Novell Home

Dynamic Groups and IDM

Novell Cool Solutions: Tip
By Rob Schneider

Digg This - Slashdot This

Posted: 17 Aug 2005
 

Problem

We need to deploy software to small subsets of an OU. At these large sites, we have dozens of subnets, and as many as 2500 workstations. We could create groups, but maintaining them would be a burden. Also, dynamic groups won't work with current ZENworks releases.

Solution

We harnessed the power of Identity Manager (IDM) to make pseudo-dynamic groups. In each large-site container, we created eight Software Deployment Workstation Groups. Membership in any group is determined by the last octet of the workstation IP address. Group 1 includes any WS with a fourth octet from 1-32; second group from 33-64, and so on.

When a workstation registers, IDM checks the network address. Then, parsing the current DN, it creates a destination DN for the proper group membership. Next it queries the new Group to see if the workstation is already a member. If it is, IDM vetoes it. If not, the WS is removed from the original group and placed in the new group.

Voila - dynamic groups based on IP address, against which we can deploy ZENworks apps.

Normally, IDM is considered a link from one DB to another, but this model treats changes in one DB as a trigger to take action within the same DB.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell