LDAP File Rights
Articles and Tips: qna
01 Dec 2002
Q.
We have user creations via LDAP working just great except for one piece, we cannot set permissions on a home directory. We can make the account, create the account, grant group memberships, create the home directory, but we just can't assign permissions to the directory we create. That is the last manual step in our account creation...any ideas?
Here's some more information for those who are interested:
User goes to https web page and enters information.
One of my staff approves the account.
PHP on Linux issues LDAP calls to create account and populate information (such as memberships, name, email address, department, phone, etc.)
PHP on Linux uses FTP to create the user home directory.
My staff now has to go to the just created directory and manually set permissions.
A staff person tells the webpage that they have set permissions.
The web page generates a "welcome to the network" email with username and password and sends it to the user.
Step 5 is what I want to automate. Can we somehow use ICE or something?
Dayne DSL Drainey
A.
Dear Dayne: Unfortunately, LDAP talks to a network data directory. The server's file systems are not associated with network data directories. Thus LDAP can't muck with the file system.
User permissions and such on files are file system operations, so LDAP's very limited API set was not designed to get at them. You will have to use a parallel utility of some kind, perhaps just a simple script, to deal with the NetWare file system.
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.