From 84f50cd41b0af2c2742725df7ac8b9e4be7b6b2a Mon Sep 17 00:00:00 2001 From: unknown Date: May 24 2005 01:15:00 +0000 Subject: This commit was manufactured by cvs2git to create tag 'ds71_winsync_20050516'. --- diff --git a/component_versions.mk b/component_versions.mk index 1a9024b..e74e37b 100644 --- a/component_versions.mk +++ b/component_versions.mk @@ -250,9 +250,9 @@ ifndef MAVEN_VERSION endif ifndef ADSYNC_VERSION - ADSYNC_VERSION=20050516 + ADSYNC_VERSION=20050513 endif ifndef NT4SYNC_VERSION - NT4SYNC_VERSION=20050516 + NT4SYNC_VERSION=20050513 endif diff --git a/internal_comp_deps.mk b/internal_comp_deps.mk index 1665f58..d180322 100644 --- a/internal_comp_deps.mk +++ b/internal_comp_deps.mk @@ -777,7 +777,7 @@ $(DSDOC_DEP): $(NSCP_DISTDIR) # Windows sync component for Active Directory -ADSYNC = PassSync.msi +ADSYNC = PassSync-$(BUILD_DEBUG).msi ADSYNC_DEST = $(NSCP_DISTDIR_FULL_RTL)/winsync ADSYNC_FILE = $(ADSYNC_DEST)/$(ADSYNC) ADSYNC_FILES = $(ADSYNC) @@ -810,7 +810,7 @@ endif # Windows sync component for Active Directory # Windows sync component for NT4 -NT4SYNC = ntds.msi +NT4SYNC = ntds-$(BUILD_DEBUG).msi NT4SYNC_DEST = $(NSCP_DISTDIR_FULL_RTL)/winsync NT4SYNC_FILE = $(NT4SYNC_DEST)/$(NT4SYNC) NT4SYNC_FILES = $(NT4SYNC) diff --git a/ldap/admin/src/create_instance.c b/ldap/admin/src/create_instance.c index 2bc8c62..d341a23 100644 --- a/ldap/admin/src/create_instance.c +++ b/ldap/admin/src/create_instance.c @@ -4253,8 +4253,6 @@ ds_gen_index(FILE* f, char* belowdn) MKINDEX("sn", belowdn, 0, "pres", "eq", "sub"); MKINDEX("telephoneNumber", belowdn, 0, "pres", "eq", "sub"); MKINDEX("uid", belowdn, 0, "eq", NULL, NULL); - MKINDEX("ntUniqueId", belowdn, 0, "eq", NULL, NULL); - MKINDEX("ntUserDomainId", belowdn, 0, "eq", NULL, NULL); MKINDEX("uniquemember", belowdn, 0, "eq", NULL, NULL); } diff --git a/ldap/clients/dsgw/config/display-ntgroup.html b/ldap/clients/dsgw/config/display-ntgroup.html index 69736ed..cbf6f78 100644 --- a/ldap/clients/dsgw/config/display-ntgroup.html +++ b/ldap/clients/dsgw/config/display-ntgroup.html @@ -156,9 +156,9 @@ New NT Group - - + - + @@ -167,12 +167,64 @@ New NT Group - class="bold" +>NT Group Type: + +* + + + + + + + + + + + + + class="bold" + +>NT Group Domain: + +* + + + + + + + + + class="bold" + >Description: + + class="bold" + +>Locale: + + + + + + + class="bold" + +>Organizational Unit: + + + + + class="bold" diff --git a/ldap/clients/dsgw/config/display-ntperson.html b/ldap/clients/dsgw/config/display-ntperson.html index a8ec9a4..ea112eb 100644 --- a/ldap/clients/dsgw/config/display-ntperson.html +++ b/ldap/clients/dsgw/config/display-ntperson.html @@ -330,7 +330,7 @@ showAimIcon(); - @@ -344,24 +344,35 @@ Windows NT Account Information* - + - - diff --git a/ldap/clients/dsgw/config/dsgwfilter.conf b/ldap/clients/dsgw/config/dsgwfilter.conf index fa9bd21..e62ed85 100644 --- a/ldap/clients/dsgw/config/dsgwfilter.conf +++ b/ldap/clients/dsgw/config/dsgwfilter.conf @@ -112,7 +112,8 @@ ".*" ". _" "(cn=%v1-))" "name is" "(cn=*%v1-*))" "name contains" "(cn~=%v1-))" "name sounds like" - "(ntuserdomainid=%v))" "NT Group is" + "(ntgroupdomainid=%v:*))" "NT Domain name is" + "(ntgroupdomainid=*:%v))" "NT Group is" "dsgw-organizations" "=" " " "(%v))" "LDAP filter is" @@ -178,7 +179,8 @@ ".*" ". " "(|(cn=%v1)(sn=%v1)))" "name is" "(ntuserlogonserver=%v))" "NT logon server is" - "(ntuserdomainid=%v))" "NT username is" + "(ntuserdomainid=%v:*))" "NT Domain name is" + "(ntuserdomainid=*:%v))" "NT username is" "(|(cn=*%v1*)(sn=*%v1*)(cn~=%v1)(sn~=%v1)))" "name sounds like or contains" # Do not remove this line, or place any directives after it. diff --git a/ldap/clients/dsgw/config/dsgwsearchprefs.conf b/ldap/clients/dsgw/config/dsgwsearchprefs.conf index 57a8811..6321a34 100644 --- a/ldap/clients/dsgw/config/dsgwsearchprefs.conf +++ b/ldap/clients/dsgw/config/dsgwsearchprefs.conf @@ -100,6 +100,7 @@ subtree "user id" "uid" 111111 "" "" "title" title 111111 "" "" "NT username" "ntuserdomainid" 110000 "" "" +"NT domain" "ntuserdomainid" 101000 "" "" "NT logon server" "ntuserlogonserver" 111111 "" "" END "is" "(%a=%v))" @@ -141,7 +142,8 @@ not-used-by-dsgw not-used-by-dsgw subtree "name" cn 111111 "" "" -"NT groupname" "ntuserdomainid" 110000 "" "" +"NT groupname" "ntgroupdomainid" 110000 "" "" +"NT domain" "ntgroupdomainid" 101000 "" "" "description" description 111111 "" "" "owner (DN)" "owner" 000011 "owner" "Owner" "member (DN)" "uniquemember" 000011 "" "" diff --git a/ldap/clients/dsgw/config/list-NT-Groups.html b/ldap/clients/dsgw/config/list-NT-Groups.html index 19c5d10..2631a00 100644 --- a/ldap/clients/dsgw/config/list-NT-Groups.html +++ b/ldap/clients/dsgw/config/list-NT-Groups.html @@ -60,6 +60,9 @@ LDAP Group Name + + + diff --git a/ldap/clients/dsgw/domodify.c b/ldap/clients/dsgw/domodify.c index 0d935f0..64daac8 100644 --- a/ldap/clients/dsgw/domodify.c +++ b/ldap/clients/dsgw/domodify.c @@ -62,7 +62,10 @@ static int starts_with( char *s, char *startswith ); static char **post2multilinevals( char *postedval ); static char **post2vals( char *postedval ); static int require_oldpasswd( char *modifydn ); +static char *dsgw_processdomainid( LDAP *ld, char *dn, char *attr, char *val, int len); static int value_is_unique( LDAP *ld, char *dn, char *attr, char *value ); +static LDAPDomainIdStatus +dsgw_checkdomain_uniqueness( LDAP *ld, char *attr, char *val, int len); static int verbose = 0; static int quiet = 0; static int display_results_inline = 0; @@ -414,14 +417,20 @@ entry_modify_or_add( LDAP *ld, char *dn, int add, int *pwdchangedp ) { int lderr, i, j, opoffset, modop, mls, unique, unchanged_count; char *varname, *varvalue, *retval, *attr, *p, **vals, **unchanged_attrs; - char *ntuserid = NULL; + char *userid = NULL, *oc_ntuser = NULL; + char userdomainid[512]; + + char *groupname = NULL; + char groupdomainid[512]; LDAPMod **pmods; int msgid; LDAPMessage *res = NULL; char *errmsg = NULL; - int isNtUser = 0; + + memset( userdomainid, 0, sizeof( userdomainid )); + memset( groupdomainid, 0, sizeof( groupdomainid )); pmods = NULL; unchanged_attrs = NULL; @@ -467,14 +476,26 @@ entry_modify_or_add( LDAP *ld, char *dn, int add, int *pwdchangedp ) if ( starts_with( varname, "add_" )) { modop = LDAP_MOD_ADD; opoffset = 4; - attr = varname + opoffset; - if (!isNtUser && (strcasecmp(DSGW_OC_NTUSER, attr) == 0)) { - isNtUser = 1; - } } else if ( starts_with( varname, "replace_" )) { modop = LDAP_MOD_REPLACE; opoffset = 8; attr = varname + opoffset; + if( strcasecmp( DSGW_ATTRTYPE_NTUSERDOMAINID, attr) == 0) { + if( varvalue) { + if( !userid ) + userid = strdup( varvalue ); + else + strcpy( userdomainid, varvalue ); + } + } + if( strcasecmp( DSGW_ATTRTYPE_NTGROUPDOMAINID, attr) == 0) { + if( varvalue) { + if( !groupname ) + groupname = strdup( varvalue ); + else + strcpy( groupdomainid, varvalue ); + } + } } else if ( starts_with( varname, "delete_" )) { modop = LDAP_MOD_DELETE; opoffset = 7; @@ -495,6 +516,22 @@ entry_modify_or_add( LDAP *ld, char *dn, int add, int *pwdchangedp ) remove_modifyops( pmods, attr ); } } + } else if ( starts_with( varname, "replace_" )) { + modop = LDAP_MOD_REPLACE; + opoffset = 8; + attr = varname + opoffset; + if( strcasecmp( DSGW_ATTRTYPE_USERID, attr) == 0) + if( varvalue) + userid = strdup( varvalue ); + if( strcasecmp( DSGW_ATTRTYPE_NTUSERDOMAINID, attr) == 0) + if( varvalue) + strcpy( userdomainid, varvalue ); + if( strcasecmp( DSGW_ATTRTYPE_NTGROUPNAME, attr) == 0) + if( varvalue) + groupname = strdup( varvalue ); + if( strcasecmp( DSGW_ATTRTYPE_NTGROUPDOMAINID, attr) == 0) + if( varvalue) + strcpy( groupdomainid, varvalue ); } if ( opoffset >= 0 ) { @@ -539,12 +576,72 @@ entry_modify_or_add( LDAP *ld, char *dn, int add, int *pwdchangedp ) LDAP_SUCCESS ) { return( lderr ); } + if( strcasecmp( DSGW_OC_NTUSER, varvalue) == 0 && + modop == LDAP_MOD_ADD ) { + oc_ntuser = strdup( vals[ j ] ); + } + + if( strcasecmp( DSGW_ATTRTYPE_NTUSERDOMAINID, attr) == 0) { + if( modop == LDAP_MOD_ADD ) { + if( userid == NULL ) { + userid = strdup( vals[ j ] ); + break; + } else { + memset( userdomainid, 0, sizeof( userdomainid )); + PR_snprintf( userdomainid, 512, "%s%c%s", + vals[ j ], DSGW_NTDOMAINID_SEP, userid ); + if( dsgw_checkdomain_uniqueness( ld, attr, + userdomainid, strlen( userdomainid ) ) != + LDAPDomainIdStatus_Unique) { + dsgw_error( DSGW_ERR_DOMAINID_NOTUNIQUE, + NULL, 0, 0, NULL ); + return(LDAP_PARAM_ERROR); + } else { + /* don't free here because this is freed elsewhere */ + /* + free( vals[ j ] ); + */ + vals[ j ] = strdup( userdomainid ); + } + } + } else { + if(( retval = dsgw_processdomainid( ld, dn, attr, + vals[ j ], strlen( vals[ j ] ))) != 0) { + vals[ j ] = retval; + } + } + } - if( isNtUser && (strcasecmp( DSGW_ATTRTYPE_NTUSERDOMAINID, attr) == 0)) { - if( !ntuserid ) { - ntuserid = strdup( vals[ j ] ); + if( strcasecmp( DSGW_ATTRTYPE_NTGROUPDOMAINID, attr) == 0) { + if( modop == LDAP_MOD_ADD ) { + if( groupname == NULL ) { + groupname = strdup( vals[ j ] ); + break; + } else { + memset( groupdomainid, 0, sizeof( groupdomainid )); + PR_snprintf( groupdomainid, 512, "%s%c%s", + vals[ j ], DSGW_NTDOMAINID_SEP, groupname ); + if( dsgw_checkdomain_uniqueness( ld, attr, + groupdomainid, strlen( groupdomainid ) ) != + LDAPDomainIdStatus_Unique) { + dsgw_error( DSGW_ERR_DOMAINID_NOTUNIQUE, + NULL, 0, 0, NULL ); + return(LDAP_PARAM_ERROR); + } else { + /* don't free here because this is freed elsewhere */ + /* + free( vals[ j ] ); + */ + vals[ j ] = strdup( groupdomainid ); + } + } + } else { + if(( retval = dsgw_processdomainid( ld, dn, attr, + vals[ j ], strlen( vals[ j ] ))) != 0) { + vals[ j ] = retval; + } + } } - } addmodifyop( &pmods, modop, attr, vals[ j ], strlen( vals[ j ] )); } @@ -559,14 +656,19 @@ entry_modify_or_add( LDAP *ld, char *dn, int add, int *pwdchangedp ) free( varname ); } - /* if the admin is adding an NT person, there must be an ntuserid */ - if( (isNtUser) && (ntuserid == NULL) ) { + if( oc_ntuser != NULL && + ((strlen( userdomainid ) == 0) || userid == NULL )) { + dsgw_error( DSGW_ERR_USERID_DOMAINID_REQUIRED, NULL, 0, 0, NULL ); + return(LDAP_PARAM_ERROR); + } + + if( strlen( userdomainid ) > 0 && userid == NULL ) { dsgw_error( DSGW_ERR_USERID_REQUIRED, NULL, 0, 0, NULL ); return(LDAP_PARAM_ERROR); } - /* if an ntuserid is being added, it must be the correct length */ - if( (isNtUser) && ntuserid && (strlen( ntuserid ) > MAX_NTUSERID_LEN)) { + if( strlen( userdomainid ) > 0 && userid && + strlen( userid ) > MAX_NTUSERID_LEN) { dsgw_error( DSGW_ERR_USERID_MAXLEN_EXCEEDED, NULL, 0, 0, NULL ); return(LDAP_PARAM_ERROR); } @@ -1066,3 +1168,115 @@ value_is_unique( LDAP *ld, char *dn, char *attr, char *value ) return( rc ); } + + +/* + * Check that the domain:userid is unique in the directory. + */ +static LDAPDomainIdStatus +dsgw_checkdomain_uniqueness( LDAP *ld, char *attr, char *val, int len) +{ + int rc, count; + LDAPMessage *msgp = NULL; + char filter[256]; + + if( val == NULL ) + return LDAPDomainIdStatus_NullId; + + if( strcasecmp( attr, DSGW_ATTRTYPE_NTUSERDOMAINID ) == 0 ) { + PR_snprintf( filter, 256, "%s=%s", DSGW_ATTRTYPE_NTUSERDOMAINID, val ); + } else if ( strcasecmp( attr, DSGW_ATTRTYPE_NTGROUPDOMAINID ) == 0 ) { + PR_snprintf( filter, 256, "%s=%s", DSGW_ATTRTYPE_NTGROUPDOMAINID, val ); + } else { + return LDAPDomainIdStatus_NullAttr; + } + + if (( rc = ldap_search_s( ld, gc->gc_ldapsearchbase, LDAP_SCOPE_SUBTREE, + filter, NULL, 0, &msgp )) == LDAP_SUCCESS) { + count = (msgp == NULL) ? 0 : ldap_count_entries( ld, msgp ); + if ( count > 0 ) { + return LDAPDomainIdStatus_Nonunique; + } else { + return LDAPDomainIdStatus_Unique; + } + } else { + return LDAPDomainIdStatus_Nonunique; + } +} + + +/* + * Add the current value of uid in the entry to the ntdomain id before + * further processing of the domain id. + */ +static char * +dsgw_processdomainid( LDAP *ld, char *dn, char *attr, char *val, int len) +{ + int rc, count; + LDAPMessage *msgp = NULL; + LDAPMessage *entry; + char **attrlist, *attrs[ 2 ]; + char *value, *newval; + char *pch, **vals; + + if( strcasecmp( attr, DSGW_ATTRTYPE_NTUSERDOMAINID ) != 0 && + strcasecmp( attr, DSGW_ATTRTYPE_NTGROUPDOMAINID ) != 0 ) + return( NULL ); + + attrs[ 0 ] = NULL; + attrs[ 1 ] = NULL; + attrlist = attrs; + + if(( rc = ldap_search_s( ld, dn, LDAP_SCOPE_BASE, "(objectclass=*)", attrlist, + 0, &msgp )) != LDAP_SUCCESS && rc != LDAP_NO_SUCH_OBJECT) + { + return( NULL ); + } + + count = (msgp == NULL) ? 