Evaluating Xserve to replace Novell eDirectory / Groupwise

Hello all,
I just wanted to get a feel for the capabilities of OS X Server. I've recently installed a new Xserve and have it providing DNS / DHCP / NAT / Print / Open Directory and Windows services. Today, I was able to get a Windows machine to authenticate to this machine and set up a roaming profile / home directory (after much research!) We also use Linux clients, and will probably start adding OS X clients to the network as well.
I am looking to replace our current Novell eDirectory file / print services with OS X Server, and coming from that, I was wondering a couple of things.
First off, can OS X Server provide automatic drive mapping / mounts to Windows / Linux clients? Currently, when a user logs into our Novell server, they get all their drives mapped automatically as part of a login script. These drives are just shares on the Novell fileserver. I would like to replicate this action for our users with OS X Server. Is this possible?
Secondly, users logging into Novell get all their printers set up when they connect to the server. They don't have to add them, they just show up. Is there a way to make OS X Server provide the same service to Windows clients?
Finally, can you set up Open Directory users to only have access to certain printers / drives etc? I know you can set up shares and access lists and all this, but I want to be able to define that by group or by user. For example, I want user X who is a developer to get access only to developer shares and developer printers, so I would think I could set up a group with those privileges and just assign that user to the "group" and they automatically get it. Can this be done is OS X?
Most of our users are on Windows, and basically I'd love to be able to get away from Novell (particularly license costs) and move to OS X Server, without having to teach 200 users how to add drive mapping and printers and such. I don't want to have to visit 200 workstations either, so I am hoping I can define all this on the server and make it happen per client as they log in. Apple touts OS X Server as a good replacement for Active Directory / Novell eDirectory services so I'm hoping that it lives up to my expectations.
Anyone care to chime in? Thanks, I look forwarding to making this work!
Joe Jenkins
Network Engineer
Davis Tool Inc
Xserve   Mac OS X (10.4.10)  

Hi
First off, can OS X Server provide automatic drive
mapping / mounts to Windows / Linux clients?
Currently, when a user logs into our Novell server,
they get all their drives mapped automatically as
part of a login script. These drives are just shares
on the Novell fileserver. I would like to replicate
this action for our users with OS X Server. Is this
possible?
If you launch WorkGroup Manager and click on the Windows tab there are settings there that should help you achieve what you want in some way.
Secondly, users logging into Novell get all their
printers set up when they connect to the server. They
don't have to add them, they just show up. Is there a
way to make OS X Server provide the same service to
Windows clients?
You can apply managed preferences for users defined in the Open Directory Node can access in terms of printers and quotas etc. There are some good 3rd-Party add-ons that can augment what is available also.
Finally, can you set up Open Directory users to only
have access to certain printers / drives etc? I know
you can set up shares and access lists and all this,
but I want to be able to define that by group or by
user. For example, I want user X who is a developer
to get access only to developer shares and developer
printers, so I would think I could set up a group
with those privileges and just assign that user to
the "group" and they automatically get it. Can this
be done is OS X?
See the previous answer.
Bear in mind that if these are networked printers on the same IP address range and subnet as the clients then anyone who knows how to add a network printer using Printer Setup Utility and/or has access to the local client admin account could bypass this easily. You could really lock things down by either physically connecting the printers to the server usings its second NIC or if they are USB printers use a USB hub.
If they are all the same printer type you could have a Pool of printers.
For example two to three Epson R800 Printers could be the Epson Pool. Users would access these printers as if they were just one printer. When a client sends a print job the server will spool it to the first printer. If the first printer runs out of paper or ink it will spool to the second printer and so on. The same thing would apply if more than one user decides to print at the same time. First person to the queue would get the first printer and so on. You could have a series of Printer Pools defined for a particular group that only users from that group can use.
Hope this helps – Tony

