IDM needed to create multiple accounts in same eDir

I've run into an issue here at my community college with the creation of
accounts.  We are still in our Dev stage, but I have been asked to automate
the creation of our staff accounts along with our student accounts.  The
problem is this, we have people that are both staff and students and I am
unsure on how to approach this problem.

There is only one user object in the IDM vault and I need to drive the
creation of both of these accounts in the same tree.  We've kicked around
the idea of using aliases, but we are not sure of all the ramifications of
this.  Any ideas would be appreciated.
0
Donovan
1/31/2006 3:38:58 PM
novell.id-manager.drivers 10360 articles. 0 followers. Follow

7 Replies
298 Views

Similar Articles

[PageSpeed] 28

Donovan B. Wallace wrote:
> I've run into an issue here at my community college with the creation of
> accounts.  We are still in our Dev stage, but I have been asked to automate
> the creation of our staff accounts along with our student accounts.  The
> problem is this, we have people that are both staff and students and I am
> unsure on how to approach this problem.
> 
> There is only one user object in the IDM vault and I need to drive the
> creation of both of these accounts in the same tree.  We've kicked around
> the idea of using aliases, but we are not sure of all the ramifications of
> this.  Any ideas would be appreciated.
If you keep your users and staff in separate branches, then it should 
not be a problem.  Assuming you have a vault and a separate 
workforce/student trees, then use separate edir-edir drivers and control 
them via separate aux classes. One class for students, one for staff. 
There is no law that says you cannot extend a user with both classes.
0
Tim
1/31/2006 3:43:38 PM
Can you run multiple eDir drivers to the same tree on the same IDM server?
0
Donovan
1/31/2006 3:51:05 PM
Donovan B. Wallace wrote:
> Can you run multiple eDir drivers to the same tree on the same IDM server?
I do.  I have three environments, all similar (they should be exactly 
the same, but that is another issue), where, for application development 
reasons (old legacy apps vs. newly developed ones), we run two edir-edir 
drivers connecting the vault to the application tree.  Each has their 
own O level container in the application tree, but only one O level 
container for users in the vault. Each has their own sets of 
applications supported within their respective O level containers. Each 
application has their own set of attributes in an aux class.

Each driver is a unique setup, including unique certificate pairs,  with 
matching drivers in both trees.
0
Tim
1/31/2006 4:00:07 PM
You don't have to have unique certificate pairs, but you do have to 
assign each driver its own port.
--

Father Ramon


Tim Edmonds wrote:
> Donovan B. Wallace wrote:
> 
>> Can you run multiple eDir drivers to the same tree on the same IDM 
>> server?
> 
> I do.  I have three environments, all similar (they should be exactly 
> the same, but that is another issue), where, for application development 
> reasons (old legacy apps vs. newly developed ones), we run two edir-edir 
> drivers connecting the vault to the application tree.  Each has their 
> own O level container in the application tree, but only one O level 
> container for users in the vault. Each has their own sets of 
> applications supported within their respective O level containers. Each 
> application has their own set of attributes in an aux class.
> 
> Each driver is a unique setup, including unique certificate pairs,  with 
> matching drivers in both trees.
0
Father
2/1/2006 1:52:48 AM
We have simply extended our schema with several attributes--some of which
will designate whether you are student, staff, etc, etc. Most of our apps
are ldap based so we simply do attribute tests to determine the "role" of
the user for authenitication and authorization.

Donovan B. Wallace wrote:

> I've run into an issue here at my community college with the creation of
> accounts.  We are still in our Dev stage, but I have been asked to
> automate
> the creation of our staff accounts along with our student accounts.  The
> problem is this, we have people that are both staff and students and I am
> unsure on how to approach this problem.
> 
> There is only one user object in the IDM vault and I need to drive the
> creation of both of these accounts in the same tree.  We've kicked around
> the idea of using aliases, but we are not sure of all the ramifications of
> this.  Any ideas would be appreciated.

