ldap attribute mapping

I mapped 2 ldap attributes in the ldap group earlier.

I'm now trying to import via c1, ldif's to change those values but I get 
an error.  I can do it with existing attributes but not the newly mapped 
ones.  It seems to think they don't exist.

Do I have to do something before this takes effect? I tried 
unloading/reloading nldap, but so far no good.

0
Patrick
8/20/2008 6:19:55 PM
novell.edirectory.netware 7858 articles. 0 followers. Follow

14 Replies
736 Views

Similar Articles

[PageSpeed] 26
Get it on Google Play
Get it on Apple App Store

Patrick Farrell wrote:
> I mapped 2 ldap attributes in the ldap group earlier.
> 
> I'm now trying to import via c1, ldif's to change those values but I get 
> an error.  I can do it with existing attributes but not the newly mapped 
> ones.  It seems to think they don't exist.
> 
> Do I have to do something before this takes effect? I tried 
> unloading/reloading nldap, but so far no good.
> 

Specifically the attributes I'm dealing with are homephone and mobile
0
Patrick
8/20/2008 6:50:17 PM
On Wed, 20 Aug 2008 18:19:55 GMT, Patrick Farrell
<pfarrell@packereng.com> wrote:

>I mapped 2 ldap attributes in the ldap group earlier.
>
>I'm now trying to import via c1, ldif's to change those values but I get 
>an error.  I can do it with existing attributes but not the newly mapped 
>ones.  It seems to think they don't exist.

ICE seems to like to use the real names, at least on exports. Can you
post a sample of the LDIF file you're trying to use, and what the attr
mappings are that you set up?


---------------------------------------------------------------------------
 David Gersic                                            dgersic_@_niu.edu
 Novell Support Forums Volunteer SysOp            http://forums.novell.com

 Please post questions in the newsgroups.   No support provided via email.
0
dgersic_
8/20/2008 7:20:52 PM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Those weren't available in any form beforehand, right?  eDirectory
normally automatically takes things like 'Home Phone' and will map it to
'homephone' so you may be hitting something like that.  When you say it
seems they do not exist, what do you mean?  Going to your LDAP Server
object and clicking the 'Refresh NLDAP Server' (or whatever it is)
should take care of that for you.

Good luck.








Patrick Farrell wrote:
> Patrick Farrell wrote:
>> I mapped 2 ldap attributes in the ldap group earlier.
>>
>> I'm now trying to import via c1, ldif's to change those values but I
>> get an error.  I can do it with existing attributes but not the newly
>> mapped ones.  It seems to think they don't exist.
>>
>> Do I have to do something before this takes effect? I tried
>> unloading/reloading nldap, but so far no good.
>>
> 
> Specifically the attributes I'm dealing with are homephone and mobile
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIrG6V3s42bA80+9kRArijAKCKVRJKBCJj0KF0u9SlipO+2F9k8wCcCuaK
awPfvJzqd86Lp8IpvLBNqT0=
=aG+B
-----END PGP SIGNATURE-----
0
ab
8/20/2008 7:20:55 PM
David Gersic wrote:
> On Wed, 20 Aug 2008 18:19:55 GMT, Patrick Farrell
> <pfarrell@packereng.com> wrote:
> 
>> I mapped 2 ldap attributes in the ldap group earlier.
>>
>> I'm now trying to import via c1, ldif's to change those values but I get 
>> an error.  I can do it with existing attributes but not the newly mapped 
>> ones.  It seems to think they don't exist.
> 
> ICE seems to like to use the real names, at least on exports. Can you
> post a sample of the LDIF file you're trying to use, and what the attr
> mappings are that you set up?
> 
> 
> ---------------------------------------------------------------------------
>  David Gersic                                            dgersic_@_niu.edu
>  Novell Support Forums Volunteer SysOp            http://forums.novell.com
> 
>  Please post questions in the newsgroups.   No support provided via email.

Ok real values have been swapped out to protect the guilty :)

Ok when I do the import I get

Record: 1, ldap_modify failed: 17(Undefined attribute type), dn: 
cn=someuser,ou=aaa,o=bbb

The ldif has

Version: 1
dn: cn=someuser,ou=aaa,o=bbb
changetype: modify
replace: mobile
mobile: xxx-xxx-xxxx
replace: homephone
homephone: yyy-yyy-yyyy

In the ldap group I have

(nds) mobile -> (ldap) mobile
(nds) homePhone -> (ldap) homephone

If I fill in values using C1 and ldif export the user, I see

mobile: xxx-xxx-xxxx
homephone: yyy-yyy-yyyy
0
Patrick
8/20/2008 7:45:54 PM
ab@novell.com wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Those weren't available in any form beforehand, right?  eDirectory
> normally automatically takes things like 'Home Phone' and will map it to
> 'homephone' so you may be hitting something like that.  When you say it
> seems they do not exist, what do you mean?  Going to your LDAP Server
> object and clicking the 'Refresh NLDAP Server' (or whatever it is)
> should take care of that for you.
> 
> Good luck.

I tried refreshing the NLDAP Server as well, that didn't work.

So you think I didn't actually need to create a ldap map from mobile -> 
mobile and   homephone -> homePhone ?
0
Patrick
8/20/2008 7:46:45 PM
ab@novell.com wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Those weren't available in any form beforehand, right?  eDirectory
> normally automatically takes things like 'Home Phone' and will map it to
> 'homephone' so you may be hitting something like that.  When you say it
> seems they do not exist, what do you mean?  Going to your LDAP Server
> object and clicking the 'Refresh NLDAP Server' (or whatever it is)
> should take care of that for you.
> 
> Good luck.

As a followup, I deleted my manual entries for the mobile and homephone 
and refreshed the server and it had no effect.  I posted the examples of 
what I was doing in the reply to David.
0
Patrick
8/20/2008 7:48:31 PM
Try inserting the continuation character "-" between subsequent
replace:

Version: 1
dn: cn=someuser,ou=aaa,o=bbb
changetype: modify
replace: mobile
mobile: xxx-xxx-xxxx
-
replace: homephone
homephone: yyy-yyy-yyyy


-- 
jcnicklas
------------------------------------------------------------------------
jcnicklas's Profile: http://forums.novell.com/member.php?userid=11951
View this thread: http://forums.novell.com/showthread.php?t=340732

0
jcnicklas
8/20/2008 8:06:01 PM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yes.... what you posted originally wasn't valid.  In response to your
question about your need to map homephone to homePhone, there is
definitely no need first, because eDir maps things to the right thing
for you and second because attribute names are case-insensitive in LDAP
so your attempt to modify homePhone will go to homephone since that is
the option available.  Having homePhone and homephone and HomePhone at
the same time would be illegal.

Good luck.





jcnicklas wrote:
> Try inserting the continuation character "-" between subsequent
> replace:
> 
> Version: 1
> dn: cn=someuser,ou=aaa,o=bbb
> changetype: modify
> replace: mobile
> mobile: xxx-xxx-xxxx
> -
> replace: homephone
> homephone: yyy-yyy-yyyy
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIrH3E3s42bA80+9kRAh3HAKCAtwXSLUDFVb1SML+43b1UlavEPgCdEFTn
7BhjqVdVEL47a/OHAPeZsX0=
=B+0A
-----END PGP SIGNATURE-----
0
ab
8/20/2008 8:25:41 PM
jcnicklas wrote:
> Try inserting the continuation character "-" between subsequent

DING DING DING DING DING

We have a winner!

Thank you very much!
0
Patrick
8/20/2008 8:26:11 PM
ab@novell.com wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Yes.... what you posted originally wasn't valid.  In response to your
> question about your need to map homephone to homePhone, there is
> definitely no need first, because eDir maps things to the right thing
> for you and second because attribute names are case-insensitive in LDAP
> so your attempt to modify homePhone will go to homephone since that is
> the option available.  Having homePhone and homephone and HomePhone at
> the same time would be illegal.
> 
> Good luck.

How do we find out what edir maps for you already?  It doesn't show up 
in the list of mapped attributes when you look at the LDAP group object?
0
Patrick
8/20/2008 10:10:45 PM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All eDir attributes are mapped to LDAP versions by default.  For
example, take the eDir attribute name, strip out the colons and spaces,
and you're basically there.  For example:

SAS:Login Secret
is
sasLoginSecret

Good luck.





Patrick Farrell wrote:
> ab@novell.com wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Yes.... what you posted originally wasn't valid.  In response to your
>> question about your need to map homephone to homePhone, there is
>> definitely no need first, because eDir maps things to the right thing
>> for you and second because attribute names are case-insensitive in LDAP
>> so your attempt to modify homePhone will go to homephone since that is
>> the option available.  Having homePhone and homephone and HomePhone at
>> the same time would be illegal.
>>
>> Good luck.
> 
> How do we find out what edir maps for you already?  It doesn't show up
> in the list of mapped attributes when you look at the LDAP group object?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIrJmS3s42bA80+9kRAnb8AJ9ET7FNqYgiHc2efHLBWKdTZjpMLACdEYTV
sUhXiAevWdZ5qzXePCh2Iyw=
=LIUC
-----END PGP SIGNATURE-----
0
ab
8/20/2008 10:24:20 PM
Ok so far, mostly good.