Similar Messages

  • SharePoint 2010 with LDAP authentication, using NOVELL eDirectory

    One of my customers needs a SharePoint application that allows people to authenticate with either an Active Directory account (internal staff) or a Novell eDirectory account (external customers).
    Using the following article as a base guide (http://blogs.technet.com/b/speschka/archive/2009/11/05/configuring-forms-based-authentication-in-sharepoint-2010.aspx)
    I configured a claims-based test application that had Windows authentication enabled and Forms based authentication (FBA) enabled (this is on a Windows 2008 server and not a domain controller)
    In the Membership provider name text box I entered "LdapMember"
    In the Role provider name  text box I entered "LdapRole"
    In the web.config for the SharePoint Central Admin, I modified/added the following details right before </system.web>
    <membership>
    <providers>
    <add name="LdapMember"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" >
    <providers>
    <add name="LdapRole"
    type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="sAMAccountName"
    dnAttribute="distinguishedName"
    groupFilter="((ObjectClass=group)"
    userFilter="((ObjectClass=person)"
    scope="Subtree" />
    </providers>
    </roleManager>
    I modified the SecurityTokenServiceApplication web.config with these details
    <system.web>
    <membership>
    <providers>
    <add name="LdapMemebr"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager enabled="true">
    <providers>
    <add name="LdapRole"
    type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="sAMAccountName"
    dnAttribute="distinguishedName"
    groupFilter="(&amp;(ObjectClass=group))"
    userFilter="(&amp;(ObjectClass=person))"
    scope="Subtree" />
    </providers>
    </roleManager>
    </system.web>
    I modified the web.config of the test application I created with these details
    <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
    <providers>
    <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
    <add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="cn"
    dnAttribute="dn"
    groupFilter="(&amp;(ObjectClass=group))"
    userFilter="(&amp;(ObjectClass=person))"
    scope="Subtree" />
    </providers>
    </roleManager>
    <membership defaultProvider="i">
    <providers>
    <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
    <add name="LdapMember" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    useDNAttribute="true"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    With all of this configured, I can go to the new test site, I do see the form where I can choose either Windows authentication or Forms authentication. I can successfully login with Windows authentication, but forms authentication gives me me an error.
    The server could not sign you in. Make sure your user name and password are correct, and then try again.
    I can successfully login to a LDAP management tool, using the same credentials I entered on the form, so I know the username and password being submitted are correct. I get the following items in the event viewer
    8306 - SharePoint Foundation - The security token username and password could not be validated.
    in the SharePoint trace logs - Password check on 'testuser' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated. and
    then this:
    Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)
    at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
    I monitored the LDAP server and did a packet-trace on the communication happening between the SharePoint server and the LDAP server and it is a bit odd. It goes like this:
    The SharePoint server successfully connects to the LDAP server, binding the ldapserviceid+password
    The LDAP server tells the SharePoint server it is ready to communicate
    the SharePoint server sends an LDAP query to the LDAP server, asking if the name entered in the form authentication page can be found.
    The LDAP server does the query, successfully finds the entered name and sends a success message back to SharePoint
    The LDAP server sends notification that it is done and is closing the connection that was bound to theldapserviceid+password
    The SharePoint server acknowledges the connection is closing
    ... and then nothing happens, except the error on SharePoint
    What I understand is that the SharePoint server, once it gets confirmation that the submitted username exists in LDAP, should attempt to make a new LDAP connection, bound to the username and password submitted in the form (rather than the LDAP service account
    specified in the web.config). That part does not seem to be happening.
    I am at a standstill on this and any help would be greatly appreciated.

    OK, our problem was resolved by removing any information about the ASP.NET role manager. Initially, we had information about a role manager defined in three different web.config files, as well as in the SharePoint Central Administration site, where there
    is the checkbox to Enable Forms Based Authentication (you see this when you first create the new SharePoint app, or afterwards by modifying the Authentication Provider for the app.) In either case, you will see two text boxes, underneath the checkbox item
    for enabling Forms Based Authentication:
    "ASP.NET Membership provider name"
    "ASP.NET Role manager name"
    We entered a name for Membership provider, and left Role manager blank.
    In the web.config for the SharePoint Central Administration site, the SecurityTokenServiceApplication app, and the web app we created with FBA enabled, we entered the following:
    <membership>
    <providers>
    <add name="LdapMember"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword="validpassword"
    useDNAttribute="false"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager>
    <providers>
    </providers>
    </roleManager>
    useDNAttribute="false" turned out to be important as well.
    So, for us to get LDAP authentication working between SharePoint 2010 and Novel eDirectory, we had to:
    leave anything related to the role provider blank
    configure the web.config in three different applications, with the proper connection information to reach our Novel eDir
    Ensure that useDNAttribute="false" was used in all three on the modified web.config files.
    Since our eDir is flat and used pretty much exclusively for external users, we had never done any sort of advanced role management configuration in eDir. So, by having role manager details in the web.config files, SharePoint was waiting for information from
    a non-existent role manager.