0 : ldap_count_entries( ld, msgp ); + + if( count > 0 ) + { + entry = ldap_first_entry( ld, msgp ); + if( entry ) + { + + if(( vals = ldap_get_values( ld, entry, + strcasecmp( attr, DSGW_ATTRTYPE_NTUSERDOMAINID )? + DSGW_ATTRTYPE_NTGROUPDOMAINID : + DSGW_ATTRTYPE_NTUSERDOMAINID )) != NULL) + { + if( vals[0] != NULL ) + { + value = dsgw_ch_strdup( vals[0] ); + newval = dsgw_ch_malloc( len + strlen( value ) +1 ); + strcpy( newval, val ); + pch = strchr( value, DSGW_NTDOMAINID_SEP ); + if( pch ) + { + strcat( newval, pch ); + return( newval ); + } + } + } + } + } + return NULL; +} + + + + + + + + + + + + + + + + + diff --git a/ldap/clients/dsgw/dsgw.h b/ldap/clients/dsgw/dsgw.h index a35d2fb..186a934 100644 --- a/ldap/clients/dsgw/dsgw.h +++ b/ldap/clients/dsgw/dsgw.h @@ -172,6 +172,8 @@ extern char *countri; /* The language chosen by libsi18n. */ #define DSGW_OC_NTUSER "ntuser" +#define DSGW_ATTRTYPE_NTGROUPDOMAINID "nTGroupDomainId" +#define DSGW_ATTRTYPE_NTGROUPNAME "nTGroupName" #define DSGW_ATTRTYPE_AIMSTATUSTEXT "nsaimstatustext" #if defined( XP_WIN32 ) diff --git a/ldap/clients/dsgw/entrydisplay.c b/ldap/clients/dsgw/entrydisplay.c index 3a1bbb2..33b62e1 100644 --- a/ldap/clients/dsgw/entrydisplay.c +++ b/ldap/clients/dsgw/entrydisplay.c @@ -273,6 +273,7 @@ struct attr_handler attrhandlers[] = { { "ces", str_display, str_edit, CASE_EXACT }, { "bool", bool_display, bool_edit, CASE_INSENSITIVE }, { "time", time_display, str_edit, CASE_INSENSITIVE }, + { "ntdomain", ntdomain_display, str_edit, CASE_INSENSITIVE }, { "ntuserid", ntuserid_display, str_edit, CASE_INSENSITIVE }, { "ntgroupname", ntuserid_display, str_edit, CASE_INSENSITIVE }, { "binvalue", binvalue_display, str_edit, CASE_INSENSITIVE }, @@ -1380,9 +1381,22 @@ output_text_elements( int argc, char **argv, char *attr, char **vals, valcount = 0; } else { for ( valcount = 0; vals[ valcount ] != NULL; ++valcount ) { - /* just count vals */ - } + char *syntax = get_arg_by_name( DSGW_ATTRARG_SYNTAX, argc, argv ); + if ( syntax && 0 == strcasecmp( syntax, "ntdomain" )) { + char *pch = (char *)strchr( vals[ valcount ], DSGW_NTDOMAINID_SEP ); + if( pch ) + *pch = (char )NULL; + } + if ( syntax && ( 0 == strcasecmp( syntax, "ntuserid" ) || 0 == strcasecmp( syntax, "ntgroupname") ) ) { + char *pch = (char *)strchr( vals[ valcount ], DSGW_NTDOMAINID_SEP ); + if( pch ) + { + pch++; + vals[ valcount] = pch; + } + } } + } fields = numfields( argc, argv, valcount ); element_sizes( argc, argv, vals, valcount, NULL, &cols ); @@ -1718,11 +1732,13 @@ ntuserid_display( struct dsgw_attrdispinfo *adip ) { int i; + /* Write values with a break (
) separating them, after ":" */ for ( i = 0; adip->adi_vals[ i ] != NULL; ++i ) { if ( !did_output_as_special( adip->adi_argc, adip->adi_argv, adip->adi_vals[ i ], adip->adi_vals[ i ] )) { - char *pch = adip->adi_vals[ i ]; + char *pch = strchr( adip->adi_vals[ i ], DSGW_NTDOMAINID_SEP ); if( pch ) { + pch++; if ((adip->adi_opts & DSGW_ATTROPT_QUOTED ) != 0 ) { dsgw_emits( "\"" ); diff --git a/ldap/clients/dsgw/html/Makefile b/ldap/clients/dsgw/html/Makefile index 70e8027..b46190e 100644 --- a/ldap/clients/dsgw/html/Makefile +++ b/ldap/clients/dsgw/html/Makefile @@ -62,7 +62,7 @@ HTML= auth.html authroot.html authtitle.html csearchtitle.html \ left_bottom.gif left_on.gif right_off.gif \ left_off.gif right_bottom.gif right_on.gif \ organization.gif orgunit.gif person.gif clear.gif message.gif \ - alert.html alert.gif confirm.html confirm.gif orgicon.gif aim-online.gif dc.gif + alert.html alert.gif confirm.html confirm.gif orgicon.gif aim-online.gif BINS=$(addprefix $(HTMLDEST)/,$(HTML)) diff --git a/ldap/clients/dsgw/html/manual/add.htm b/ldap/clients/dsgw/html/manual/add.htm index 382cb64..b533254 100644 --- a/ldap/clients/dsgw/html/manual/add.htm +++ b/ldap/clients/dsgw/html/manual/add.htm @@ -1,6 +1,3 @@ - - - - Adding Directory Entries - - -