-- 
Jeff Johnson CNA6, CNE6, MCNE, CDE, CLP
Georgia State University
0
Jeff
2/1/2006 1:56:35 AM
On Tue, 31 Jan 2006 15:38:58 GMT, "Donovan B. Wallace" <DWALLACE@grcc.edu>
wrote:

>I've run into an issue here at my community college with the creation of
>accounts.  We are still in our Dev stage, but I have been asked to automate
>the creation of our staff accounts along with our student accounts.  The
>problem is this, we have people that are both staff and students and I am
>unsure on how to approach this problem.

Can you clearly state the business rule you're trying to code?


>There is only one user object in the IDM vault and I need to drive the
>creation of both of these accounts in the same tree.

Assuming you have a way to determin faculty, student, or both, you could use the
<add> event to generate a secondary <add> event to make the second account, if
that's what you're trying to do. I'm not sure what you'd do with the
associations at that point, though, so this could get tricky.


---------------------------------------------------------------------------
 David Gersic                                            dgersic_@_niu.edu

 I'm tired of receiving rubbish in my mailbox, so the E-mail address is
 munged to foil the junkmail bots. Humans will figure it out on their own.
0
dgersic_
2/1/2006 7:14:02 PM
David Gersic wrote:

> On Tue, 31 Jan 2006 15:38:58 GMT, "Donovan B. Wallace"
> <DWALLACE@grcc.edu> wrote:
> 
> > I've run into an issue here at my community college with the
> > creation of accounts.  We are still in our Dev stage, but I have
> > been asked to automate the creation of our staff accounts along
> > with our student accounts.  The problem is this, we have people
> > that are both staff and students and I am unsure on how to approach
> > this problem.
> 
> Can you clearly state the business rule you're trying to code?
> 
> 
> > There is only one user object in the IDM vault and I need to drive
> > the creation of both of these accounts in the same tree.
> 
> Assuming you have a way to determin faculty, student, or both, you
> could use the <add> event to generate a secondary <add> event to make
> the second account, if that's what you're trying to do. I'm not sure
> what you'd do with the associations at that point, though, so this
> could get tricky.
> 
> 
> ----------------------------------------------------------------------
> -----  David Gersic
> dgersic_@_niu.edu
> 
>  I'm tired of receiving rubbish in my mailbox, so the E-mail address
> is  munged to foil the junkmail bots. Humans will figure it out on
> their own.

Because of the association problem, I think I'd use the multiple driver
idea.  Just my 2c.

-- 
Dan Parker
Data Technique, Inc.
(mail address slightly munged)
0
Dan
2/2/2006 10:30:38 PM
Reply:

Similar Artilces:

Multiple eDir to eDir drivers
--____CDXPKLSLTKJFLXLGAAPI____ Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline; modification-date="Wed, 17 Jul 2007 05:48:28 -0500" Stupid question and I am probably over thinking this but here it goes. Last year I created a simple edir to edir IDM system to manage the life = cycle of our students. Students are dumped into the identity tree then = via edir/edir they are created in the production tree. The Identity tree is setup as itee|O=3DThe Vault|OU=3DUser then under user = I have OU=3Dstaff ...

Active Directory driver not creating new eDir accounts
Hi, I've noticed a problem wherein I create an account in AD and it doesn't create in eDir. If I manually migrate into the IV its fine. We are using IDM 3.6 with a very slightly modifed IDM 3.5.1 AD driver and eDir 8.8.3. Each time an OU/User or group is created in AD I get a "Code(-8019) Operation vetoed on unassociated object" error, it doesn't seem to want to apply the creation policy in fact it only seems to be picking up the password change and nothing else. Here's the filter xml:- <?xml version="1.0" encoding="UTF-8"...

IDM driver for multiple windows server
Hi, What driver should i use to provision local system accounts and local system group memberships to windows server 2003 and 2008? - Is it possible to use the Scripting Driver with VB extensions? - Can this scripting driver provision multiple server instances? - How (Should i use an entitlement with values and the values will contain the hostname of the server) ? Can this driver detect local changes on a system and force the correct state according to data in the ID Vault (no changes allowed localy on the system, only those executed by IDM)? Thanks in advance Kind r...

