Knowledge Partner
Knowledge Partner

Re: ldap query for networkAddress

On Fri, 07 Mar 2014 18:00:02 GMT, David Gersic
<dgersic@no-mx.forums.netiq.com> wrote:

>On Fri, 07 Mar 2014 14:39:34 +0000, KeN Etter wrote:
>
>> I would really like to use the LDAP/networkAddress method because it
>> doesn't rely on anything custom (that is - it is just my PHP and LDAP vs
>> a custom NCP extension that I need to have someone update). But the
>> LDAP method worries me because it does not look like it will be as
>> reliable.

>
>It's not reliable. At best, it looks like it might work, leading you to
>the belief that it's reliable. Until it bites you later.


I'm starting to see that. 🙂

>> 1. Stuck networkAddress entry. I currently have 1 IP address that is
>> listed for two people. So far I haven't figured out a way to delete the
>> old entry.

>
>Yup. The official answer is "dsrepair -n0" and running a local database
>repair. The un-official answer is an LDIF like:
>
>dn: cn=bob,ou=whatever
>changetype: modify
>delete: networkaddress


Searched, but I haven't figured out how to run an LDIF against
eDirectory. Can you point me in the right direction?

>> 2. Missing networkAddress entry. I currently have 9 people who are
>> logged into the network but do not have a networkAddress entry in
>> eDirectory.

>
>Interesting. I can't say that I've seen that, but it wouldn't surprise me.


Just checked and down to 1 person without a networkAddress entry. He
is definitely logged in and working on the network, but nothing
listed.

Supposedly Novell Client 2 SP3 IR5 improves the networkAddress
updating...maybe that would help. I will have to see after I finish
pushing that out. But I'm still leary of this method.
--
Ken
Knowledge Partner

Create and vote for enhancements!
https://www.microfocus.com/products/enhancement-request.html
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: ldap query for networkAddress

On Fri, 07 Mar 2014 19:03:16 +0000, KeN Etter wrote:

> On Fri, 07 Mar 2014 18:00:02 GMT, David Gersic
> <dgersic@no-mx.forums.netiq.com> wrote:
>
>>On Fri, 07 Mar 2014 14:39:34 +0000, KeN Etter wrote:
>>
>>> I would really like to use the LDAP/networkAddress method because it
>>> doesn't rely on anything custom (that is - it is just my PHP and LDAP
>>> vs a custom NCP extension that I need to have someone update). But
>>> the LDAP method worries me because it does not look like it will be as
>>> reliable.

>>
>>It's not reliable. At best, it looks like it might work, leading you to
>>the belief that it's reliable. Until it bites you later.

>
> I'm starting to see that. 🙂
>
>>> 1. Stuck networkAddress entry. I currently have 1 IP address that is
>>> listed for two people. So far I haven't figured out a way to delete
>>> the old entry.

>>
>>Yup. The official answer is "dsrepair -n0" and running a local database
>>repair. The un-official answer is an LDIF like:
>>
>>dn: cn=bob,ou=whatever
>>changetype: modify
>>delete: networkaddress

>
> Searched, but I haven't figured out how to run an LDIF against
> eDirectory. Can you point me in the right direction?


Official answer: ICE (Import Convert Export). It's in the docs.

Unofficial answer: any ldapmodify program should work. I use OpenLDAP's
tools here, because they're commonly available.



--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
Knowledge Partner
Knowledge Partner

Re: ldap query for networkAddress

On Fri, 07 Mar 2014 20:00:02 GMT, David Gersic
<dgersic@no-mx.forums.netiq.com> wrote:

>On Fri, 07 Mar 2014 19:03:16 +0000, KeN Etter wrote:
>
>> On Fri, 07 Mar 2014 18:00:02 GMT, David Gersic
>> <dgersic@no-mx.forums.netiq.com> wrote:
>>
>>>On Fri, 07 Mar 2014 14:39:34 +0000, KeN Etter wrote:
>>>
>>>> I would really like to use the LDAP/networkAddress method because it
>>>> doesn't rely on anything custom (that is - it is just my PHP and LDAP
>>>> vs a custom NCP extension that I need to have someone update). But
>>>> the LDAP method worries me because it does not look like it will be as
>>>> reliable.
>>>
>>>It's not reliable. At best, it looks like it might work, leading you to
>>>the belief that it's reliable. Until it bites you later.

>>
>> I'm starting to see that. 🙂
>>
>>>> 1. Stuck networkAddress entry. I currently have 1 IP address that is
>>>> listed for two people. So far I haven't figured out a way to delete
>>>> the old entry.
>>>
>>>Yup. The official answer is "dsrepair -n0" and running a local database
>>>repair. The un-official answer is an LDIF like:
>>>
>>>dn: cn=bob,ou=whatever
>>>changetype: modify
>>>delete: networkaddress

>>
>> Searched, but I haven't figured out how to run an LDIF against
>> eDirectory. Can you point me in the right direction?

>
>Official answer: ICE (Import Convert Export). It's in the docs.
>
>Unofficial answer: any ldapmodify program should work. I use OpenLDAP's
>tools here, because they're commonly available.


Thanks!
--
Ken
Knowledge Partner

Create and vote for enhancements!
https://www.microfocus.com/products/enhancement-request.html
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: ldap query for networkAddress


OK, let me paraphrase your procedure to see if I missed anything:

When a workstation accesses a given internal web page, you use the IP
info in the request to check against the server to see if the
workstation is logged into the server, thus "authenticated" to your
network? And this is done for any number of web pages that requires this
security. Your users ALWAYS use a NetWare Client. Do they normally shut
down the workstations when done, such as doing a Shutdown or Logout from
Windows, or do they just lock the station down for the night (suspend,
etc)?

Do you just care to see if the given IP address is logged into the
network and not who the actual user is?

Reason I'm asking about the later "habit" is to see if there is an
alternate way of populating the IP info.


--
--
-eDirectory Rules!-

Peter
www.DreamLAN.com
------------------------------------------------------------------------
peterkuo's Profile: https://forums.netiq.com/member.php?userid=170
View this thread: https://forums.netiq.com/showthread.php?t=50184

0 Likes
Knowledge Partner
Knowledge Partner

Re: ldap query for networkAddress

On Sat, 08 Mar 2014 01:34:01 GMT, peterkuo
<peterkuo@no-mx.forums.netiq.com> wrote:

>
>OK, let me paraphrase your procedure to see if I missed anything:
>
>When a workstation accesses a given internal web page, you use the IP
>info in the request to check against the server to see if the
>workstation is logged into the server, thus "authenticated" to your
>network? And this is done for any number of web pages that requires this
>security. Your users ALWAYS use a NetWare Client.


Correct. We also have users that use the Filr client on their tablets
and smartphones, but they are not part of the equation. This need is
only for those running Windows and they are always using the Novell
Client.

> Do they normally shut
>down the workstations when done, such as doing a Shutdown or Logout from
>Windows, or do they just lock the station down for the night (suspend,
>etc)?


They are supposed to shutodown at the end of the day (policy). But I
have a few that ignore this and just lock their PCs (which then go to
sleep). I do have a ZCM procedure that forces a reboot over the
weekend to deal with these people that refuse to shutdown.

>Do you just care to see if the given IP address is logged into the
>network and not who the actual user is?


It must return the user. I need to know who they are, not just verify
whether they are logged in.

>Reason I'm asking about the later "habit" is to see if there is an
>alternate way of populating the IP info.


Ken
--
Ken
Knowledge Partner

Create and vote for enhancements!
https://www.microfocus.com/products/enhancement-request.html
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: ldap query for networkAddress


OK. I just thought of something but the power supply of the machine I
have my VM on is having a "whining" sound. So let me fix that first ....