I figured out that the employee ID under the User Profile is Workforce 
ID.  I can't seem to get home number to populate in there.  I got it to 
populate the mobile number ok.

I've tried mapping homephone -> homephone in the ldap attributes (and 
refreshing) and I've tried it without.  I tried just a straight replace 
command in the ldif, and I tried deleting the attribute and then adding. 
  (Same syntax I am using for every other attrib in the file that's 
working).
------
Edit.. Fortunately the forums were down for me, and I found the answer 
while I was looking.

http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=10082828&sliceId=&docTypeID=DT_TID_1_1&dialogID=56962053&stateId=0%200%2056958689

I'm a little uncertain as to what they want however using the ldif.  If 
I just create an ldif for the user with the modify and the object class 
it fails.  I suspect it wants more than that.  I can manually enter it 
into the other field of the user ID and that works fine.

We're on Netware 6.5 Sp7 so I guess that's still a problem with the base 
dirxml that's included.


0
Patrick
8/21/2008 1:16:09 PM
On Thu, 21 Aug 2008 13:16:09 GMT, Patrick Farrell
<pfarrell@packereng.com> wrote:

>Edit.. Fortunately the forums were down for me, and I found the answer 
>while I was looking.
>
>http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=10082828&sliceId=&docTypeID=DT_TID_1_1&dialogID=56962053&stateId=0%200%2056958689

That looks more like an error in DirXML, where it was adding the
attribute without extending the object with the correct Aux Class.
You're not using DirXML here, so I don't think that applies.


>I'm a little uncertain as to what they want however using the ldif.

I'd do it like:

dn: cn-user,ou=orgunit,o=org 
changetype: modify 
add: objectclass
objectClass: homeInfo 
-
add: homephone
homephone: 630-355-2200


>I just create an ldif for the user with the modify and the object class 
>it fails.  I suspect it wants more than that.  I can manually enter it 
>into the other field of the user ID and that works fine.

Post your LDIF file, and seeing the output of "it fails" might also be
helpful.



---------------------------------------------------------------------------
 David Gersic                                            dgersic_@_niu.edu
 Novell Support Forums Volunteer SysOp            http://forums.novell.com

 Please post questions in the newsgroups.   No support provided via email.
0
dgersic_
8/21/2008 3:19:27 PM
David Gersic wrote:
> On Thu, 21 Aug 2008 13:16:09 GMT, Patrick Farrell
> <pfarrell@packereng.com> wrote:
> 
>> Edit.. Fortunately the forums were down for me, and I found the answer 
>> while I was looking.
>>
>> http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=10082828&sliceId=&docTypeID=DT_TID_1_1&dialogID=56962053&stateId=0%200%2056958689
> 
> That looks more like an error in DirXML, where it was adding the
> attribute without extending the object with the correct Aux Class.
> You're not using DirXML here, so I don't think that applies.
> 
> 
>> I'm a little uncertain as to what they want however using the ldif.
> 
> I'd do it like:
> 
> dn: cn-user,ou=orgunit,o=org 
> changetype: modify 
> add: objectclass
> objectClass: homeInfo 
> -
> add: homephone
> homephone: 630-355-2200
> 
> 
>> I just create an ldif for the user with the modify and the object class 
>> it fails.  I suspect it wants more than that.  I can manually enter it 
>> into the other field of the user ID and that works fine.
> 
> Post your LDIF file, and seeing the output of "it fails" might also be
> helpful.

Well the homephone is actually in edirectory, as it sync's to groupwise. 
  It just doesn't display in C1 unless homeinfo is present.  So I can 
just make a ldif to create that field.   I'll give it a shot.
0
Patrick
8/21/2008 3:50:55 PM
Reply:

Similar Artilces:

One or more eDir to LDAP attribute mappings appear to be incorrect. Change attribute mappings through the LDAP
--____IYZLTTEASTICDGWKXZWG____ Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 Content-Disposition: inline; modification-date="Fri, 6 Nov 2008 16:52:05 +0100" SGkuDQoNClJ1bm5pbmcgWkVOd29ya3MgTWlncmF0aW9uIFV0aWxpdHkgdjEwLjEuMS4wIGFuZCB0 cnlpbmcgdG8gTWlncmF0ZSBBcHBsaWNhdGlvbnMuDQoNCkJ1dCBqdXN0IGdldHMgdGhpcyBFcnJv ci4uLg0KT25lIG9yIG1vcmUgZURpciB0byBMREFQIGF0dHJpYnV0ZSBtYXBwaW5ncyBhcHBlYXIg dG8gYmUgaW5jb3JyZWN0LiBDaGFuZ2UgYXR0cmlidXRlIG1hcHBpbmdzIHRocm91Z2ggdGhlIExE QVAgDQoNCldpdGNoIHNob3VsZCBiZSBmaXhlZCBpbiB2ZXJzaW9uIDEwLjAuMyByZWdhcmRpbmcg dG8gV...

