Novell Home

Creating Users Based on Group Membership

Novell Cool Solutions: Trench
By Kelvin Dam

Digg This - Slashdot This

Posted: 23 Jun 2004
 

The Problem

Often administrators wish to have their eDirectory users created in remote applications based on a specific group membership. This is not without problems though, because the group membership is not queried into the DOM of the XML passed onto the engine, so the drivers don't recognize the object.

The Solution

The solution is simple. Use the XML code below to build the create rule on the subscriber channel. The code matches on any desired group, and if there is no match, tries to match on an attribute that will never be there. Thus causing the CreateRule to veto.

Remember to add the "Group Membership" attribute to the Subscriber filter for the User Class!

<?xml version="1.0" encoding="UTF-8"?>
<!-- CreateRule by Kelvin Dam, Qualitynet -->
<!-- This CreateRule tests for matching of groups and if no hit, -->
<!-- discards all other matches -->
<!-- Remember to allow Group Membership to pass the Subscriber Filter -->
<create-rules>
     <create-rule class-name="User" description="CreateRule1-Matches">
          <match-attr attr-name="Group Membership">
               <value><![CDATA[\YOUR-TREE\ORG\GroupName]]></value>
          </match-attr>
     </create-rule>
     <create-rule class-name="User" description="CreateRule2-Required">
          <required-attr attr-name="AttributeThatWillNeverBeThere"/>
     </create-rule>
</create-rules>


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell