Using NDS User Object Properties in a Login Script
Articles and Tips: article
Product Support Engineer
Novell Technical Services
01 May 1995
The purpose of this AppNote is to provide a complete reference to the NetWare Directory Services user object properties which can be used in a NetWare login script. Because there are various conflicting sources of information for these properties, not all of which are readily available, this document will clarify which object properties can be used in a login script.
- Introduction
- NetWare 4.1 Login Identifier Variables
- Using NDS Property Values as Login Variables
- User Properties That Do Not Work
- Summary
Introduction
NetWare administrators and users commonly use login scripts to set up environments for users, including mapping drives, setting DOS environment variables, displaying useful information when logging in, etc. With the addition of user variables now available with NetWare Directory Services, new customization opportunities are available. For this article, we will limit our discussion to the properties of the user object.
NetWare 4.1 Login Identifier Variables
NetWare has long provided the ability to use login identifier variables to make login scripts more efficient and flexible. There are 37 identifier variables provided with NetWare 4.1. The following table shows these identifier variables along with their alternate keywords.
|
IdentifierVariable
|
AlternateKeyword
|
|
ACCESS_SERVER |
ACESSSERVERACCESS |
|
AM_PM |
|
|
DAY |
|
|
DAY_OF_WEEK |
|
|
ERROR_LEVEL |
ERRORLEVEL |
|
FILE_SERVER |
FILESERVER |
|
FULL_NAME |
|
|
GREETING_TIME |
|
|
HOUR |
HOURS |
|
HOUR24 |
|
|
LAST_NAME |
|
|
LOGIN_ALIAS_CONTEXT(NDS only) |
|
|
LOGIN_CONTEXT (NDS only) |
|
|
LOGIN_NAME |
|
|
MACHINE |
|
|
MEMBER OF "group" |
|
|
MINUTE |
MINUTES |
|
MONTH |
|
|
MONTH_NAME |
|
|
NDAY_OF_WEEK |
|
|
NETWARE_REQUESTER |
|
|
NETWORK_ADDRESS |
NETWORKNETWORK_NUMBER |
|
NEW_MAIL |
|
|
NOT MEMBER OF "group" |
|
|
OS |
|
|
OS_VERSION |
|
|
P_STATION |
PHYSICAL_STATION |
|
PASSWORD_EXPIRES |
|
|
REQUESTER_VERSION |
DOS_REQUESTERNETWARE_REQUESTERREQUESTER |
|
REQUESTER_CONTEXT(NDS only) |
|
|
SECOND |
|
|
SHELL_TYPE |
NETWARE_SHELLSHELL_VERSION |
|
SHORT_YEAR |
|
|
SMACHINE |
|
|
STATION |
CONNECTIONSLOT |
|
USER_ID |
USERID |
|
YEAR |
Using NDS Property Values as Login Variables
NetWare 4 extends the list of login variables through the use of the object properties found in NetWare Directory Services. This extensible architecture also allows third-party vendors to add NDS properties which will then be accessible as login variables. The object properties included with NetWare are documented in several places, including the NetWare 4.1 user documentation, in the NetWare 4.1 Schema, available to participants in the Novell Professional Developers program, and in other sources, including Novell Application Notes(April 1994).
Regarding the use of NDS objects as variables, the NetWare 4.1 documentation states:
You can use property values of NDS objects as variables. Use the property values just as you do any other identifier variable. If the property value includes a space, enclose the name in quotation marks. To use a property name with a space, within a WRITE statement, you must place it at the end of the quoted string:
WRITE "Given name=%GIVEN_NAME" IF "%MESSAGE SERVER"="MS1" THEN MAP INS S16:=MS1\SYS:EMAIL
To see a list of object properties, see Appendix A, "NDS and Bindery Objects and Properties," of Utilities Reference. Not all properties are supported.
As the documentation states, not all properties are supported. Some of the properties which are documented do not work as variables, but do work using NLIST, while some do not work at all. Of the 63 NDS user object properties, 49 are supported as variables, while 14 are available only with NLIST.
The value of most object properties can be easily displayed in a login script by using the WRITE command for those values supported as login variables, or by using NLIST for those values not supported directly as login variables.
The syntax for showing properties using these two commands in a login script follows the form:
WRITE "[text][%variable]" WRITE "[text]";[variable] #NLIST class type [property search option] [object name] [/basic option] [display option]
Correct syntax using the property "Default Server" for example, would be:
WRITE "Default Server = %DEFAULT SERVER" WRITE "Default Server = " ;DEFAULT_SERVER #NLIST USER=%LOGIN_NAME SHOW "DEFAULT SERVER"
The quotation marks around the property name are required when the name contains multiple words. Most multi-word properties can be stated as single word properties by replacing the space between words with an underscore character, thus obviating the need for quotation marks. Thus, the above NLIST example could be expressed as:
#NLIST USER=%LOGIN_NAME SHOW DEFAULT_SERVER
Many of the properties can be accessed using several different keywords. These properties, together with alternate keywords indented are listed in the following table.
|
Property
|
Works as a Variable
|
Works with NLIST
|
Comments
|
|
ACCOUNT BALANCE |
X |
X |
NLIST and variablereturn identical information. |
|
ACCOUNT DISABLEDLOGINDISABLED |
X |
X X |
Variable returns"Y" or "N".NLIST returns "True" or "False" |
|
ACCOUNT HASEXPIRATION DATELOGIN EXPIRATION TIME |
XX |
Displays both time and date. |
|
|
ACCOUNT LOCKED |
X |
||
|
ACCOUNT RESETTIME LOGIN INTRUDER RESET TIME |
XX |
||
|
ALLOW UNLIMITED CREDIT |
X |
X |
Variable returns"Y" or "N".NLIST returns "True" or "False" |
|
ALLOW USERTO CHANGE PASSWORD PASSWORD ALLOW CHANGE |
X |
XX |
Variable returns"Y" or "N".NLIST returns "True" or "False" |
|
BACK LINK |
X |
X |
Attached toany object for which an external referenceis required by a remote server. |
|
BINDERY PROPERTY |
X |
X |
Used to emulatebindery properties that cannot be represented with other attribute types. |
|
CITYPHYSICALDELIVERY OFFICE NAME |
X |
XX |
NLIST and variablereturn identical information. |
|
DATE PASSWORDEXPIRESPASSWORD EXPIRATION TIME |
XX |
Displays both time and date. |
|
|
DAYS BETWEENFORCED CHANGESPASSWORD EXPIRATION INTERVAL |
X |
XX |
NLIST showstime in days, hours, minutes, and seconds.Variable shows time in total seconds. |
|
DEFAULT SERVERMESSAGESERVER |
X |
XX |
NLIST and variablereturn identical information. |
|
DEPARTMENTOU |
X |
XX |
NLIST showsa list of all departments defined, whilevariable use shows only the first departmentin the list.. |
|
DESCRIPTION |
X |
X |
NLIST and variablereturn identical information. |
|
EQUIVALENT TO ME |
X |
X |
NLIST showsa list of all equivalent users defined, whilevariable use shows only the first user in the list. |
|
FAX NUMBERFACSIMILETELEPHONE NUMBER |
X |
XX |
NLIST showsa list of all fax numbers, while variableuse shows only the first number in the list. |
|
FOREIGN EMAILADDRESSEMAIL ADDRESSFOREIGN EMAIL ALIAS |
X |
XXX |
NLIST listsall Email Addresses, while variable use showsonly the first Email address in the list. |
|
FULL NAME |
X |
X |
NLIST and variablereturn identical information. |
|