LDAP attribute Map / LIst / extend the LDAP attributes
we are use ladp on netware 65, is there a list of the LDAP attributes avaliable that are used for eDirectory 8.7? is it possible to create a ldap attribute that contains more that one edirectory attribute content and extend it with a static variable? any ideas HELGE -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Most eDirectory attributes are available natively by their name (minus spaces and special characters). For example fullname works to retrieve the 'Full Name' and givenname works for 'Given Name' and sasloginconfiguration works for 'SAS:...

LDAP export
I am trying to do an ldap export of certain user attribute fields, one of them being department. I can not find the ldap attribute mapping for the nds attribute called department. Is there a more extensive list out there, other than the one you see in ConsoleOne? Or does anyone know how the nds attribute: department maps to an ldap attribute? Thanks lhines@flir.com, The NDS attribute for Department is 'OU' and that should map to the LDAP attribute 'ou'. If you need more help with LDAP, please post to the novell.support.ds.ldap forum. -- //N...

LDAP Attribute Mappings
Hi there , i'm searching for the possiblity to check the existence of a email address through ldap through a third party spamming software . it works with users , the mail attribute is the right one , but working with groupwise distribution list there is no mail attribute. i'm using nw6.5 and gw 6.5 searching with softerra ldap browser i don't see any attribute , where the complete email address of a distribution list is returned. any suggestions ? Regards W. Hackl Many of GW's attributes are not found in DS but are stored in the GW domain database ... su...

superreview requested: [Bug 309400] LDAP attribute map only allows a maximum of one attribute to be zero-length : [Attachment 196855] patch, v1
Dan Mosedale <dmose@mozilla.org> has asked David Bienvenu <bienvenu@nventure.com> for superreview: Bug 309400: LDAP attribute map only allows a maximum of one attribute to be zero-length https://bugzilla.mozilla.org/show_bug.cgi?id=309400 Attachment 196855: patch, v1 https://bugzilla.mozilla.org/attachment.cgi?id=196855&action=edit ...

superreview granted: [Bug 309400] LDAP attribute map only allows a maximum of one attribute to be zero-length : [Attachment 196855] patch, v1
David Bienvenu <bienvenu@nventure.com> has granted Dan Mosedale <dmose@mozilla.org>'s request for superreview: Bug 309400: LDAP attribute map only allows a maximum of one attribute to be zero-length https://bugzilla.mozilla.org/show_bug.cgi?id=309400 Attachment 196855: patch, v1 https://bugzilla.mozilla.org/attachment.cgi?id=196855&action=edit ...

LDAP Password Attribute Mapping
I am in the process of implementing the GroupLink eHelpdesk for my company and would like to use LDAP authentication for my users. I've made it through the installation process and am at the point of configuring LDAP, which according to the instructions I have done correctly and I have imported my users. Now when I try to sign in to my helpdesk keep getting an invalid credentials message. In digging into things it looks like eHelpdesk is looking for the LDAP attribute "userPassword" but I'm not easily finding which NDS attribute to map to it. I've read a f...

Using LDAP Attribut Mapping
Hi there, need a little help again. I am using a second LDAP User Store in which a whole lot of consumers are in. The communicaten between the Service Provider and the User Store works fine. ( Means: The Login-Dialog works with consumers out of the LDAP store ) My Problem is: The cn-entry which is used at the moment for the username is kind of difficult, looks something like: lala-1234555. Nobybody in the production environment would like to use this kind of cryptic username. Instead i like to use the uid entry which says the real name of the user, something like: breynol...

Hide eDirectory attributes from LDAP
I've got a customer with an interesting question; I've not played deeply enough with LDAP to provide him with an answer. They would like to use the EmployeeID field in iManager, in the Business Profile. However, they have noticed that anyone can login using an LDAP browser and see that field in the user accounts. So...is there a way to NOT expose a field in LDAP? Thanks! Jacques -- jsauve ------------------------------------------------------------------------ * jsauve (Fri, 26 Nov 2010 18:06:03 GMT) > I've got a customer with an interesting quest...

