12.4 Microsoft Active Directory Attribute Special System Variables

The ZENworks Application Window supports special system variables that pull information from the attributes of the currently logged-in user.

The following sections explain the system variable syntax and provide examples:

12.4.1 Syntax

Active Directory attribute special system variables use the following syntax:

%active-directory_attribute%

Table 12-5 Special System Variable Syntax

Element

Description

%

Flags the text as a system variable. The entire system variable must be enclosed in% characters.

active-directory_attribute

Defines the attribute to be read.

NOTE:For compatibility with traditional ZENworks, the special system variables can also be specified in one of the following formats:

  • %system_variable%

    For example, %Street%

  • %*system_variable%

    For example, %*Street%

12.4.2 Examples

The following table provides examples of Active Directory attribute system variables.

Table 12-6 Special System Variable Examples

Special System Variables

Description

%CN%

Returns the common name of the currently logged-in user.

%OU%

Returns the organizational unit name for the currently logged-in user.

%Full Name%

Returns the full name of the currently logged-in user.

%Surname%

Returns the last name of the currently logged-in user.

%Street%

Returns the street address of the currently logged-in user.

The remaining special system variables that are predefined by ZENworks are available in the following locations:

  • On Windows: ZENworks_Home/novell/zenworks/datamodel/authsource/active-directory-users.zls.xml

  • On Linux: /etc/opt/novell/zenworks/datamodel/authsource/active-directory-users.zls.xml

12.4.3 Configuring the Active Directory Attribute Special System Variables

To use Active Directory attributes as a reference in the special system variables, use the following procedures:

On the Active Directory Server

To map existing or new attributes defined in the Active Directory schema, see the Microsoft TechNet Library.

On the ZENworks Server

  1. Edit the sample file to create a file that contains the attribute that you want to use with ZENworks:

    • On Windows: ZENworks_Home/novell/zenworks/datamodel/authsource/active-directory-users-additional.zls.xml.sample

    • On Linux: /etc/opt/novell/zenworks/datamodel/authsource/active-directory-users-additional.zls.xml.sample

  2. Add an entry for the attribute that you want to use with ZENworks. For example:

    <attribute name="ZEN" ldapName="employeeID" builder="com.novell.zenworks.datamodel.session.jndi.builder.StringAttributeBuilder" />
    

    Replace ZEN with the attribute that you want to use with ZENworks and replace EmployeeID with the LDAP Display Name in Active Directory. If the Active Directory common name for this attribute is defined as Employee-ID, ZEN now maps to the attribute Employee-ID.

    You must use the right builder, depending on whether the syntax is a string, integer, or Boolean. The active-directory-users-additional.zls.xml.sample file lists the different type of builders.

  3. Save the sample file as active-directory-users-additional.zls.xml.

  4. Replace the active-directory-users-additional.zls.xml file on all the Primary Servers in the Management Zone.

  5. Restart the zenserver service.

Sample Scenario

Create a bundle with an action that references the special system variable and that runs in the user impersonation mode. For example:

  1. Create a bundle with a Run Script action that references the special system variable ${ZEN} and has the executable security level set to Run as logged in user.

  2. Perform the bundle assignment.

    When the action is executed on the managed device, the value of the LDAP attribute is substituted for the special system variable.

In the example, the employee id stored in the Employee-ID attribute is substituted for the special system variable, ${ZEN}. Consequently, when the action is executed on the managed device, the employee ID stored in the Employee-ID attribute is displayed on the device.