-Adding Entries

+ + +Adding Directory Entries + + + +

+Adding Entries

You can add new entries to the directory using the Directory Server interface. To add -entries, your Directory Server administrator must have granted you the -right -to do so. Before you can add an entry, you must authenticate +entries, your Directory Server administrator must have granted you the right +to do so. Before you can add an entry, you must authenticate to the Directory Server. -

Using the Directory Server interface you can add: -

- -Before you add an entry for the first time, read the New -Entry Guidelines section for important information about the -directory + +

Using the Directory Server interface you can add: +

+Before you add an entry for the first time, read the New +Entry Guidelines section for important information about the directory tree structure and naming conventions. -

New Entry Guidelines

-Before you begin adding entries to the directory, make sure that you -understand +

+New Entry Guidelines

+Before you begin adding entries to the directory, make sure that you understand the following directory concepts: - -

-Directory Tree Structure

-Data in the directory is arranged in a tree hierarchy. The top of the -tree + + +

+Directory Tree Structure

+Data in the directory is arranged in a tree hierarchy. The top of the tree is known as the root or suffix. The root entry usually represents the organization entry for the directory. -
Note: -

Although your directory may contain more than one suffix, the -directory -server interface only allows you to search for, add, and edit entries -in -a single suffix. Make sure that you know which suffix your Directory -Server -interface is supporting before adding new entries.

-
-

Below the root are branches of the tree, which usually represent -organizational + +

Note: +

+ +Although your directory may contain more than one suffix, the directory +server interface only allows you to search for, add, and edit entries in +a single suffix. Make sure that you know which suffix your Directory Server +interface is supporting before adding new entries. +

+ + +

Below the root are branches of the tree, which usually represent organizational units such as marketing or accounting. Entries for people and resources -within your organization are usually contained below these -organizational +within your organization are usually contained below these organizational unit branches within the directory tree structure. -

-

When you add an entry, make sure that an entry representing a branch + +

When you add an entry, make sure that an entry representing a branch point is created before new entries are created under that branch. For example, if you want to place entries in a Marketing subtree and in an -Accounting subtree, then create the branch point for those subtrees -before +Accounting subtree, then create the branch point for those subtrees before creating entries within the subtrees: -

-
          o=Example.com
          ou=Marketing, o=Example.com
          ...
          Marketing subtree entries
-          ...
-          ou=Accounting, o=Example.com
-          ...
-          Accounting subtree entries
-
-

-Distinguished Name Syntax

+ +
          o=Example.com
+          ou=Marketing, o=Example.com
+          ...
+          Marketing subtree entries
+          ...
+          ou=Accounting, o=Example.com
+          ...
+          Accounting subtree entries
+
+ +

+Distinguished Name Syntax

An entry is uniquely identified within the Directory Server through the use of a distinguished name (DN). A DN identifies the entry by using a -series of comma-separated attributes and attribute values. The -left-most +series of comma-separated attributes and attribute values. The left-most value in the DN represents the entry's name, with each subsequent attribute representing a branch point above the entry. For example: -
uid=bjensen, ou=people, o=example.com
-This DN represents the entry named bjensen in the subdirectory -named -people in the directory named example.com. -

When you add a new entry to the Directory Server, you are prompted + +

uid=bjensen, ou=people, o=example.com
+ +This DN represents the entry named bjensen in the subdirectory named +people in the directory named example.com. + +

When you add a new entry to the Directory Server, you are prompted to enter the complete distinguished name. -

-

Unique Distinguished Names

+

Unique Distinguished Names

+ The Directory Server interface does not allow you to create a duplicate entry. To avoid naming duplications, use distinguished names that begin -with the person's user ID (uid) rather than the person's common name -(CN). +with the person's user ID (uid) rather than the person's common name (CN). Choose user IDs that are readable; that is, do not use a random collection of letters and numbers for -user IDs. If your enterprise already has an email system, one -possibility -would be to use the left-most value of each person's email address as -that +user IDs. If your enterprise already has an email system, one possibility +would be to use the left-most value of each person's email address as that person's user ID. For example, if a person has the email address: -

bjensen@example.com -

-

then give that person's directory entry the following DN: -

-

uid=bjensen, o=example.com -

-

Adding a Person

+ +

bjensen@example.com + +

then give that person's directory entry the following DN: + +

uid=bjensen, o=example.com + +

Adding a Person

+ To add a new person entry, do the following: -
    -
  1. Click the New Entry tab.
    2. -
  2. Follow the steps outlined in the New Entry form. When you are -done +
      +
    1. +Click the New Entry tab.
      2. + +
    2. +Follow the steps outlined in the New Entry form. When you are done filling in this form, click Continue. To cancel the operation click -the Back button in your browser window.
      3. -
    3. If you have not authenticated before you attempt to add a new -entry, or +the Back button in your browser window.
      4. + +
    4. +If you have not authenticated before you attempt to add a new entry, or if your authentication has expired, the Directory Server prompts you -to authenticate -before continuing.
      5. -
    5. When you add a person to the directory, a form that -allows you to edit that person's data is displayed. This form is -displayed in -a new web browser window. You must supply values for the required -fields. -The required fields for a person are:
      6. - -
    6. You can provide values for the optional fields now, or add them -later. -The optional fields for a person are:
      7. -  -

      -
      -
+ Windows NT Account Information
+ + + class="bold" + +>NT Domain Name: + +* + + +
class="bold" >Delete NT Account if Person deleted: +
+ NT Domain Name + NT Group Name @@ -73,8 +76,11 @@ + + - + diff --git a/ldap/clients/dsgw/config/list-NT-People.html b/ldap/clients/dsgw/config/list-NT-People.html index c2f63f8..16e416b 100644 --- a/ldap/clients/dsgw/config/list-NT-People.html +++ b/ldap/clients/dsgw/config/list-NT-People.html @@ -93,6 +93,9 @@ document.write('< + +
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
First -Name PhoneEmail -Address 
Fax User -IDPager
Mobile -Phone Business -Category Title
Organizational -Unit Manager Room -Number 
Admin Dept# Emp# 
Car -License# Mailing -Address Description 
See -Also URL Password 
- -
Note: -

You cannot enter values into the Manager, Admin, -or See Also fields until you have saved the entry. Furthermore, -changing uid in the New Entry screen will result in a multi-valued uid -with the value selected in the first screen as the naming component.

