Novell Home

Excluding OU's from Synchronization

Novell Cool Solutions: Tip
By Shayne Heidemann

Digg This - Slashdot This

Posted: 22 Feb 2006
 

Problem

A reader asked the following question:

"I can't see how to exclude entire OU's from synchronization. In eDirectory I have a single tree, with multiple small OU's (ie 50-100 users). I have one large (10,000+ user) OU, broken into smaller sub units (500-5000 users). This large OU is also a partition.

I want to synchronize users from all OU's except that one large OU into AD. The primary purpose is password synchronization (so I don't really need any additional info to synch), and I definitely don't want to add these 10,000+ user accounts to AD.

I can't find anywhere to associate only certain Containers. Could you please point me in the right direction?"

And here's the response from Shayne Heidemann ...

Solution

There are several ways to get this done.

DAMODIFIER is a program you can find on Cool Tools; just set the desired containers as "Do Not Process."

See http://www.novell.com/coolsolutions/tools/15754.html.

You could also do something like the following rule. It checks the container name; if it matches the rule, then it sets the DirXML association to Do Not Process and vetos the add.

 <rule>
  <description>Set local variable SrcDN so we can do a regex check on it in the next policy</description>
  <conditions>
   <and/>
  </conditions>
  <actions>
   <do-set-local-variable name="srcdn">
    <arg-string>
     <token-src-dn convert="true"/>
    </arg-string>
   </do-set-local-variable>
  </actions>
 </rule>
 <rule>
 
 
  <conditions>
   <or>
    <if-operation op="equal">add</if-operation>
    <if-operation op="equal">modify</if-operation>
   </or>
   <or>
    <if-local-variable mode="regex" name="srcdn" op="equal">.*\\Containername\\.*</if-local-variable>
   </or>
     </conditions>
  <actions>
      <do-remove-src-attr-value name="DirXML-Associations">
    <arg-value type="structured">
     <arg-component name="nameSpace">
      <token-text xml:space="preserve">2</token-text>
     </arg-component>
     <arg-component name="volume">
      <token-global-variable name="dirxml.auto.driverdn"/>
     </arg-component>
     <arg-component name="path"/>
    </arg-value>
   </do-remove-src-attr-value>
   <do-add-src-attr-value name="DirXML-Associations">
    <arg-value type="structured">
     <arg-component name="nameSpace">
      <token-text xml:space="preserve">0</token-text>
     </arg-component>
     <arg-component name="volume">
      <token-global-variable name="dirxml.auto.driverdn"/>
     </arg-component>
     <arg-component name="path"/>
    </arg-value>
   </do-add-src-attr-value>
   <do-veto/>
  </actions>
 </rule>
</policy>


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell