When we create users in eDir the Home Dir path in MAD needs to be a CIFS share path to the NSS home dir.
Our environment is complex, with various paths servers and volumes depending on username. This, coupled with lots of CIFS share names, would make manipulating the strings with IDM tricky. The home directory attribute in eDirectory is multi-valued, and you would need some clever IDM logic to manipulate the values to create the correct CIFS share path.
I have come up with a working solution as follows ...
1. On user registration in eDirectory, create/use a redundant attribute in the User class and popluate that with the CIFS share path. For testing purposes I have used the 'Description' attribute here.
2. Use IDM to remap the attribute 'homeDirectory' in MAD to 'Description' in eDirectory. You do this in the Subscriber 'Schema Mapping Policies' -
3. Populate the homeDrive attribute in MAD with the appropriate drive letter to mount the user home directory. This is done in the Subscriber 'Output Transformation Policies'. I made it a 'U' drive in this case (see below).
4. In the same policy rule, copy the 'homeDirectory' attribute to the 'profilePath' attribute and append the text 'Windows NT 5.1 Workstation Profile'. This enabled the path to our roaming profiles in the user home directory -
<description>home drive letter</description>
<if-attr name="homedirectory" op="available"/>
<do-add-dest-attr-value class-name="User" name="homeDrive">
<do-add-dest-attr-value class-name="user" name="profilePath">
<token-text xml:space="preserve">\Windows NT 5.1 Workstation
I can now log in to Windows Vista business or Windows XP, authenticating to the Windows 2003 Domain Controller. My NSS home directory is mounted with CIFS automatically to the 'U' drive, from where it picks up my roaming profile.
- Subscriber - Netware 6.5 SP6, eDirectory
- Publisher - Windows 2003 server MAD
- IDM 3.5
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.