  • Issue during integrating OIM 9.1 with novell edirectory 8.8

    Hi,
    We are trying to integrate OIM 9.1 with Novell edirectory 8.8 using novell edirectory 9.0.4.2 connector.
    while privisioning i m facing the following issue
    DOBJ.THROWABLE_IN_SAVE Unhandled throwable java.lang.NoClassDefFoundError in com.thortech.xl.dataobj.tcScheduleItem's save.
    User is getting created OID but not provisioned to edirectory.
    Thanks in Advance
    Manju

    Hi,
    Thanks for responding.
    I am trying to provision users to novell edirectory.
    I create user in Oracle Idenity Manager 9.1 then select the Resource profile and provision new resource(to edirectory 8.8).
    During the last step of provisioning when i click continue button Oracle Idenity Manager is throwing the below error in the next screen with message "Provisioning is been initiated". But user is not created in the edirectory.
    DOBJ.THROWABLE_IN_SAVE Unhandled throwable java.lang.NoClassDefFoundError in com.thortech.xl.dataobj.tcScheduleItem's save.
    In the open tasks, System Validation task is created with the status Pending.
    Please help me to rectify this issue.
    Also let me know whether anyone has tried to integrate Oracle Idenity Manger 9.1 with edirectory 8.8 using Novell edirectory 9.0.4.2 connector.
    Thanks

  • Siebel SSO Integration with Novell eDirectory

    I am wondering if anyone on this forum has worked with integrating a SSO solution using Novell eDirectory and Siebel. I have personally worked on SSO integrations with Siebel using Cleartrust and Siteminder and they are all basically the same concept however, I am facing issues trying to get the Novell SSO solution to work with Siebel.
    I am using the standard LDAP Security adapter and I can make a basic connection into Siebel using LDAP. When implementing SSO I am using a "header" value and a custom userspec name that is different then then "Remote_Use" name mentioned in the Siebel SSO documentation. With SSO turned on I am successfully able to authenticate and almost get all the way into the home page of Siebel before the IE browser crashes. The SWSE log files, interestingly enough, show that my userspecsource is equal to header and that my userspec is correct and then I see the SISNAPI connection occurring between the Siebel We Server and the Siebel AOM but then after the IE browser crashes I see the SWSE log which then tries to picks up Siebel's default userspec " Remote_User" value which is not confiugred or turned on anywhere from within the application. I was just wondering if anyone else had faced similar issues when integrating Siebel into Novell eDirectory for SSO. I have also reviewed the configuration on Novell's side and they are protecting the correct object manager and are also using the same exact userspec name as what we have defined within the eapps.cfg of Siebel. We are using Siebel 8.1.1 Any ideas or help would be greatly appreciated as I have not gotten much support from my open SR on this issue.

    I am wondering if anyone on this forum has worked with integrating a SSO solution using Novell eDirectory and Siebel. I have personally worked on SSO integrations with Siebel using Cleartrust and Siteminder and they are all basically the same concept however, I am facing issues trying to get the Novell SSO solution to work with Siebel.
    I am using the standard LDAP Security adapter and I can make a basic connection into Siebel using LDAP. When implementing SSO I am using a "header" value and a custom userspec name that is different then then "Remote_Use" name mentioned in the Siebel SSO documentation. With SSO turned on I am successfully able to authenticate and almost get all the way into the home page of Siebel before the IE browser crashes. The SWSE log files, interestingly enough, show that my userspecsource is equal to header and that my userspec is correct and then I see the SISNAPI connection occurring between the Siebel We Server and the Siebel AOM but then after the IE browser crashes I see the SWSE log which then tries to picks up Siebel's default userspec " Remote_User" value which is not confiugred or turned on anywhere from within the application. I was just wondering if anyone else had faced similar issues when integrating Siebel into Novell eDirectory for SSO. I have also reviewed the configuration on Novell's side and they are protecting the correct object manager and are also using the same exact userspec name as what we have defined within the eapps.cfg of Siebel. We are using Siebel 8.1.1 Any ideas or help would be greatly appreciated as I have not gotten much support from my open SR on this issue.

