Anonymous_User Absent Member.
Absent Member.
402 views

GroupWise driver set attribute NGW: Object ID


We want to create GroupWise accounts by using a combination of given
name and surname combination instead of cn as identifier. I tried to do
it by setting the destination attribute NGW: Object ID in the subscriber
control transformation policy but I got an error saying that the object
already exists

<do-set-dest-attr-value disabled="true" name="NGW: Object ID"
notrace="true">
<arg-value type="string">
<token-local-variable name="email-alias"/>
</arg-value>
</do-set-dest-attr-value>

Is there a way to do that without renaming the object?

Thanks


--
moularbi
------------------------------------------------------------------------
moularbi's Profile: https://forums.netiq.com/member.php?userid=1196
View this thread: https://forums.netiq.com/showthread.php?t=46207

Labels (1)
0 Likes
10 Replies
Anonymous_User Absent Member.
Absent Member.

Re: GroupWise driver set attribute NGW: Object ID

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The GW driver config doesn't usually set account names at all; instead
it feeds information to GW and then GW sends back the name, and the last
time I checked GW would not allow anything to set a name overriding that
using the driver. Result: Set PO (or MTA... I forget which) to name
objects based on first and last name instead of by CN and the driver
config should send the attributes (both given name and surname) and then
GW will handle the rest automatically.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBAgAGBQJQq+b1AAoJEF+XTK08PnB5HcEP/1lEQI+oP7hAdIq09nWYzKt4
zxWYI5YTh3W3TFSTo8qymmVInGkeRCQS0LbWXsNb9VkGIZm7iBh2j+oaVT9DqJeq
TuAWDPbWNydQCDeDGthjvF4dXyslSdScFeCOKTw0+mI4uCU+wk07sInSlTo81umv
Gmu5ZY4fQpeZFvM2L067C6jV/bd1cCgFCnPtJMtRyME0z8zGZiYqHZrQB/1CkXR0
n114sMW6Exw0n7C+2XINfLKmuVkPzCq4TdvK9Zd317lt+XDMCjJa0c79Nl7rwYUH
Gw8CdlXsYrisihHgk5y6xIISbIyN6tYY1Ps2vdp87BzQdwF06ZgIxz3V36stjGvg
106fR0ORJ8nYZxol+E37JBvhcsSvRry3YN6pTGIZt9OhDZZx1XKNEaRjNbeEZMJZ
AiGGHg6TvZjTGb3tP7+jHndukMvNaTcR/+qRZDmBxYGdS5834rUehdcc0oXJsw+F
I80ZJHCkW0/8Cs5NBm3pTdRcGsQQyVLg73MzMz2VsTIxxRN0Rw8nT++5o9JhRIYd
43VP5RbeKNMPchjM6kBI0qM+KDMGNBPhACKeNeggeXklhHY6Dv9GDr9jSpsKlmhA
1e2OHwhdc30u4AURHF0aBwq1O5MegZWlkgdlMnPl7pHDH2NjMoEHvAl/wFnX5hXm
B6PebwuRNa9wT81wOP3o
=sVv9
-----END PGP SIGNATURE-----
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: GroupWise driver set attribute NGW: Object ID


By default the driver creates mailboxes using the CN of the object. The
placement policy sets only the post office not the object name:

<do-set-op-dest-dn>
<arg-dn>
<token-global-variable name="driver.gw.SubSyncDestLocation"/>
</arg-dn>
</do-set-op-dest-dn>

Is it possible to set the NGW: Object ID attribute without doing a
rename operation?

I have another question about the default matching policy:

<do-implement-entitlement>
<arg-node-set>
<token-entitlement name="gwAccount"/>
</arg-node-set>
<arg-actions>
<do-find-matching-object scope="entry">
<arg-dn>
<token-src-attr class-name="User" name="NGW: GroupWise ID"/>
</arg-dn>
<arg-match-attr name="58004">
<arg-value>
<token-src-dn convert="false"/>
</arg-value>
</arg-match-attr>
</do-find-matching-object>
</arg-actions>
</do-implement-entitlement>

What is 58004 refering to?


--
moularbi
------------------------------------------------------------------------
moularbi's Profile: https://forums.netiq.com/member.php?userid=1196
View this thread: https://forums.netiq.com/showthread.php?t=46207

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: GroupWise driver set attribute NGW: Object ID

On Wed, 21 Nov 2012 16:44:02 +0000, moularbi wrote:

> By default the driver creates mailboxes using the CN of the object. The
> placement policy sets only the post office not the object name:
>
> <do-set-op-dest-dn>
> <arg-dn>
> <token-global-variable

name="driver.gw.SubSyncDestLocation"/>
> </arg-dn>
> </do-set-op-dest-dn>
>
> Is it possible to set the NGW: Object ID attribute without doing a
> rename operation?


I don't believe so, no. GW generates its own internal name (NGW: Object
ID) and passes it back to you.


> I have another question about the default matching policy:
>
> <do-implement-entitlement>
> <arg-node-set>
> <token-entitlement name="gwAccount"/>
> </arg-node-set>
> <arg-actions>
> <do-find-matching-object scope="entry">
> <arg-dn>
> <token-src-attr class-name="User"

name="NGW: GroupWise ID"/>
> </arg-dn>
> <arg-match-attr name="58004">
> <arg-value>
> <token-src-dn convert="false"/>
> </arg-value>
> </arg-match-attr>
> </do-find-matching-object>
> </arg-actions>
> </do-implement-entitlement>
>
> What is 58004 refering to?


Now that's a good question. I don't see 58004 in the documentation, so
let me ask NetIQ and I'll see what I can find out. I'd have expected this
rule to be using 50073 (NGW: Object ID).