--
--
-eDirectory Rules!-

Peter
www.DreamLAN.com
------------------------------------------------------------------------
peterkuo's Profile: https://forums.netiq.com/member.php?userid=170
View this thread: https://forums.netiq.com/showthread.php?t=50184

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: ldap query for networkAddress


In looking at your original post, you said:

"This one logs an invalid syntax error:
ldap_search($ldap,"o=msktd",
"networkAddress=\39\23\00\00\C0\A8\01\88",$nds_stu ff);"

Did you ever tried using, say, the standalone ldapsearch module? You can
find it in the \novell\consoleone\1.2\bin folder on the workstation if
you have C1 installed, or on the NetWare box in SYS:PUBLIC (? it has
been a long while I looked for it on a NetWare box). Or try the Linux
version which should get installed as part of the eDir package. The
syntax should work as it does for my testing - and I wonder if there is
a bug in PHP instead. So, let's narrow that down.


--
--
-eDirectory Rules!-

Peter
www.DreamLAN.com
------------------------------------------------------------------------
peterkuo's Profile: https://forums.netiq.com/member.php?userid=170
View this thread: https://forums.netiq.com/showthread.php?t=50184

0 Likes
Knowledge Partner
Knowledge Partner

Re: ldap query for networkAddress

On Tue, 11 Mar 2014 07:55:23 GMT, peterkuo
<peterkuo@no-mx.forums.netiq.com> wrote:

>
>In looking at your original post, you said:
>
>"This one logs an invalid syntax error:
>ldap_search($ldap,"o=msktd",
>"networkAddress=\39\23\00\00\C0\A8\01\88",$nds_stu ff);"
>
>Did you ever tried using, say, the standalone ldapsearch module? You can
>find it in the \novell\consoleone\1.2\bin folder on the workstation if
>you have C1 installed, or on the NetWare box in SYS:PUBLIC (? it has
>been a long while I looked for it on a NetWare box). Or try the Linux
>version which should get installed as part of the eDir package. The
>syntax should work as it does for my testing - and I wonder if there is
>a bug in PHP instead. So, let's narrow that down.


I'll check into that. I spent considerable time yesterday looking
into options and figured out how I can move the websites to SLES and
make a call to my Netware server to check for the NCP connections. So
short term I am going to go with that just so I can get these websites
moved. When my websites were hosted on a physical Netware server
there were blazing fast. But I moved them to a virtual Netware server
and they have a definite lag that I haven't been able to resolve. The
virtual SLES server that I have setup is just as fast as the physical
Netware server. So my goal today is to get these moved.

Ken
--
Ken
Knowledge Partner

Create and vote for enhancements!
https://www.microfocus.com/products/enhancement-request.html
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: ldap query for networkAddress


I presume you're using a hypervisor such as ESX or such? I wonder if the
slowness in NetWare may be caused by the drivers being supported/used
and the level of virtualization etc.


--
--
-eDirectory Rules!-

Peter
www.DreamLAN.com
------------------------------------------------------------------------
peterkuo's Profile: https://forums.netiq.com/member.php?userid=170
View this thread: https://forums.netiq.com/showthread.php?t=50184

0 Likes
Knowledge Partner
Knowledge Partner

Re: ldap query for networkAddress

On Wed, 12 Mar 2014 00:34:04 GMT, peterkuo
<peterkuo@no-mx.forums.netiq.com> wrote:

>
>I presume you're using a hypervisor such as ESX or such? I wonder if the
>slowness in NetWare may be caused by the drivers being supported/used
>and the level of virtualization etc.


It is running on ESX. Could be the drivers. But my goal has been to
move these sites off of Netware. I really like Netware, but this is
my only remaining Netware server and I prefer to be able to run on
current versions of Apache/PHP/MySQL. So the move to SLES is
necessary. I just need to be able to handle the NCP check. The
method I found yesterday is working so I'm going to go that route. I
will still have a Netware server, but it won't be hosting the sites.

Ken
--
Ken
Knowledge Partner

Create and vote for enhancements!
https://www.microfocus.com/products/enhancement-request.html
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.