  • Novell eDirectory Target Recon: Unable to search LDAP LDAP: error code 53

    Hi All,
    I am getting following error while running the Novell eDirectory Target Reconciliation in batch mode:
    *ERROR,27 Oct 2009 22:59:54,263,[XL_INTG.EDIRECTORY],Paged Search failed.javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unwilling To Perform]; remaining name 'ou=centrica,ou=Regular,o=Infosys'*
    *DEBUG,27 Oct 2009 22:59:54,263,[XL_INTG.EDIRECTORY],tcUtilLDAPOperations -> ~~~~~~~~~~Entering disconnectFromLDAP()~~~~~~~~~~*
    *DEBUG,27 Oct 2009 22:59:54,263,[XL_INTG.EDIRECTORY],tcUtilLDAPOperations -> Closing initial directory context*
    *DEBUG,27 Oct 2009 22:59:54,263,[XL_INTG.EDIRECTORY],tcUtilLDAPOperations -> ~~~~~~~~~~Leaving disconnectFromLDAP()~~~~~~~~~~*
    *ERROR,27 Oct 2009 22:59:54,263,[XL_INTG.EDIRECTORY],tcTskLDAPUserReconciliation] --> execute(): failed. Exception in execute() method.*
    *javax.naming.NamingException: tcUtilLDAPOperations  -> : NamingException : Unable to search LDAP [[LDAP: error code 53 - Unwilling To Perform]]*
    *     at com.thortech.xl.integration.ldap.util.tcUtilLDAPOperations.search(Unknown Source)*
    *     at com.thortech.xl.util.schedule.tasks.tcTskLDAPUserReconciliation.processChange(tcTskLDAPUserReconciliation.java:2752)*
    *     at com.thortech.xl.util.schedule.tasks.tcTskLDAPUserReconciliation.execute(tcTskLDAPUserReconciliation.java:344)*
    *     at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.run(Unknown Source)*
    *     at com.thortech.xl.scheduler.core.quartz.QuartzWrapper$TaskExecutionAction.run(Unknown Source)*
    *     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)*
    *     at weblogic.security.service.SecurityManager.runAs(Unknown Source)*
    *     at weblogic.security.Security.runAs(Security.java:41)*
    *     at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(Unknown Source)*
    *     at com.thortech.xl.scheduler.core.quartz.QuartzWrapper.execute(Unknown Source)*
    *     at org.quartz.core.JobRunShell.run(JobRunShell.java:178)*
    *     at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:477)*
    *DEBUG,27 Oct 2009 22:59:54,264,[XL_INTG.EDIRECTORY],tcTskLDAPUserReconciliation] --> execute(): exit*
    This error is coming only for OU's which have more than 200 entries in them. The
    if anyone has any clue on this problem, then kindly help.
    Cheers,
    Sunny

    See if your e-directory supports paged searches.
    If not then you have to configure your e-directory to support paged searches. I think the connector by default only uses paged searches.
    You need to look for OID 1.2.840.113556.1.4.319 (page control) in supported control list of the rootDSE.
    Hope this helps,
    Sagar

  • Migration from sun one to novell edirectory

    hello folks,
    please share info if anybody have an ideas on how to migrate data from sun one to novell edirectory. help wil be appriciated. thanks

    Does the documentation provide an upgrade path?
    Do you have existing data you need to preserve? If not you should be able to uninstall the old version and install the the one one. You should be able to use pkgrm to remove the old one IF it was a package based install.
    The changes you want to do (changing the directory tree and adding a UID) should not require an upgrade.
    It sounds like you need to reed the Sun/Oracle provided documentation.
    If you are new to LDAP you should probably look for a general purpose book about LDAP. The Sun/Oracle LDAP server is pretty complicated. You probably want to understand LDAP in general before tackling a Oracle's product.

