Hi there,

first of, I unfortunately have no Novell experience whatsoever. It
concerns XP desktops with a novell client and Novell OES 6.5.

Anyways, for the implementation of a firewall at a customer we need to
identify (on the firewall) what user is going to browse the web. In
order to do this we will be using IDENT. We are aware this will only
identify and not authenticate the user.

Unfortunately, the firewall only can lookup the user if it has the full
LDAP context. So similar to cn=username,ou=orgunit1,o=org. Found some
batch files which used the variables UNAME (set to username (following
above LDAP path)) and UNAME (set to orgunit1.org (following above LDAP
path)) but neither are set with us in windows.

We do have a NWUSERNAME variable which I can use, and in combination
with cx I had this working. However, I don't think the cx command is
very safe, as it can switch context and it doesn't appear to be
available as normal user (don't quite get where it comes from in the
first place because it doesn't appear to be in PATH nor on the system
itself at all).

Basically we would need either:

* A way to write (from batch or vbscript, whatever) a way to write the
users LDAP context (like cn=username,ou=orgunit1,o=org) to a file during
logon, so we can use the string in that file from an IDENT server; or
* A (free preferably or extremely cheap) IDENT server that is smart
enough to serve the full LDAP context instead of just a username.

Any help would be greatly appreciated. Found some scripts and such all
over the place, but most seem to use variables I don't have. As I'm not
familiar with Novell I don't know where these come from. Perhaps
zenworks or something can set them?

Kind regards