GENERATIONAL QUALIFIER |
X |
||
|
GIVEN NAME |
X |
||
|
GRACE LOGINSALLOWEDLOGIN GRACE LIMIT |
X |
XX |
NLIST and variablereturn identical information. |
|
GROUP MEMBERSHIP |
X |
X |
NLIST showsall group memberships, while variable showsonly the first group in the list. |
|
HOME DIRECTORY |
X |
X |
NLIST showsVolume Name, Path and Name Space Type |
|
INCORRECT LOGINATTEMPTSLOGIN INTRUDER ATTEMPTS |
X |
XX |
NLIST and variablereturn identical information. |
|
LANGUAGE |
X |
X |
|
|
LAST INTRUDERADDRESSLOGIN INTRUDER ADDRESS |
XX |
Displays NetworkAddress Type, Network, Node and Socket number. |
|
|
LAST LOGIN TIME |
X |
Same as Login=sLASTLOGINTIME command. (Be sure TZ is set on workstation.) |
|
|
LAST NAMESURNAME |
X |
XX |
NLIST and variablereturn identical information. |
|
LOCATIONLLOCALITY NAME |
X |
XXX |
NLIST and variablereturn identical information. NLIST showsall locations in the list, while variableshows only the first location in the list. |
|
LOCKED BY INTRUDER |
X |
X |
Variable returns"Y" or "N". NLIST returns "True" or "False" |
|
LOGIN ALLOWED TIME MAP |
X |
While detailsare not viewable, existence of the propertycan be tested by:#NLIST USER=%LOGIN_NAMEWHERE "LOGIN ALLOWED TIME MAP" EXISTS. |
|
|
LOGIN SCRIPT |
X |
Displays theentire login script. |
|
|
LOGIN TIME |
X |
X |
Displays bothtime and date. |
|
LOGIN TIME RESTRICTIONS |
X |
While detailsare not viewable, existence of the propertycan be tested by:#NLIST USER=%LOGIN_NAMEWHERE "LOGIN TIME RESTRICTIONS" EXISTS. |
|
|
LOW BALANCELIMITMINIMUM ACCOUNT BALANCE |
X |
XX |
NLIST and variablereturn identical information. |
|
MAILBOX ID |
X |
X |
NLIST and variablereturn identical information. |
|
MAILBOX LOCATION |
X |
X |
MHS must beinstalled to have a value for Mailbox Location |
|
MAILING LABELINFORMATIONPOSTAL ADDRESS |
X |
XX |
NLIST and variablereturn identical information. |
|
MAXIMUM CONNECTIONSLOGINMAXIMUM SIMULTANEOUS |
X |
XX |
|
|
MIDDLE INITIALINITIALS |
X |
XX |
|
|
MINIMUM PASSWORDLENGTHPASSWORD MINIMUM LENGTH |
X |
XX |
NLIST and variablereturn identical information. |
|
NAMECNCOMMON NAME |
X |
XXX |
Variable returnsonly the login name, while NLIST returnsthe login name, and all other names. |
|
NETWORK ADDRESS |
X |
X |
Displays NetworkAddress Type, Network, Node and Socket number. |
|
NETWORK ADDRESS RESTRICTION |
X |
Displays NetworkAddress Type, Network, Node and Socket number. |
|
|
OBJECT CLASS |
X |
X |
NLIST showsall object classes. |
|
OBJECT TRUSTEES (ACL)ACL |
XX |
Displays completeObject Trustee (ACL) list. |
|
|
POST OFFICE BOXPOSTAL OFFICE BOX |
X |
XX |
NLIST and variablereturn identical information. |
|
POSTAL (ZIP)CODEPOSTAL CODE |
X |
XX |
NLIST and variablereturn identical information. |
|
PRINT JOB CONFIGURATION |
X |
Displays allprint job details |
|
|
PROFILE |
X |
X |
NLIST and variablereturn identical information. |
|
REMAINING GRACELOGINSLOGIN GRACE REMAINING |
X |
XX |
NLIST and variablereturn identical information. |
|
REQUIRE A PASSWORDPASSWORDREQUIRED |
X |
XX |
Variable returns"Y" or "N". NLIST returns "True" or "False" |
|
REQUIRE UNIQUEPASSWORDSPASSWORD UNIQUE REQUIRED |
X |
XX |
Variable returns"Y" or "N". NLIST returns "True" or "False" |
|
REVISION |
X |
X |