  • Pass Through Auth Not Using Novell eDirectory Over RDP - Virtual Desktop

    Hi,
    I have installed and configured SGD and the Virtual Desktop Adapter to a Virtual Center server. So far that whole side of things is working great. Machines are cloned, prepped and connected to by users through the My Desktop link in SGD. Now that I am attempting to perfect the master template I have encountered some issues. The network here is Novell eDirectory and at the moment when the desktop is launched the username and password used to authenticate to the SGD webtop are passed through to the Virtual Machine, but it seems that they are passed through to the Windows Authentication System/GINA even though the Novell client is in place.
    The virtual machines are Windows XP and by default none of the user accounts exist locally, so of course the login fails. This drops the user back to the login box where it can be seen that the Workstation Only tick box is checked. Settings in the Novell client to always default to eDirectory authentication, forget last setting used etc has all been set properly. Even when hiding the Workstation Only tickbox the username and password are passed to local system authentication still.
    I need to get the username and password sent to the Novell eDirectory authentication system/GINA in order for Zenworks to create the user on the local system. When dropping back to the login box and manually unticking the Workstation Only box login proceeds normally. Drives are mapped and the local user account is created by the Zenworks agent.
    Is SGD specifically targeting an authentication subsystem within the virtual machine, regardless of your installed authentication handler/GINA preference order? Can I get SGD to pass the details to the Novell client? Barring that is there some way I can prevent SGD passing the details? I tried turning off some of the authentication details caching etc but some of that is needed to rename the virtual machines after the user connecting. For the time being having users authenticate twice would be acceptable, having them login in, then get an error message, then manually unticking Workstation Only then relogging in is not acceptable.
    I have been searching these forums, Novell forums, Terminal Server forums for answers but so far nothing has been of any help. Please note that the login box is not the cut down/windows only login box that users are seen when they connect over RDP to a machine that already has a user logged in locally. There is no user logged in locally and the full login box is presented once the login failed message is cleared.
    Any help, or even a nudge in the right direction would be great.
    Thanks
    Russ

    Hi,
    Thanks for taking the time to respond. I tried the full context user name path as well, but its defiantly just being passed to a different GINA. The only credentials that determine if you have RDP access to a server is the local machines credentials, so Microsoft have the service pass authentication straight to the Microsoft GINA non-interactively instead of honouring the installed GINA's. So it will fail no matter what I put in since the account doesn't exist locally yet. People have implemented solutions that depend on Active Directory domains, but that's what I am trying to avoid.
    In that situation the AD Domain would allow access to the local machine based on Windows permissions, and a registry setting TSAutoLogin or something would trigger the Novell log in in parallel to map the Netware shared volumes. With no domain you can't get the initial log in triggered for the Novell client to kick in.
    Connecting to the virtual machine using an RDP client without pre-entering authentication information does show the Novell Login (NWGINA) with all the right settings in place, so I have modified the expect (login) script for SGD not to automatically pass log in information through with the RDP connection it makes. The result is a clean Novell login box without any errors that a user can just enter their details into a second time.
    Russ

  • Synchronization of OID and Novell Edirectory

    I did set up OID to synchronize with Novell edirectory using dipassistant, bootstrapped it and run ODISRV with the correct configuration number. Novell edirectory is leading, admin is done in edirectory only. Authentication is done through external authentication at the edirectroy. Works too.
    Adding users, groups and users to groups works fine. Even removing users from groups works ok. The only thing that does not work is deleting users or groups. They still exist in OID after removing them from edirectory.
    I tried setting the 'check all entries' configuration parameter to true: no results.
    Set the debug level to 511: I get debug info, but deletions are not detected at all.
    Any ideas, anyone?
    Robbert van der Hoorn
    OSA it Automation

