When we create users in eDir the Home Dir path in MAD needs to be a CIFS share path to the NSS home dir.
Our environment is complex, with various paths servers and volumes depending on username. This, coupled with lots of CIFS share names, would make manipulating the strings with IDM tricky. The home directory attribute in eDirectory is multi-valued, and you would need some clever IDM logic to manipulate the values to create the correct CIFS share path.
I have come up with a working solution as follows …
1. On user registration in eDirectory, create/use a redundant attribute in the User class and popluate that with the CIFS share path. For testing purposes I have used the ‘Description’ attribute here.
2. Use IDM to remap the attribute ‘homeDirectory’ in MAD to ‘Description’ in eDirectory. You do this in the Subscriber ‘Schema Mapping Policies’ –
<attr-name class-name="User"> <app-name>homeDirectory</app-name> <nds-name>Description</nds-name> </attr-name>
3. Populate the homeDrive attribute in MAD with the appropriate drive letter to mount the user home directory. This is done in the Subscriber ‘Output Transformation Policies’. I made it a ‘U’ drive in this case (see below).
4. In the same policy rule, copy the ‘homeDirectory’ attribute to the ‘profilePath’ attribute and append the text ‘Windows NT 5.1 Workstation Profile’. This enabled the path to our roaming profiles in the user home directory –
<rule> <description>home drive letter</description> <conditions> <and> <if-attr name="homedirectory" op="available"/> </and> </conditions> <actions> <do-add-dest-attr-value class-name="User" name="homeDrive"> <arg-value type="string"> <token-text xml:space="preserve">u</token-text> </arg-value> </do-add-dest-attr-value> <do-add-dest-attr-value class-name="user" name="profilePath"> <arg-value type="string"> <token-attr name="homeDirectory"/> <token-text xml:space="preserve">\Windows NT 5.1 Workstation Profile</token-text> </arg-value> </do-add-dest-attr-value> </actions> </rule>
I can now log in to Windows Vista business or Windows XP, authenticating to the Windows 2003 Domain Controller. My NSS home directory is mounted with CIFS automatically to the ‘U’ drive, from where it picks up my roaming profile.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.