robertmeier83 Absent Member.
Absent Member.
446 views

eDir2eDir ou placement policy


Dear everybody,

I hope you can help me with the following problem:

We have a eDir (with hierarchy) to eDir (with hierarchy). The sync is
working.

But there is one problem: The hierarchy on the first eDir is not the
same as the hierarchy on the second eDir.

eDir1: DE\SAMPLE\TEST

DC=DE, OU=SAMPLE, OU=TEST

is in the second

eDir2: DE\SAMPLE\01.

DC=DE, OU=SAMPLE, OU=01

My first idea: publisher-placement-policy with mapping-table. I hope
this is correct?

I found a sample xml-script for a rule which I a have modified a bit (i
don't know if this is correct):

<rule>
<description>Organizational Unit Placement Policy by Mapping
Table</description>
<conditions>
<and>
<if-class-name mode="nocase" op="equal">Organizational
Unit</if-class-name>
<if-src-dn op="in-subtree">DE\SAMPLE</if-src-dn>
</and>
</conditions>
<actions>
<do-set-op-dest-dn>
<arg-dn>
<token-src-dn convert="true" length="1" start="-1"/>
<token-text xml:space="preserve">,</token-text>
<token-map dest="destination" src="source"
table="..\ou-placement-table">
<token-op-attr name="L"/>
</token-map>
</arg-dn>
</do-set-op-dest-dn>
</actions>
</rule>

and a placement table like this:

<mapping-table>
<col-def name="source" type="nocase"/>
<col-def name="destination" type="nocase"/>
<row>
<col>TEST</col>
<col>OU=01,OU=SAMPLE,DC=DE</col>
</row>
</mapping-table>

Can you help and show me how to create a mapping?


--
robertmeier83
------------------------------------------------------------------------
robertmeier83's Profile: http://forums.novell.com/member.php?userid=110605
View this thread: http://forums.novell.com/showthread.php?t=448296

Labels (1)
0 Likes
7 Replies
Knowledge Partner
Knowledge Partner

Re: eDir2eDir ou placement policy

On Wed, 16 Nov 2011 15:46:02 +0000, robertmeier83 wrote:

> But there is one problem: The hierarchy on the first eDir is not the
> same as the hierarchy on the second eDir.
>
> eDir1: DE\SAMPLE\TEST
>
> DC=DE, OU=SAMPLE, OU=TEST
>
> is in the second
>
> eDir2: DE\SAMPLE\01.
>
> DC=DE, OU=SAMPLE, OU=01


Interesting. So, conceptually, how do you decide that users from OU=TEST
go in OU=01? Is there a 1:1 mapping between these two hierarchical
structures, only with different naming?


> My first idea: publisher-placement-policy with mapping-table. I hope
> this is correct?


Sure, that'd work.


> I found a sample xml-script for a rule which I a have modified a bit (i
> don't know if this is correct):
>
> <rule>
> <description>Organizational Unit Placement Policy by Mapping
> Table</description>
> <conditions>
> <and>
> <if-class-name mode="nocase" op="equal">Organizational
> Unit</if-class-name>
> <if-src-dn op="in-subtree">DE\SAMPLE</if-src-dn> </and>
> </conditions>
> <actions>
> <do-set-op-dest-dn>
> <arg-dn>
> <token-src-dn convert="true" length="1" start="-1"/> <token-text
> xml:space="preserve">,</token-text> <token-map dest="destination"
> src="source" table="..\ou-placement-table">
> <token-op-attr name="L"/>
> </token-map>
> </arg-dn>
> </do-set-op-dest-dn>
> </actions>
> </rule>


You're using the value of 'L', why? Does it contain useful information?

Let's see a level 3 trace of an <add> operation being processed by your
rule, so we can see what information you have to start with, and the
results of processing it.


> and a placement table like this:
>
> <mapping-table>
> <col-def name="source" type="nocase"/> <col-def name="destination"
> type="nocase"/>
> <row>
> <col>TEST</col>
> <col>OU=01,OU=SAMPLE,DC=DE</col>
> </row>
> </mapping-table>
>
> Can you help and show me how to create a mapping?


