description>
	<conditions>
		<and>
			<if-op-attr mode="nocase" name="PwInSync" op="changing-to">check</if-op-attr>
			<if-association op="associated"/>
		</and>
	</conditions>
	<actions>
		<do-set-local-variable name="srcpw">
			<arg-string>
				<token-src-attr name="nspmDistributionPassword"/>
			</arg-string>
		</do-set-local-variable>
		<do-set-local-variable name="destpw">
			<arg-string>
				<token-dest-attr name="nspmDistributionPassword"/>
			</arg-string>
		</do-set-local-variable>
		<do-set-src-attr-value name="PwInSync">
			<arg-value>
				<token-local-variable name="false"/>
			</arg-value>
		</do-set-src-attr-value>
	</actions>
</rule>

<rule>
	<description>Compare</description>
	<conditions>
		<and>
			<if-local-variable name="srcpw" op="available"/>
			<if-xpath op="true">$srcpw=$destpw</if-xpath>
		</and>
	</conditions>
	<actions>
		<do-set-src-attr-value name="PwInSync">
			<arg-value>
				<token-local-variable name="true"/>
			</arg-value>
		</do-set-src-attr-value>
	</actions>
</rule>

Systems without reversible passwords would be a bit more challenging, I guess ...


Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.



Related Articles


User Comments

© 2013 Novell