Login scripts are properties of User objects, Profile objects and Container objects in eDirectory. Consequently, only User objects, Profile objects, and Container objects can contain login scripts. This, in turn, largely determines where login scripts can be located.
The following figure shows how the different types of login scripts can reside in an eDirectory tree and how they affect users.
Figure 1-1 Where Different Types of Login Scripts Can Reside
In the figure, there are three users: ESAYERS, SWILLIAMS, and MRICHARD. The following explains which login scripts execute when each of these users logs in:
User ESAYERS: The SALES_PV container login script executes first, followed by ESAYERS's user login script.
User SWILLIAMS: The SALES_PV container login script executes first, followed by the default login script.
User MRICHARD: The ACCOUNTING container login script executes, followed by the CLERKS profile login script, and then the MRICHARD user login script.
Container login scripts affect only users immediately below the Organization or Organizational Unit that contains the login script.
For example, in the previous figure, although there are two levels of container objects above users ESAYERS and SWILLIAMS, only the script for the container they are in (OU=SALES_PV) executes when they log in.
If the SALES_PV Organizational Unit had no container login script defined, no container login script would execute for ESAYERS and SWILLIAMS, even though a container login script exists at a higher level.
Because user SWILLIAMS has no user login script defined, the default login script executes after the container login script.
Because user MRICHARD belongs to the profile CLERKS, the CLERKS profile login script executes before the MRICHARD user login script. Users can be assigned to only one Profile object, but there are ways to get around this restriction. See Getting Around the One User and One Profile Login Script Restriction.