Creating Users Based on Group Membership
Novell Cool Solutions: Trench
By Kelvin Dam
Digg This -
Posted: 23 Jun 2004
Often administrators wish to have their eDirectory users created in remote applications based on a specific group membership. This is not without problems though, because the group membership is not queried into the DOM of the XML passed onto the engine, so the drivers don't recognize the object.
The solution is simple. Use the XML code below to build the create rule on the subscriber channel. The code matches on any desired group, and if there is no match, tries to match on an attribute that will never be there. Thus causing the CreateRule to veto.
Remember to add the "Group Membership" attribute to the Subscriber filter for the User Class!
<?xml version="1.0" encoding="UTF-8"?> <!-- CreateRule by Kelvin Dam, Qualitynet --> <!-- This CreateRule tests for matching of groups and if no hit, --> <!-- discards all other matches --> <!-- Remember to allow Group Membership to pass the Subscriber Filter --> <create-rules> <create-rule class-name="User" description="CreateRule1-Matches"> <match-attr attr-name="Group Membership"> <value><![CDATA[\YOUR-TREE\ORG\GroupName]]></value> </match-attr> </create-rule> <create-rule class-name="User" description="CreateRule2-Required"> <required-attr attr-name="AttributeThatWillNeverBeThere"/> </create-rule> </create-rules>
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com