    Part of the problem solved. This is a weird situation: allthough creating new entries is done every 60 seconds, reconciliation is done once a day (24 hrs, i.e. 86400 seconds..).
    This explains (half) the sudden error message I get: after failing deleting one of the groups, reconcile stops. This group failed to delete for some reason, maybe because it came from a different bootstrapped profile, and domain mapping rules failed on this group. After deleting manually some problematic groups, reconcile works.
    The weird thing however is this: the reconciliation period parameter IS NOT SHOWN in Oracle Directory Manager 10.1.4!!! (Tried 2 installations. on windows server 2003!) Using OID Manager 10.1.2 (same platform) however showed me this parameter, and after setting it to 60 seconds, reconcile does show up and log in the.aud files every minute (which may not be desired to run every minute in prod. situations off course). I know (now) this interval can be set using dipassistant.
    Once reconcile is running, I get a new error in my trace file:
    Unable to delete the entry :cn=agroup1,cn=roc,cn=groups,dc=rocvantwente,dc=nl as the binddn doesnot have permission to delete it javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient Access Rights]; remaining name 'cn=agroup1,cn=roc,cn=groups,dc=rocvantwente,dc=nl'
    [LDAP: error code 50 - Insufficient Access Rights]
    Exception in reconcile()null
    [LDAP: error code 50 - Insufficient Access Rights]
    testImport : Error in executing reconciler: null
    javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient Access Rights]; remaining name 'cn=agroup1,cn=roc,cn=groups,dc=rocvantwente,dc=nl'
    Update: problem occurs with groups only. Users can be reconciled perfectly.
    The bind dn in this case is orcladmin.... ideas?
    Thanks,
    Robbert
    Message was edited by:
    Robbert van der Hoorn
    (Problem not completely solved after all)
    Message was edited by:
    user536188

  • Novell eDirectory load balancing

    Dear community,
    we use Novell eDirectory (LDAP)  to verify our users in the portal.
    We are Running SSL over port 636.
    New situation is that the LDAP collegues implemented load balancing .
    The problem now is that the certificate from the maschine responsible for the load balancing not contain any servername in the CN compaired to the (OLD) direct access to LDAP where the certificate contained a name CN=severname.domain.
    The new certificate only contains an O=name and
    OU= Organizational CA.
    For the definitions in the UME a servername is needed in the certificate .  Otherwise the connection check returns an error.

    Answer to my question: http://ieoc.com/forums/p/26385/218976.aspx#218976

  • I am evaluating Firefox to replace my AOL, how do in import my AOL Favorites into Firefox?

    I am evaluating Firefox to replace my AOL, how do in import my AOL Favorites into Firefox?

    First off we have the Favorites as 100+ *.url files that came from a PC... so no export command was used.
    Regarding the first recommendation of opening every URL and adding it to our Bookmarks would take a long time... there are probably 300 "Favorites" in there.
    Is there another way besides Exporting from IE... Since I did not do that and now just have 100s of .url files in one folder on my Mac's desktop?
    Thank you for the replies!

  • UC - LDAP integration to Novell eDirectory

    Hi,
    Looks UC version 8 not support Novell eDirectory. Any road map?
    Thanks in advance,

    I had a similar potential requirement a few months ago and my Cisco SE was able to dig out details of a customer that was using Novell eDirectory. There is an appnote published at the link below:
    http://www.novell.com/communities/node/3028/integrating-cisco-unified-call-manager-versions-5-and-6-edirectory
    Usual caveats - not supported by TAC etc.
    Please rate if helpful.

  • Did Novell Break Groupwise Install?

    Was trying to do another install today and tried to do everthing in the orginal setup. When it got to groupwise, it started the installer & went on for around an hour. The next time I would look at screen the same window wanting me to install groupwise was in front of me. Press install second time and same problem.
    Next time did not install anything in the orginal install except register and updates (96). Added edirectory, and then imanager. Went to add groupwise it went on for about an hr and then an error message would pop up saying something about a file or folder was missing. Not real sure since the message extended out past the box.
    Now trying to do a KBOYLE install. So far I am down to registering the product. Got my fingers crossed.

    Originally Posted by highvoltage
    Was trying to do another install today and tried to do everthing in the orginal setup. When it got to groupwise, it started the installer & went on for around an hour. The next time I would look at screen the same window wanting me to install groupwise was in front of me. Press install second time and same problem.
    Next time did not install anything in the orginal install except register and updates (96). Added edirectory, and then imanager. Went to add groupwise it went on for about an hr and then an error message would pop up saying something about a file or folder was missing. Not real sure since the message extended out past the box.
    Now trying to do a KBOYLE install. So far I am down to registering the product. Got my fingers crossed.
    When you get errors where files or folders are missing, its most likely because the zypper transaction failed at some point. It may have only been temporary. I'd suggest you review your logs to find out which package errored out if it doesn't work 2nd time around.