-
-
  • To cancel the entry creation, close the web browser window -containing +to authenticate before continuing.
    • + +
  • +When you add a person to the directory, a form that +allows you to edit that person's data is displayed. This form is displayed in +a new web browser window. You must supply values for the required fields. +The required fields for a person are:
    • + + + +
  • +You can provide values for the optional fields now, or add them later. +The optional fields for a person are:
    • +  +

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    First Name PhoneEmail Address 
    Fax User IDPager
    Mobile Phone Business Category Title
    Organizational Unit Manager Room Number 
    Admin Dept# Emp# 
    Car License# Mailing Address Description 
    See Also URL Password 
    +
    +
    Note: +

    +You cannot enter values into the Manager, Admin, +or See Also fields until you have saved the entry. Furthermore, changing uid in the New Entry screen will result in a multi-valued uid with the value selected in the first screen as the naming component.

    + +
  • +To cancel the entry creation, close the web browser window containing the form. When you are done filling in the form, click the Save New -Person button at the top of the form.
    • -
  • After saving the entry, you can add -values -to the Manager and Admin fields or add -a See Also value.
    • - -

    -Adding an NT Person

    +Person button at the top of the form. + +
  • +After saving the entry, you can add values +to the Manager and Admin fields or add +a See Also value.
    • + + +

    +Adding an NT Person

    When creating an NT-person entry, make sure that the subtree -in which you place the entry is the same subtree that the -synchronization service -uses to synchronize entries. If you place an NT-person entry into -another +in which you place the entry is the same subtree that the synchronization service +uses to synchronize entries. If you place an NT-person entry into another location, it is not synchronized with the Windows network. -

    To add a new NT-person entry, do the following: -

    -
      -
    1. Click the New Entry tab.
      2. -
    2. Follow the steps outlined in the New Entry form. When you are -done + +

      To add a new NT-person entry, do the following: +

        +
      1. +Click the New Entry tab.
        2. + +
      2. +Follow the steps outlined in the New Entry form. When you are done filling in this form, click Continue. To cancel the operation click -the Back button in your browser window.
        3. -
      3. If you have not authenticated before you attempt to add a new -entry, or +the Back button in your browser window.
        4. + +
      4. +If you have not authenticated before you attempt to add a new entry, or if your authentication has expired, the Directory Server prompts you -to authenticate -before continuing.
        5. -
      5. When you add an NT-person to the directory, a form that allows -you to +to authenticate before continuing.
        6. + +
      6. +When you add an NT-person to the directory, a form that allows you to edit that person's data is displayed. This form is displayed -in a new web browser window. You must supply values for the required -fields. -The required fields for an NT-person are:
        7. - -
      7. You can provide values for the optional fields now, or add them -later. -The optional fields for a person are:
        8. -

        -
        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        First -Name Phone Email -Address 
        Fax Directory -Server Password Pager 
        Mobile -Phone Business -Category Title 
        Organizational -Unit Manager Room -Number 
        Admin Dept# Emp# 
        Car -License# Mailing -Address Description 
        See -Also URL User -Id
        -
        -
        Note: -

        You cannot enter values into the Manager, Admin, -or See Also fields until you have saved the entry.

        -
        -
      8. You can also change the value for the following two options:
        9. - +in a new web browser window. You must supply values for the required fields. +The required fields for an NT-person are: + + + +
      9. +You can provide values for the optional fields now, or add them later. +The optional fields for a person are:
        10. + +

        +

        + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
        First Name Phone Email Address 
        Fax Directory Server Password Pager 
        Mobile Phone Business Category Title 
        Organizational Unit Manager Room Number 
        Admin Dept# Emp# 
        Car License# Mailing Address Description 
        See Also URL User Id
        +
        Note: +

        +You cannot enter values into the Manager, Admin, +or See Also fields until you have saved the entry. +

        + +
      10. +You can also change the value for the following two options:
        11. + + The default value is shown. If you do not change the value, -the default value is used.
      11. When you are done filling in the form, -click the Save New NT -Person +the default value is used. +
      12. +When you are done filling in the form, click the Save New NT Person button at the top of the form. To cancel the entry creation, -close the web browser window containing the form.
        13. -
      13. After saving the entry, you can add -values -to the Manager and Admin fields or add -a "See Also" value.
        14. -
      -

      -Adding a Group

      +close the web browser window containing the form.
      3. + +
    3. +After saving the entry, you can add values +to the Manager and Admin fields or add +a "See Also" value.
      4. +
    + +

    +Adding a Group

    To add a new group entry, do the following: -
      -
    1. Click the New Entry tab.
      2. -
    2. Follow the steps outlined in the New Entry form. When you are -done +
        +
      1. +Click the New Entry tab.
        2. + +
      2. +Follow the steps outlined in the New Entry form. When you are done filling in this form, click Continue. To cancel the operation click -the Back button in your browser window.
        3. -
      3. If you have not authenticated before you attempt to add a new -entry, or +the Back button in your browser window.
        4. + +
      4. +If you have not authenticated before you attempt to add a new entry, or if your authentication has expired, the Directory Server prompts you -to authenticate -before continuing.
        5. -
      5. When you add a group to the directory, a form that -allows you to edit that group's data is displayed. This form is -displayed in -a new web browser window. You must supply a value for the required -field Name.
        6. -
      6. You can provide a value for the optional Description -field now, or add it later.
        7. -
        Note: -

        You cannot enter values into the Owner, Group Members, -or See Also fields until you have saved the entry.

