> We are in process of migrating from SunOne to eDir. We are working on a
> LDAP driver to migrate all our users to eDir.
> Now there are several attributes that a user in Sun LDAP has but there
> are no corresponsing attributes in the User class of Novell LDAP.

And beware funny schema differences. As a completely unlikely example,
SunOne has an attribute (whose name totally escapes me now) that uses
Directory String. Except that Novell chose to follow the RFC to the
letter and implemented a syntax it requires (it is some stupid telco
attr). The key difference was not allowing the colon and semicolon
characters, otherwise it is a string. Sun said, string is close enough.
Novell followed the RFC. We moved a SunOne to eDir directory that
relied on using colons as a delimiter in that attribute. Oh well.
These should be pretty rare, but might be related to your second point.
Might be that nsRolesDN uses a funny syntax and eDir cannot simply
reproduce it? So perhaps it is simpler to remove from the event?
Dunno. If it is just a DN it should be simple to sync.

Maybe the default config writers were just lazy and it was easier to
remove it than deal with it.

As for Aux class, yes, aux class 100% no questions, no doubt.

But realize your iManager issue is unrelated to Aux vs Base class, it is
actually that the plugins you are using are hard coded to a set of
attrs. You just added new attributes. What would make you think it
would be available in the standard iMan plugin?

It IS there, look in the General tab (last one on the right. ConsoleOne
it is Other, iMan it is General I think) and it will show you all valued
and unvalued attributes for this class, per schema (thus your new ones
will show up) and will let you edit them. But that is not what you want.

In which case you should look at Plugin Studio (Under configuration in
IMan) and see if you can put togetehr a custom page to handle your new

> I have two queries:
> 1. To add new custom attributes to User class in Novell, should we go
> by creating an aux class? I tried doing this (created an aux class and
> extended schema for Users by adding this aux class. But when I create
> new users through iManager the attributes of aux class are not visible!!
> What is the correct process to do this?)
> 2. Are there some restrictions imposed on SunOne attributes like
> 'nsRoleDN'? I added this attribute in my LDAP Driver filter and schema
> mapping, but it doesn't get reflected in the migrated user. From the
> DSTrace logs it looks like there is some rule to remove this attribute
> during migration
> ================================================== ================================================== ============================
> [06/07/12 03:23:18.422]:Sun LDAP Driver PT: Evaluating selection
> criteria for rule 'iPlanet - Strip nsRoleDN'.
> [06/07/12 03:23:18.423]:Sun LDAP Driver PT: (if-op-attr 'nsRoleDN'
> available) = TRUE.
> [06/07/12 03:23:18.423]:Sun LDAP Driver PT: Rule selected.
> [06/07/12 03:23:18.423]:Sun LDAP Driver PT: Applying rule 'iPlanet -
> Strip nsRoleDN'.
> [06/07/12 03:23:18.423]:Sun LDAP Driver PT: Action:
> do-strip-op-attr("nsRoleDN").
> ================================================== ================================================== ============================
> Any ideas??
> Thanks!