Creating a User CIFS Share Path in Active Directory



By: cemshort

June 13, 2007 9:59 am

Reads: 240

Comments:2

Rating:0

Problem

When we create users in eDir the Home Dir path in MAD needs to be a CIFS share path to the NSS home dir.

Our environment is complex, with various paths servers and volumes depending on username. This, coupled with lots of CIFS share names, would make manipulating the strings with IDM tricky. The home directory attribute in eDirectory is multi-valued, and you would need some clever IDM logic to manipulate the values to create the correct CIFS share path.

Solution

I have come up with a working solution as follows …

1. On user registration in eDirectory, create/use a redundant attribute in the User class and popluate that with the CIFS share path. For testing purposes I have used the ‘Description’ attribute here.

2. Use IDM to remap the attribute ‘homeDirectory’ in MAD to ‘Description’ in eDirectory. You do this in the Subscriber ‘Schema Mapping Policies’ -

<attr-name class-name="User">
	<app-name>homeDirectory</app-name>
	<nds-name>Description</nds-name>
</attr-name>

3. Populate the homeDrive attribute in MAD with the appropriate drive letter to mount the user home directory. This is done in the Subscriber ‘Output Transformation Policies’. I made it a ‘U’ drive in this case (see below).

4. In the same policy rule, copy the ‘homeDirectory’ attribute to the ‘profilePath’ attribute and append the text ‘Windows NT 5.1 Workstation Profile’. This enabled the path to our roaming profiles in the user home directory -

<rule>
	<description>home drive letter</description>
	<conditions>
		<and>
			<if-attr name="homedirectory" op="available"/>
		</and>
	</conditions>
	<actions>
		<do-add-dest-attr-value class-name="User" name="homeDrive">
			<arg-value type="string">
				<token-text xml:space="preserve">u</token-text>
			</arg-value>
		</do-add-dest-attr-value>
		<do-add-dest-attr-value class-name="user" name="profilePath">
			<arg-value type="string">
				<token-attr name="homeDirectory"/>
				<token-text xml:space="preserve">\Windows NT 5.1 Workstation 
Profile</token-text>
			</arg-value>
		</do-add-dest-attr-value>
	</actions>
</rule>

I can now log in to Windows Vista business or Windows XP, authenticating to the Windows 2003 Domain Controller. My NSS home directory is mounted with CIFS automatically to the ‘U’ drive, from where it picks up my roaming profile.

Environment

  • Subscriber – Netware 6.5 SP6, eDirectory
  • Publisher – Windows 2003 server MAD
  • IDM 3.5
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags: ,
Categories: eDirectory, Technical Solutions

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

2 Comments

  1. By:lkuiper

    Don’t forget to put a colon (:) after the driveletter, otherwise the homedrive is not automatically mapped at logon in windows. So it should be:

    U:

    When the homeDrive property value in AD is “U” instead of “U:”, the GUI of ADU&C will display the driveletter as “U:” although the real value of the property still would be “U” and therefore it wil not map your homedrive at logon. I am not sure if this behaviour occurs on all Windows versions because I only experienced it on WinXp SP2

  2. By:lkuiper

    Don’t forget to put a colon (:) after the driveletter, otherwise the homedrive is not automatically mapped at logon in windows. So it should be:

    “U:”

    When the homeDrive property value in AD is “U” instead of “U:”, the GUI of ADU&C will display the driveletter as “U:” although the real value of the property still would be “U” and therefore it wil not map your homedrive at logon. I am not sure if this behaviour occurs on all Windows versions because I only experienced it on WinXp SP2

Comment