Given that this is eDirectory, you want your dest dn in slash format, not
LDAP, so:

> <col>OU=01,OU=SAMPLE,DC=DE</col>


should be:

> <col>DC=DE\OU=SAMPLE\OU=01</col>



--
---------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Novell Knowledge Partner http://forums.novell.com

Please post questions in the newsgroups. No support provided via email.

0 Likes
robertmeier83 Absent Member.
Absent Member.

Re: eDir2eDir ou placement policy


Hello dgersic,

thanks for your answer!


dgersic;2154365 Wrote:
> On Wed, 16 Nov 2011 15:46:02 +0000, robertmeier83 wrote:
>
> > But there is one problem: The hierarchy on the first eDir is not the
> > same as the hierarchy on the second eDir.
> >
> > eDir1: DE\SAMPLE\TEST
> >
> > DC=DE, OU=SAMPLE, OU=TEST
> >
> > is in the second
> >
> > eDir2: DE\SAMPLE\01.
> >
> > DC=DE, OU=SAMPLE, OU=01

>
> Interesting. So, conceptually, how do you decide that users from
> OU=TEST
> go in OU=01? Is there a 1:1 mapping between these two hierarchical
> structures, only with different naming?
>
>
> Yes exactly.
>
>
>
> > My first idea: publisher-placement-policy with mapping-table. I hope
> > this is correct?

>
> Sure, that'd work.
>
>
> > I found a sample xml-script for a rule which I a have modified a bit

> (i
> > don't know if this is correct):
> >
> > <rule>
> > <description>Organizational Unit Placement Policy by Mapping
> > Table</description>
> > <conditions>
> > <and>
> > <if-class-name mode="nocase" op="equal">Organizational
> > Unit</if-class-name>
> > <if-src-dn op="in-subtree">DE\SAMPLE</if-src-dn> </and>
> > </conditions>
> > <actions>
> > <do-set-op-dest-dn>
> > <arg-dn>
> > <token-src-dn convert="true" length="1" start="-1"/> <token-text
> > xml:space="preserve">,</token-text> <token-map dest="destination"
> > src="source" table="..\ou-placement-table">
> > <token-op-attr name="L"/>
> > </token-map>
> > </arg-dn>
> > </do-set-op-dest-dn>
> > </actions>
> > </rule>

>
> You're using the value of 'L', why? Does it contain useful
> information?
>
>
> No - the value 'L' is not necessary. I oversight it, when i used the
> sample.
>
>
> Let's see a level 3 trace of an <add> operation being processed by
> your
> rule, so we can see what information you have to start with, and the
> results of processing it.
>
>
> Not yet tested. I will try it now with your hints. I wasn't sure if my
> approach is correct (idm beginner).
>
>
>
> > and a placement table like this:
> >
> > <mapping-table>
> > <col-def name="source" type="nocase"/> <col-def name="destination"
> > type="nocase"/>
> > <row>
> > <col>TEST</col>
> > <col>OU=01,OU=SAMPLE,DC=DE</col>
> > </row>
> > </mapping-table>
> >
> > Can you help and show me how to create a mapping?

>
> Given that this is eDirectory, you want your dest dn in slash format,
> not
> LDAP, so:
>
> > <col>OU=01,OU=SAMPLE,DC=DE</col>

>
> should be:
>
> > <col>DC=DE\OU=SAMPLE\OU=01</col>

>
>
>
> Thanks for your help!
>
> --
> ---------------------------------------------------------------------------
> David Gersic
> dgersic_@_niu.edu
> Novell Knowledge Partner
> http://forums.novell.com
>
> Please post questions in the newsgroups. No support provided via
> email.



--
robertmeier83
------------------------------------------------------------------------
robertmeier83's Profile: http://forums.novell.com/member.php?userid=110605
View this thread: http://forums.novell.com/showthread.php?t=448296

0 Likes
robertmeier83 Absent Member.
Absent Member.

Re: eDir2eDir ou placement policy


Hello,

help - i can't get it working. My policy (the rule in there) reads like
this:

<rule>
<description>Organizational Unit Placement Policy by Mapping
Table</description>
<conditions>
<and>
<if-class-name mode="nocase" op="equal">User</if-class-name>
<if-src-dn op="in-subtree">DE\Sample</if-src-dn>
</and>
</conditions>
<actions>
<do-set-op-dest-dn>
<arg-dn>
<token-map dest="destination" src="source"
table="..\ou-placement-table" />
</arg-dn>
</do-set-op-dest-dn>
</actions>
</rule>

The Trace-Log (Level 3) I can see, that the rule is selected and looks
up in the ou-placement-table. But nothing happens.

http://www.baynetwork.xenonserver.de/trace_log_edir.png

Unfortunately only as picture available.