Clarification about the eDir to eDir driver needed
Hi there, sorry for creating yet another thread about this subject but I can not seem to find exactly the answer I'm looking for. I have of course researched where I could, but to no avail ^^' We have an IDM 3.6.1 running in prod and we would like to add another one and create a replication between the two. If I understood correctly, I need to set up an eDir-eDir driver. My question is, is that driver a separate driver from IDM or is it included in it ? On the Download page, I can find -IDM 3.5.1 eDirectory driver version 3.5.1- but no 3.6.1 version. I'm conf...

Comma in IDM eDir to eDir Driver
Does anyone know how to remove a preceeding space in front of a comma in DirXml? I want the following on the full name attribute: French III, Claude A. I get the following: French III , Claude A. I need to remove that space before the comma. These are eDir to eDir IDM v2 driver. Thanks, Claude On Wed, 31 May 2006 16:55:21 GMT, Cfrench3@ll.mit.edu wrote: >Does anyone know how to remove a preceeding space in front of a comma in >DirXml? <do-reformat-op-attr name="Full Name"> <token-replace-all regex=" ," replace-with=",&qu...

Create Home Directory with eDir to eDir drivers?
Hi forum I have 2 eDir trees, M1-TREE(Prod) and META-TREE with IDM 3.01 on both. I created a normal eDir TEMPLATE in cn=IDMUserTemplate.ou=IT.ou=Departments.o=TEST I have then placed a "set operation template DN(dn("TEST\Departments\IT\IDMUserTemplate"))" on the M1-TREE's Publisher Create Rule, but it only creates the User HOME directory when the user is created from my META-TREE directory. The Home Directory does not get created if i crerate a user in "M1-TREE", so I wonder if i need some loopback driver or what will trigger the crea...

Do I need the Schema Map on eDir/eDir drivers?
I'm trying to resolve all of the various complaints that Designer's "Project Checker" has with my project, and a good number of them seem to be caused by the Schema Map on my eDir/eDir drivers between the trees. Almost all of the ones I'm looking at are similar to: "Attribute accessCardNumber in missing from class User." which really seems to mean that the accessCardNumber attribute is defined in the schema, but on some other object class (Person). But, it's in the Schema Map rule, on object class User. Looking closer at the Schema Map, I don...

Driver could not be created - Driver Wizard
Hi All, I have Installed eDirectory 8.8,iManager 2.7 and Identity Manager 3.5.1 on the windows 2000 server. The tree structure is as below TREE=MOU O=UNIVERSITY OU=Schools SERVER=ABCD-NDS (Server is created in O=UNIVERSITY) Now, I am trying to create Driver for eDirectory to eDirectory Synchronization and tried severl time and finally endup with really tired since no clue on the error. I googled a lot, but no solution. Please give me a solution of my problem. The below is the steps, I followed. 1. Opened the iManager 2.7 on IE 6.0 Browser and loged in as Admin 2. Select...

Need help creating multiple DNN 3.1 portals using one hosting account on GoDaddy
I am a reseller at WildWest, and I have one Deluxe hosting account at GoDaddy through my reseller account.  I have two registered domain names, www.MyWebsite.COM and www.MyWebsite.NET.  The hosting account was created under the .COM website.  Using the automated install process at GoDaddy, I have DotNetNuke 3.1 installed and running under ASP.NET 2.0 in a sub-folder called /DNN. These are my goals: Host a Frontpage enabled website at www.mywebsite.com and a DotNetNuke Portal at www.mywebsite.net using one deluxe hosting account.  (WORKING) Host ot...

Driver Id and Driver Version not coming while creating the U
Hi, I have got a few Novell Products on my machine. some of them are running on VMPlayer( windows 2003 server) . The products on VMPLayer are : eDirectory 8.8 Identity Manager 3.5.1, iManager The products on my local machine are: Identity Manager User Application Novell designer. When I create a User Provisioning driver in the Identiy Manager using iManager, the driver gets created succssfully. It comes to the running state. But I do not get the driver id and driver version( it says, "atrribute not found") in the driver's detail information. This means the dri...