        -
        -
      7. When you are done filling in the form, click the Save New Group -button -at the top of the form.
        8. -
        -To cancel the entry creation, close the web browser window containing -the form.
      8. After you have saved the entry, you can add -values for the Owner, Group Member, and See Also fields.
        9. -
      -

      -Adding an NT Group

      +to authenticate before continuing.
      3. + +
    3. +When you add a group to the directory, a form that +allows you to edit that group's data is displayed. This form is displayed in +a new web browser window. You must supply a value for the required field +Name.
      4. + +
    4. +You can provide a value for the optional Description +field now, or add it later.
      5. + +
      Note: +

      +You cannot enter values into the Owner, Group Members, +or See Also fields until you have saved the entry.

      + +
    5. +When you are done filling in the form, click the Save New Group button +at the top of the form.
      6. + +
      To cancel the entry creation, close the web browser window containing +the form. +
    6. +After you have saved the entry, you can add +values for the Owner, Group Member, and See Also fields.
      7. +
    + +

    +Adding an NT Group

    To add a new NT group entry, do the following: -
      -
    1. Click the New Entry tab.
      2. -
    2. Follow the steps outlined in the New Entry form. When you are -done +
        +
      1. +Click the New Entry tab.
        2. + +
      2. +Follow the steps outlined in the New Entry form. When you are done filling in this form, click Continue. To cancel the operation click -the Back button in your browser window.
        3. -
      3. If you have not authenticated before you attempt to add a new -entry, or +the Back button in your browser window.
        4. + +
      4. +If you have not authenticated before you attempt to add a new entry, or if your authentication has expired, the Directory Server prompts you -to authenticate -before continuing.
        5. -
      5. When you add an NT-group to the directory, a form -that allows you to edit that group's data is displayed. This form is -contained -in a new web browser window. You must supply a value for the required -fields. -The required fields for an NT-group are:
        6. - -
      6. You can provide values for the optional fields now, or add them -later. -The optional fields for an NT group are:
        7. -

        -
        - - - - - - - - - - - -
        Description Owner 
        NT -Group Members See -Also
        -
        -

        -
        Note: -

        You cannot enter values into the Owner, NT Group Members, -or See Also fields until you have saved the entry.

        -
        -
      7. You may also change the value for the Delete -NT Group if Group Deleted option.
        8. -
      8. When you are done filling in the form, click the Save New Group -button -at the top of the form.
        9. -
        -To cancel the entry creation, close the web browser window containing -the form.
      9. After you save the entry, you can add -values -for the NT Group Members, Owner, and See Also fields.
        10. -
      -

      -Adding an Organizational Unit

      +to authenticate before continuing.
      3. + +
    3. +When you add an NT-group to the directory, a form +that allows you to edit that group's data is displayed. This form is contained +in a new web browser window. You must supply a value for the required fields. +The required fields for an NT-group are:
      4. + + + +
    4. +You can provide values for the optional fields now, or add them later. +The optional fields for an NT group are:
      5. +

      +

      + + + + + + + + + + + + + + + +
      Description Owner Locale
      NT Group Members See AlsoOrganizational Unit
      +
      +

      +

      Note: +

      +You cannot enter values into the Owner, NT Group Members, +or See Also fields until you have saved the entry.

      + +
    5. +You may also change the value for the Delete NT Group if Group Deleted option.
      6. + +
    6. +When you are done filling in the form, click the Save New Group button +at the top of the form.
      7. + +
      To cancel the entry creation, close the web browser window containing +the form. +
    7. +After you save the entry, you can add values +for the NT Group Members, Owner, and See Also fields.
      8. +
    + +

    +Adding an Organizational Unit

    To add a new organizational unit entry, do the following: -
      -
    1. Click the New Entry tab.
      2. -
    2. Follow the steps outlined in the New Entry form. When you are -done +
        +
      1. +Click the New Entry tab.
        2. + +
      2. +Follow the steps outlined in the New Entry form. When you are done filling in this form, click Continue. To cancel the operation click -the "Back" button in your browser window.
        3. -
      3. If you have not authenticated before you attempt to add a new -entry, or +the "Back" button in your browser window.
        4. + +
      4. +If you have not authenticated before you attempt to add a new entry, or if your authentication has expired, the Directory Server prompts you -to authenticate -before continuing.
        5. -
      5. When you add an organizational unit to the directory, a form that +to authenticate before continuing.
        6. + +
      6. +When you add an organizational unit to the directory, a form that allows you to edit that organization's data is displayed. This form is displayed in a new web browser window. You must supply -a value for the required field, Unit -Name.
        7. -
      7. You can provide values for the optional fields now, or add them -later. -The optional fields for an organizational unit are:
        8. -

        -
        - - - - - - - - - - - - - - - - - - -
        Description Phone Business -Category 
        Fax Location Mailing -Address 
        See -Also   
        -
        -

        -
      8. When you are done filling in the form, click the Save New Org. -Unit +a value for the required field, Unit Name.
        9. + +
      9. +You can provide values for the optional fields now, or add them later. +The optional fields for an organizational unit are:
        10. +

        +

        + + + + + + + + + + + + + + + + + + + + + + + +
        Description Phone Business Category 
        Fax Location Mailing Address 
        See Also   
        +

        +

      10. +When you are done filling in the form, click the Save New Org. Unit button at the top of the form. To cancel the entry creation, close -the web browser window containing the form.
        11. -
      -