My mapping table reads:

ou-placement-table

<mapping-table>
<col-def name="source" type="nocase" />
<row>
<col>C=DE\O=Sample\OU=I</col>
<col>C=DE\O=Sample\OU=01</col>
</row>
<col-def name="destination" type="nocase" />
</mapping-table>

It is a 1:1 mapping.

Is the "no-dn-generated" a problem, because there is no entry found in
the table? How to handle
entries which are not an the table?


--
robertmeier83
------------------------------------------------------------------------
robertmeier83's Profile: http://forums.novell.com/member.php?userid=110605
View this thread: http://forums.novell.com/showthread.php?t=448296

0 Likes
Knowledge Partner
Knowledge Partner

Re: eDir2eDir ou placement policy

On 18.11.2011 12:46, robertmeier83 wrote:
> help - i can't get it working. My policy (the rule in there) reads like
> this:
>
> <rule>
> <description>Organizational Unit Placement Policy by Mapping
> Table</description>
> <conditions>
> <and>
> <if-class-name mode="nocase" op="equal">User</if-class-name>
> <if-src-dn op="in-subtree">DE\Sample</if-src-dn>
> </and>
> </conditions>
> <actions>
> <do-set-op-dest-dn>
> <arg-dn>
> <token-map dest="destination" src="source"
> table="..\ou-placement-table" />
> </arg-dn>
> </do-set-op-dest-dn>
> </actions>
> </rule>
>
> The Trace-Log (Level 3) I can see, that the rule is selected and looks
> up in the ou-placement-table. But nothing happens.


Your problem is you have used a verb (token-map) without specifying a
noun for it to act on.


In the earlier example, the noun was <token-op-attr name="L"/>

From what I understand of your logic, maybe it's src-dn that is the
noun you are trying to act on (or part of the src-dn)

For example:

<rule>
<description>Organizational Unit Placement Policy by Mapping
Table</description>
<conditions>
<and>
<if-class-name mode="nocase" op="equal">User</if-class-name>
<if-src-dn op="in-subtree">DE\Sample</if-src-dn>
</and>
</conditions>
<actions>
<do-set-op-dest-dn>
<arg-dn>
<token-map dest="destination" src="source"
table="..\ou-placement-table">
<token-src-dn/>
</token-map>
</arg-dn>
</do-set-op-dest-dn>
</actions>
</rule>
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
robertmeier83 Absent Member.
Absent Member.

Re: eDir2eDir ou placement policy


Hello alexmchugh,

yes - you are right. So I will try this and give you a response.

Thanks for your tip.


--
robertmeier83
------------------------------------------------------------------------
robertmeier83's Profile: http://forums.novell.com/member.php?userid=110605
View this thread: http://forums.novell.com/showthread.php?t=448296

0 Likes
Knowledge Partner
Knowledge Partner

Re: eDir2eDir ou placement policy

On Fri, 18 Nov 2011 11:46:02 +0000, robertmeier83 wrote:


> Is the "no-dn-generated" a problem, because there is no entry found in
> the table? How to handle
> entries which are not an the table?


Usually, I assign the result of token-map to a variable, so I can check
it to see if I got anything. If nothing returned, the variable is empty,
and I can react (send email, establish a default, veto because it's an
error, etc.) to it.


--
---------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Novell Knowledge Partner http://forums.novell.com

Please post questions in the newsgroups. No support provided via email.

0 Likes
Knowledge Partner
Knowledge Partner

Re: eDir2eDir ou placement policy

On Fri, 18 Nov 2011 11:46:02 +0000, robertmeier83 wrote:

> <arg-dn>
> <token-map dest="destination" src="source" table="..\ou-placement-table"
> />
> </arg-dn>


Your token-map isn't being told to map anything. You need to add
something for it to map the source to.



--
---------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Novell Knowledge Partner http://forums.novell.com

Please post questions in the newsgroups. No support provided via email.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.