NLIST and variablereturn identical information.Incrementedeach time the user is accessed. |
|
SECURITY EQUAL TO SECURITY EQUALS |
X |
XX |
NLIST showsall security equal groups and users. Variableshows only the first security equal in the list. |
|
SEE ALSO |
X |
X |
NLIST showsentire list, variable shows only the first item in the list. |
|
SERVER HOLDS |
X |
X |
C ontains the number of accounting charges pendingwhile the servers performs a chargeable action. |
|
STATE OR PROVINCESSTATESTATEOR PROVINCE NAME |
X |
XXXX |
NLIST and variablereturn identical information. |
|
STREET ADDRESSSA |
X |
XX |
NLIST and variablereturn identical information. |
|
TELEPHONETELEPHONENUMBER |
X |
XX |
NLIST showsall telephone numbers listed. Variable showsonly the first telephone number in the list. |
|
TITLE |
X |
X |
NLIST showsall titles listed, while variable lists onlythe first title in the list. |
|
UID |
X |
X |
Specifies aunique user ID for use by UNIX clients. |
User Properties That Do Not Work
Several user properties listed in existing 4.1 documentation are either not user properties, or do not work as expected either as a user variable or with NLIST. The following table lists some of these properties.
|
Item
|
Comment
|
|
DEFAULT PROFILE |
Not a user property. |
|
E-MAIL ADDRESS |
Use Email Address instead. |
|
INTRUDER ADDRESS |
Use Last Intruder Address instead. |
|
HIGHER PRIVILEGES |
Not currently implemented. |
|
LIMIT GRACE LOGINS |
Use Login Grace Limit instead. |
|
LOGIN EXPIRATION DATE AND TIME |
Use LoginExpiration Time or Account Has Expiration Date instead. |
|
LOGIN RESTRICTIONS |
Not a user property. |
|
LOGIN NAME |
Not a user property. |
|
NETWORK ADDRESS RESTRICTIONS |
Use NetworkAddress Restriction instead. |
|
NETWORK ADDRESSES |
Use Network Address instead. |
|
OBITUARY |
A hidden attribute which cannot be accessed. |
|
OBJECT TRUSTEES |
Use ObjectTrustees (ACL) instead. |
|
ORGANIZATIONAL UNIT |
Use Department instead. |
|
OTHER NAME |
Use Name instead. |
|
PASSWORD EXPIRATION DATE AND TIME |
Use Password Expiration Time instead. |
|
PASSWORD EXPIRATION DATE |
Use PasswordExpiration Time instead. |
|
PASSWORD RESTRICTIONS |
Not a user property. |
|
PASSWORDS USED |
A hidden attributewhich cannot be accessed. |
|
PRINTER CONTROL |
Not a user property. |
|
PRIVATE KEY |
A hidden attribute which cannot be accessed. |
|
PROFILE MEMBERSHIP |
Use Profile instead. |
|
PUBLIC KEY |
A hidden attributewhich cannot be accessed. |
|
REFERENCE |
A hidden attribute which cannot be accessed. |
|
REQUIRE A UNIQUE PASSWORD |
Use RequireUnique Passwords or Password Unique Required instead. |
|
SECURITY FLAGS |
Not a user property. |
|
SECURITY EQUIVALENCES |
Use SecurityEquals or Security Equal To instead. |
|
STREET |
Use SA or Street Address instead. |
|
VOLUME |
Not a user property. |
Summary
This AppNote has provided a complete list of the login identifier variables available using NetWare 4.1, focusing on those which are NDS object properties. These variables can help network administrators and users create useful login scripts. The information provided relating to NDS user object properties can also be used with applications which access the NDS user object, such as NLIST.EXE.
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.