I use an CreateUserWizard control to create new user account. Every time I create a new account, my logined account will change to the new one. How can i keep my current account after creating the new
I use an CreateUserWizard control to create new user account. Every time I create a new account, my logined account will change to the new one. How can i keep my current account after creating the new account? Simply set the "LoginCreatedUser" property of CreateUserWizard control to FALSE!  ...

superreview requested: [Bug 64230] Need to know which account is default when you have multiple mail accounts : [Attachment 135905] Use the RDF datsource directly to style the default account
Stefan Borggraefe <borggraefe@despammed.com> has asked David Bienvenu <bienvenu@nventure.com> for superreview: Bug 64230: Need to know which account is default when you have multiple mail accounts http://bugzilla.mozilla.org/show_bug.cgi?id=64230 Attachment 135905: Use the RDF datsource directly to style the default account http://bugzilla.mozilla.org/attachment.cgi?id=135905&action=edit ------- Additional Comments from Stefan Borggraefe <borggraefe@despammed.com> I'll change the CSS from bolder to bold before checkin. ...

superreview granted: [Bug 64230] Need to know which account is default when you have multiple mail accounts : [Attachment 135905] Use the RDF datsource directly to style the default account
David Bienvenu <bienvenu@nventure.com> has granted Stefan Borggraefe <borggraefe@despammed.com>'s request for superreview: Bug 64230: Need to know which account is default when you have multiple mail accounts http://bugzilla.mozilla.org/show_bug.cgi?id=64230 Attachment 135905: Use the RDF datsource directly to style the default account http://bugzilla.mozilla.org/attachment.cgi?id=135905&action=edit ...

Sync multiple accounts in one tree with a single account in the IDM tree
Perhaps this has been answered before but since Google hasn't indexed this group yet it is difficult to ascertain. I have several contexts in a workforce tree. In each context there is a "system" user which has specific rights and receives certain ZENworks policies, etc. My help desk uses this account to register machines in eDirectory. I would like to have these accounts all synchronize with one identity-tree account, with the intent of keeping the passwords in sync (it is difficult for the help desk folks to keep track of passwords for sixteen different syst...

Web resources about - IDM needed to create multiple accounts in same eDir - novell.id-manager.drivers

Multiple sequence alignment - Wikipedia, the free encyclopedia
A multiple sequence alignment (MSA) is a sequence alignment of three or more biological sequences , generally protein , DNA , or RNA . In many ...

Police officer Daniel Holtzclaw guilty of raping multiple women
For months, accusers, authorities and now an Oklahoma jury say, police officer Daniel Holtzclaw preyed on vulnerable women.

James Deen's Porn Company Faces Workplace-Safety Probe After Multiple Rape Claims 0
The California watchdog agency tasked with ensuring safety in the workplace confirmed Wednesday it is investigating porn actor James Deen's production ...

Facebook Tweaks Power Editor for Users With Multiple Ad Accounts
Facebook rolled out a new feature for its Power Editor that should greatly speed up the process for users with multiple advertising accounts. ...

Apple Needs to Offer Own TV Content after Multiple ‘Speed Bumps,’ Says FBR
FBR & Co. analyst Daniel Ives this morning reflects on reports by Bloomberg and others that Apple ( AAPL ) has shelved an effort to create a ...

Google Ventures reportedly closed its European fund after multiple stalled deals
Earlier this week, Google Ventures announced it was closing down its dedicated European fund . It had been assigned $125 million to invest, but ...

Multiple McDonald’s Locations Forced To Close After Prank Callers Convince Workers To Test Fire System ...
When I think of prank calls, I conjure up images of teenage girls huddled around their clear plastic phones, calling boys in their class and ...

OKC Police Officer Found Guilty On Multiple Counts Of Raping Black Women
Former Oklahoma City Police officer Daniel Holtzclaw will be going to prison for a very, very long time. After deliberating for well over 45 ...

Cowboys Fan Beats Up Multiple Attackers In Parking Lot Brawl
That's the best defense anyone wearing a Tony Romo jersey has ever played

Report: Robert Nkemdiche Fell From A 4th-Story Window And Suffered "Multiple Cuts"
Probable top-five NFL draft pick and Ole Miss star Robert Nkemdiche reportedly fell from the 4th floor of a building, and suffered “multiple ...

Resources last updated: 12/15/2015 12:03:04 PM