  • Xserve storage - replace Mac with X-serve?

    Currently using a G3 (I know! Iknow!) as a fileserver. This had an external Firewire 120gig Drive attached for graphics dept and La Cie tape drive for backup. Digital photography has meant increasing storage - currently at 750 gig and rising.
    Tape drive has just failed - need to consider my options and priotities - your thoughts, please.
    Mine are - replace tape drive first?
    Replace G3 - we are about to free a G4, and this could be used as replacement fileserver- would end users note any improvement in service? marginal?
    Or bite the bullet for an X-serve?
    could we still hang our Harddrives off this in a firewire chain or if you go down X-serve route is that a bit short sighted - should you be looking at Apple drive modules instead of external storage?
    Any other issues I should consider - price is a consideration so if there is a 'Gold Standard' I should be trying to achieve, is there an optimal upgrade path that would allow me to buy kit one stage at a time?
    Thanks

    Hi BrendanK-
    There is nothing wrong with a G3 with drives hanging off as a file server as long as it is doing the job.
    Tape can still be a viable backup media. The tapes are small and easy to lock in a safe. The backup process can be slow as you know. I have clients that still rely on tape for "deep storage".
    The G4 may show marginal gains processor-wise, but depending on which one you have it may have gig-Ethernet which would speed transfers up significantly.
    Even with an XServe the basic I think the basic configuration comes with an 80GB drive with the expectation that data will be stored elsewhere. You can add a couple of drive modules to increase storage but you will have all of your eggs in one basket.
    Be aware that you can run the XServer software itself on a variety of platforms. A Mac pro loaded with hard drives may do the trick for you.
    Gold Standard to me means a system that meets your needs and 3 backups of data-one locked in a safe at another location, one locked up locally, and one always nearby and ready to go. No matter what you use for a file server, it means nothing if you lose your data.
    Hope this helps. You can do this on a tight budget.
    Luck-
    -DaddyPaycheck

  • Thoughts on xServe RAID replacement?

    Hi everyone. Thanks for reading.
    I am replacing an aging xServe RAID in a clients network. They currently use the xServe RAID as storage for their mobile home folders, company file shares (RAID 5 w/ 500GB storage), mailstore (RAID 1 w/ 250GB storage) and backup for other servers (RAID 5 w/ 3TB storage). This is hooked up directly via FC to an Intel xServe running 10.6.8 server. They would like to replace this simply because they need more storage for files, and the age (about 7 to 8 years old).
    I would still use the existing xServe RAID as backup storage, however, we are looking for replacements. Right now I am pricing out a Promise VTrak E-Class with 8TB of storage (most likely will go RAID 10, so 4TB of useable storage) and a new 4Gbs quad fiber card. Total for both is around $8500. I am not convinced however they need that fast of storage for their use. They can get a Drobo 800i (bear with me here) with 8TB of storage (if dual drive redundancy is on the useable is around 3.6TB)  and a dual 1GB PCI ethernet card for around $4300. In the past, we have only used the DroboPro, and think that particular unit is too slow for anything but archival data or backup. We have yet to use the 800i (nor the 1200i).
    What does everyone think? Or is there another product we should also be looking at? Network is 1GB for around 40 users. Mobile accounts just sync at logoff, and useage of file shares is probably light to medium.
    Thanks again.

    The Promise range is what Apple originally recommended as a replacement for the discontinued XServe RAID. However you could also look at Active Storage, see http://getactivestorage.com/
    They even have a 1U rackmount box that can act as an XSan metadata controller (instead of an XServe).

  • 603: Unable to read the Inventory Service Object in Novell eDirectory

    I receive this error when starting the inventory service on a NetWare 6.0
    server. Any ideas?

    aha, thanks for the feedback! That's in the docs: this is for zen7, but the same is for 6.5 http://www.novell.com/documentation/...a/a42r1l6.html
    Shaun Pond

Maybe you are looking for