An OS X Login Hook for Novell Networks

An OS X Login Hook for Novell Networks

Managing OS X workstations on a Novell network is easier than it was, but nowhere near as easy as it should be. Although solutions such as Kanaka and the modified eDirectory schema for OS X can facilitate login and management of MCX settings, there are some areas where it is much easier to manage a Windows workstation than a Mac. This script attempts to address a few of those areas.

The script attached to this post is a "login hook" -- a special shell script that runs as root when a user logs into an OS X workstation. Login hooks can be written in any scripting languages that OS X supports, and this one is written in perl. For more information on login hooks, please see

The login hook attached does three things to help level the playing field between user login to OS X and Windows workstations on a Novell-based network.

  1. It adds the current user to the Staff group (gid 20). Many OS X integration solutions populate this value anyway, but in many environments (such as mine) another group is used instead. However, the user must still belong to Staff in order to use the workstation at a basic level (to run applications, for example).

  2. It adds certain users to the local administrators group based on eDirectory group membership. Local admins are essentially part of the sudoers group on OS X, and this feature basically acts as a Dynamic Local User surrogate. In an academic environment, you will often want teachers and other "adults" to be local administrators so that they can change settings, add printers, etc. The script does not provide for the removal of a user, once added, but the user is added to the local administrators on a machine-by-machine rather than a global basis.

  3. It autopopulates GroupWise information. On OS X, GroupWise does not have a mechanism for guessing what credentials a user will need to log in. This script does a lookup to eDirectory via LDAP and retrieves GW username, post office IP, and port. It then rewrite the master GroupWise preferences file with this information, and then rewrites it whenever another user logs in. If the user does not have a GroupWise account, the preferences file has blank information.

The purpose of this script is to provide smoother integration between eDirectory and OS X. You will probably want to chop it up and use bits of it in your own login hook. Please note that since you have eDirectory groups in a convenient array, it is easy to extend the script's functionality.

This script has been tested with OS X 10.3 - 10.5 and should work with 10.6. It targets GroupWise 7.x - 8.x. It supports any login scheme where OS X workstations are using eDirectory usernames (i.e. Kanaka, modified LDAP, local login with the same username as eDirectory). An eDirectory LDAP server that allows port 389 lookups is required.

Labels (1)


Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
3 of 3
Last update:
‎2020-03-10 17:31
Updated by:
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.