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: GroupWise driver set attribute NGW: Object ID

On Wed, 21 Nov 2012 16:44:02 +0000, moularbi wrote:

> What is 58004 refering to?


I've heard back on this question.

"58004 is the DS_DN attribute which is the always the full eDir
distinguished name. The Net ID attribute (50094) can either be the full DN
or just the common name. Under the Admin Preferences in ConsoleOne they
can pick what format they want the Net ID to be, but the DN attribute
(58004) is always the full DN."

I've added this as documentation feedback, so the next version of the
docs should hopefully include these.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: GroupWise driver set attribute NGW: Object ID


Thank you for your response.

dgersic;222578 Wrote:
> On Wed, 21 Nov 2012 16:44:02 +0000, moularbi wrote:
>
> > What is 58004 refering to?

>
> I've heard back on this question.
>
> "58004 is the DS_DN attribute which is the always the full eDir
> distinguished name. The Net ID attribute (50094) can either be the full
> DN
> or just the common name. Under the Admin Preferences in ConsoleOne they
> can pick what format they want the Net ID to be, but the DN attribute
> (58004) is always the full DN."
>
> I've added this as documentation feedback, so the next version of the
> docs should hopefully include these.
>
>
> --
> --------------------------------------------------------------------------
> David Gersic
> dgersic_@_niu.edu
> Knowledge Partner
> http://forums.netiq.com
>
> Please post questions in the forums. No support provided via email.



--
moularbi
------------------------------------------------------------------------
moularbi's Profile: https://forums.netiq.com/member.php?userid=1196
View this thread: https://forums.netiq.com/showthread.php?t=46207

0 Likes
Highlighted
Anonymous_User Absent Member.
Absent Member.

Re: GroupWise driver set attribute NGW: Object ID


Hi,

not sure if this is what you wand but we create the e-mail address
uniquely before feeding the user to GW and override the GW generated
address with this (in creation policy):

<rule>
<description>Override e-mail address</description>
<conditions>
<and>
<if-class-name op="equal">User</if-class-name>
</and>
</conditions>
<actions>
<do-set-dest-attr-value name="50319">
<arg-value type="string">
<token-replace-all regex="@.*">
<token-op-attr name="Internet EMail Address"/>
</token-replace-all>
</arg-value>
</do-set-dest-attr-value>
</actions>
</rule>


--
joakim_ganse
------------------------------------------------------------------------
joakim_ganse's Profile: https://forums.netiq.com/member.php?userid=159
View this thread: https://forums.netiq.com/showthread.php?t=46207

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: GroupWise driver set attribute NGW: Object ID


If I do that the driver creates the email address based on the operation
attribute Internet EMail Address but the attributes nGWGroupWiseID and
nGWObjectID contains the CN value
Example with an account CN=ID110033:
Generated attributes:
mail=surname-givenname
nGWGroupWiseID=mta.poa.ID110033{106}61270A81-1749-0000-B193-7BC3B8143B6B
nGWObjectID=ID110033

If I do a rename object, the attributes nGWGroupWiseID and nGWObjectID
are modified:
nGWGroupWiseID=mta.poa.surname-givenname{106}61270A81-1749-0000-B193-7BC3B8143B6B
nGWObjectID=surname-givenname

I want to set the name of the GroupWise account so that the user
connects to GW using surname-givenname instead of ID110033 but without
doing a rename operation.


--
moularbi
------------------------------------------------------------------------
moularbi's Profile: https://forums.netiq.com/member.php?userid=1196
View this thread: https://forums.netiq.com/showthread.php?t=46207

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: GroupWise driver set attribute NGW: Object ID

On Thu, 22 Nov 2012 14:04:02 +0000, moularbi wrote:

> I want to set the name of the GroupWise account so that the user
> connects to GW using surname-givenname instead of ID110033 but without
> doing a rename operation.


I'm not a GroupWise expert, but I believe this is a configuration option
in GW.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: GroupWise driver set attribute NGW: Object ID


surname-lastname was just an example, I have a function that calculates
the email alias and I don't know how to tell GW to use this value when
it creates accounts instead of the object CN.
dgersic;222543 Wrote:
> On Thu, 22 Nov 2012 14:04:02 +0000, moularbi wrote:
>
> > I want to set the name of the GroupWise account so that the user
> > connects to GW using surname-givenname instead of ID110033 but

> without
> > doing a rename operation.

>
> I'm not a GroupWise expert, but I believe this is a configuration
> option
> in GW.
>
>
> --
> --------------------------------------------------------------------------
> David Gersic
> dgersic_@_niu.edu
> Knowledge Partner
> http://forums.netiq.com
>
> Please post questions in the forums. No support provided via email.



--
moularbi
------------------------------------------------------------------------
moularbi's Profile: https://forums.netiq.com/member.php?userid=1196
View this thread: https://forums.netiq.com/showthread.php?t=46207

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: GroupWise driver set attribute NGW: Object ID

On Wed, 28 Nov 2012 11:04:01 +0000, moularbi wrote:

> surname-lastname was just an example, I have a function that calculates
> the email alias and I don't know how to tell GW to use this value when
> it creates accounts instead of the object CN.


As far as I can tell from the GW documentation, you can't. GW defaults to
using the "eDirectory user name" (ie: the CN), according to the GW admin
guide, pg. 220. It does say that you can change it, but it doesn't appear
to me that you can specify it as part of creating the mailbox from the GW
driver.

Since you mention "email alias" here, assuming you have that in an
attribute in the XML document, you might have more luck with what you're
trying to accomplish by mapping it to 50319 in the schema map.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.