Hash: SHA1

> We are in process of migrating from SunOne to eDir. We are working on
> a LDAP driver to migrate all our users to eDir. Now there are several
> attributes that a user in Sun LDAP has but there are no corresponsing
> attributes in the User class of Novell LDAP.


> I have two queries: 1. To add new custom attributes to User class in
> Novell, should we go by creating an aux class? I tried doing this
> (created an aux class and extended schema for Users by adding this
> aux class. But when I create new users through iManager the
> attributes of aux class are not visible!! What is the correct process
> to do this?)

The non-IDM way to do this is in the documentation:

The IDM way to do this is to simply add the new attributes you have
defined to the existing base class's ('User' in your case) section of
the IDM driver config's filter. For example, if you have an aux class
that includes nsRoleDN as an optional (in eDirectory) then be sure that
the 'User' class (assuming you're synchronizing User objects as I
believe you are) has 'nsRoleDN' as one of the attributes in the filter
set to synchronize on the Publisher channel. The aux class itself
should never appear in the filter since the filter only cares about
effective classes.

> 2. Are there some restrictions imposed on SunOne attributes like
> 'nsRoleDN'? I added this attribute in my LDAP Driver filter and
> schema mapping, but it doesn't get reflected in the migrated user.
> From the DSTrace logs it looks like there is some rule to remove this
> attribute during migration
> ================================================== ================================================== ============================

[06/07/12 03:23:18.422]:Sun LDAP Driver PT: Evaluating selection
> criteria for rule 'iPlanet - Strip nsRoleDN'. [06/07/12
> 03:23:18.423]:Sun LDAP Driver PT: (if-op-attr 'nsRoleDN'
> available) = TRUE. [06/07/12 03:23:18.423]:Sun LDAP Driver PT:
> Rule selected. [06/07/12 03:23:18.423]:Sun LDAP Driver PT:
> Applying rule 'iPlanet - Strip nsRoleDN'. [06/07/12 03:23:18.423]:Sun
> LDAP Driver PT: Action: do-strip-op-attr("nsRoleDN").
> ================================================== ================================================== ============================


config is yours; if this is in there by default and you do not want
it, take it out.

Good luck.
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

8NNNLokgvNHMqKNmE6SFfeNLMDaifn2W4n29fhNJYQEbIRrQqO Z/q1NLBykQdlsU
M+ghFlBa1vZeIONjNcwdxKPOKUw3LRN+BPsZ+uBpE5F76TVsFi zfiNhTapzO3i+g
uL4Lj3LStOPy7i5Nr6wzQBdJZdLMnqN5s42m4qVfBDwTHIS78T aW0d7x4bknGMTR
E4rHcaHm2GWFopY1gnHLq3LG8ds8DXzPlr7SkVSol8aXhxfhKX sGr6i2UUhICWna