How to connect to ldap with edirectory in netware
I have a windows applicaton that is PDExpress and it gives me the ability to connect to a ldap server. Since my server is netware with edirectory, I like to know how to connect server through LDAP? Could some give me some info. Thanks.. Sang, > I have a windows applicaton that is PDExpress and it gives me the ability > to connect to a ldap server. Since my server is netware with edirectory, > I like to know how to connect server through LDAP? > Generally you need the server IP, the port (ie unsecure/secure) and the search base (ie O=Acme). I am not familiar...

LDAP attribute mapping issue
We have an application querys the LDAP attribute "distinguishedName". This is something native to Active Directory. So, we're trying to do a simple attribute mapping to the eDir dn using the LDAP Group Attribute Map. When I create the mapping, the "eDirectory Attribute" 'dn' is a valid selection. But the result never makes that attribute available? I can map "distringuishedName" to other attributes, just not dn. If I can't do an LDAP attribute mapping to 'dn', why is it one of the selectable attributes? I know, I know...

Attribute Mapping between eDirectory and Groupwise
I am wanting to know where to look (documentation or live) for the attribute mapping table between Groupwise and eDirectory. For example it looks like "L" in Groupwise is the same as your Surname in eDirectory. The one I really need to know please is: what is the Groupwise Attribute for "Location" or "L" in eDirectory. Help appreciated -- pcoombs ------------------------------------------------------------------------ There is some LDAP-NDS mapping information in the form of a spreadsheet (which you may already have found) at 'Cool Solu...

Netware 5.0 to Netware 6.5 eDirectory failed during eDirectory migration
Hello, Does anyone have a recommendation for fixing a failed eDirectory Acrross the wire migration? The file migration went fine, the backup of trustess went fine. During the eDirectory migration when it downed the source server and tried to finish up with the destination server it did not complete. It told me to copy the autoexec.mig to autoexec.ncg if it did not complete. It also had some other files to copy over as well, but I don't know what they are. Help In what state server stays? Can you get it up and running that you could run commands like dsrepair? I run i...

LDAP eDirectory Auth, drive mappings?
Hi, I have enabled the users for the network to authenticate to edirectory via ldap. It works great but what I need now is to have during login something to mount the netware remote directories to the local filesystem. I have used the offical novell client for linux and it does this flawlessly but it requries that I give the users access to the desktop before they login so that doesn't work for me. Any suggestions would be a great help. I am currently looking into soultions that use ncpmount but I want something a little more elegant. Thanks Andrew McCabe gotribal@gmail...

Web resources about - ldap attribute mapping - novell.edirectory.netware

Attribute - Wikipedia, the free encyclopedia
Text is available under the Creative Commons Attribution-ShareAlike License ;additional terms may apply. By using this site, you agree to the ...

Template:Attributes of God - Wikipedia, the free encyclopedia
Language: English Română Home Random Template:Attributes of God Part of a series on the Attributes of God Aseity Eternity Graciousness Holiness ...

Six Attributes Of The Perfect Facebook Page Administrator
So, here’s the thing: In many ways, hiring a Facebook page administrator is akin to hiring a poster child for your brand. This trusted manager ...

PANDA: Pose Aligned Networks for Deep Attribute Modeling - Facebook
We propose a method for inferring human attributes (such as gender, hair style, clothes style, expression, action) from images of people under ...

Facebook announces data partnerships to help advertisers target users by offline purchases and attributes ...
... will anonymously match data from consumer loyalty programs with user profiles in order to target ads by offline purchase habits and other attributes. ...

New Study Attributes Rapid Ageing Mainly To Environment Factors
New study explains why some people age faster than others.

Should I use the nofollow attribute on internal links? - YouTube
Regarding "nofollow" on internal links: Does it hurt? Does it help? I read different comments from Matt on this matter over time. What's the ...

Justin Trudeau attributes abortion stance to father's example
Liberal Leader Justin Trudeau says he is following an example set by his famous father when it comes to his position on election candidates and ...

Obama attributes western U.S. wildfires to climate change
... that has burned nearly 400 square miles in the north-central part of Washington state, along with blazes in other Western areas, can be attributed ...

Fifty Shades Of Grey Baby Births: Windsor Hospital Sees Spike In Births, Attribute Book
A significant spike in baby births at a hospital in Windsor, Ontario, has been attributed to the book Fifty Shades of Grey, which has become ...

Resources last updated: 1/22/2016 2:43:28 AM