      Adding a Domain Component

      +the web browser window containing the form.
      3. +
    + +

    Adding a Domain Component

    + To add a new domain entry, do the following: -
      -
    1. Click the New Entry tab.
      2. -
    2. Follow the steps outlined in the New Entry form. When you are -done +
        +
      1. +Click the New Entry tab.
        2. + +
      2. +Follow the steps outlined in the New Entry form. When you are done filling in this form, click Continue. To cancel the operation click -the Back button in your browser window.
        3. -
      3. If you have not authenticated before you attempt to add a new -entry, or +the Back button in your browser window.
        4. + +
      4. +If you have not authenticated before you attempt to add a new entry, or if your authentication has expired, the Directory Server prompts you -to authenticate -before continuing.
        5. -
      5. You must supply a value for the required field, dc.
        6. -
      6. You can provide values for the optional fields now, or add them -later. -The optional fields for a domain are:
        7. -

        -
        - - - - - - - - - - - - - - - - - - -
        DescriptionPhoneBusiness -Category
        FaxLocationMailing -Address
        See -Also  
        -
        -

        -
      7. When you are done filling in the form, click the Save New dc -button +to authenticate before continuing.
        8. + +
      8. +You must supply a value for the required field, dc.
        9. + +
      9. +You can provide values for the optional fields now, or add them later. +The optional fields for a domain are:
        10. +

        +

        + + + + + + + + + + + + + +
        DescriptionPhoneBusiness Category
        FaxLocationMailing Address
        See Also  
        +
        +

        +

      10. +When you are done filling in the form, click the Save New dc button at the top of the form. To cancel the entry creation, close the -web browser window containing the form.
        11. -
      -

      Adding an Organization

      +web browser window containing the form.
      3. +
    + +

    Adding an Organization

    + To add a new organization entry, do the following: -
      -
    1. Click the New Entry tab.
      2. -
    2. Follow the steps outlined in the New Entry form. When you are -done +
        +
      1. +Click the New Entry tab.
        2. + +
      2. +Follow the steps outlined in the New Entry form. When you are done filling in this form, click Continue. To cancel the operation click -the Back button in your browser window.
        3. -
      3. If you have not authenticated before you attempt to add a new -entry, or +the Back button in your browser window.
        4. + +
      4. +If you have not authenticated before you attempt to add a new entry, or if your authentication has expired, the Directory Server prompts you -to authenticate -before continuing.
        5. -
      5. Adding an organization is supported only when you initially -populate -your +to authenticate before continuing.
        6. + +
      6. +Adding an organization is supported only when you initially populate your directory tree. The organization you add must match the organization you specified in the Database Subtree field when you installed your -Directory Server. For example, if you specified a value of:
        7. - 
        o=Example.com
        +Directory Server. For example, if you specified a value of: + +
        o=Example.com
        + to the Database Subtree field, then you must specify a value of: - 
        o=Example.com
        -when you add the organization. The Directory Server checks the add -operation to ensure that the directory entry can + +
        o=Example.com
        + +when you add the organization. The Directory Server checks the add operation to ensure that the directory entry can exist with the database subtree. Any value other than: - 
        o=Example.com
        + +
        o=Example.com
        + clearly cannot reside under: - 
        o=Example.com
        -As a result, the Directory Server rejects the operation.
      7. You must -supply a value for the required field, Organization -Name.
        8. -
      8. You can provide values for the optional fields now, or add them -later. -The optional fields for an organization are:
        9. -

        -
        - - - - - - - - - - - - - - - - - - -
        Description Phone Business -Category 
        Fax Location Mailing -Address 
        See -Also   
        -
        -

        -
      9. When you are done filling in the form, click the Save New Org. -button + +
        o=Example.com
        + +As a result, the Directory Server rejects the operation. +
      10. +You must supply a value for the required field, Organization Name.
        11. + +
      11. +You can provide values for the optional fields now, or add them later. +The optional fields for an organization are:
        12. +

        +

        + + + + + + + + + + + + + + + + + + + + + + + +
        Description Phone Business Category 
        Fax Location Mailing Address 
        See Also   
        +
        +

        +

      12. +When you are done filling in the form, click the Save New Org. button at the top of the form. To cancel the entry creation, close the -web browser window containing the form.
        13. -
      - - +web browser window containing the form.
      3. +
    + + + diff --git a/ldap/clients/dsgw/html/manual/attribut.htm b/ldap/clients/dsgw/html/manual/attribut.htm index 13bd878..59d72b3 100644 --- a/ldap/clients/dsgw/html/manual/attribut.htm +++ b/ldap/clients/dsgw/html/manual/attribut.htm @@ -1,6 +1,3 @@ - - - - - - -

    -

    -

    -

    Attributes -

    - + +

    + +

    + +

    Attributes +

    + + +
    -This appendix includes information on attribute definitions. Most of -the schema attributes used in the Directory Server are part of the -standard LDAP protocol, which is in turn based on the X.500 standard. -However, some of the Directory Server's attributes are extensions -created by Netscape for use with its implementation of LDAP. If an -attribute was created by Netscape and is not part of the standard LDAP -schema, a note is made in the description of that object or attribute.     -

    For information on what the Directory Server -schema is and what it is -used for, refer to the Directory Server Deployment Guide.

    -

    -For information on the object classes in the schema, see Appendix -A, "Object Classes."

    -

      - -

    Attribute Definitions

    - -The following define the attributes used to describe -an entry in the directory tree. To determine which attributes are -required and allowed for each object class, see Appendix -A, "Object Classes."

    -

    -Each attribute has a corresponding syntax definition that describes the -nature of the attribute information. This syntax is important only when -the Directory Server is performing sorting and pattern matching; there -is nothing to otherwise prevent you from, for example, placing a -telephone number on an attribute that expects a distinguished name.

    -

    -The possible attribute syntaxes are:

    -

    -