Script Repository


Add user to Novel eDirectory group

January 11, 2017
1104

The script adds a user's account located in Novel eDirectory to a eDirectory group.

Note: The script uses the $Context variable available on the server side only. This means that it can be executed only by Business Rules, Custom Commands, and Scheduled Tasks. You can use it in your rules, commands and tasks via the Run a program or PowerShell script action.

Parameters:

  • $eDirectoryServer - specifies the eDirectory LDAP server. The server must be specified by its fully qualified domain name (FQDN) followed by the number of the port used to accept LDAP requests (by default, 389);
  • $adminDN - specifies the Distinguished Name (DN) of a eDirectory administrative account. The account must have sufficient permissions to perform the following operations:
    • View the user account and the group in question;
    • Modify the groupMembership and securityEquals attributes of the user account;
    • Modify the member and equivalentToMe attributes of the group;
  • $adminPassword - specifies the password to the account identified by $adminDN;
  • $username - specifies the name of the user in eDirectory. You need to use value references to compose the name based on properties of the AD user account. For example, if you specify %username%, the name of the user account in Novell eDirectory must be the same as the user logon name of the Active Directory user;
  • $groupName - specifies the group name.
Edit Remove
PowerShell
$eDirectoryServer = "edirectory.server.doman.com:389" # TODO: modify me
$adminDN = "cn=admin,o=company" # TODO: modify me
$adminPassword = "secret" # TODO: modify me

$username = "%username%" # TODO: modify me
$groupName = "MyGroup" # TODO: modify me

function SearchObjectInEDirectory($filter, $eDirectoryServer, $adminDN, $adminPassword)
{
    try
    {
        $directoryEntry = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$eDirectoryServer", $adminDN, $adminPassword, [System.DirectoryServices.AuthenticationTypes]::ServerBind)
        $searcher = New-Object System.DirectoryServices.DirectorySearcher($directoryEntry, $filter)
        $searchResults = $searcher.FindAll()
        $Context.LogMessage($searchResults[0].Path, "Information")
        if ($searchResults.Count -eq 0)
        {
            return $NULL
        }
        else
        {
            return ,$searchResults
        }
    }
    catch
    {
        $Context.LogMessage("Could not find an object matching the following filter: '$filter'. Error: " + $_.Exception.Message, "Information")
    }
    finally
    {
        $directoryEntry.Dispose()
        $searcher.Dispose()
    }
}

# Find user
$searchResults = SearchObjectInEDirectory "(&(objectClass=person)(name=$username))" $eDirectoryServer $adminDN $adminPassword
if ($searchResults -eq $NULL)
{
    $Context.LogMessage("User '$username' not found", "Warning")
    return
}
elseif ($searchResults.Count -gt 1)
{
    $Context.LogMessage("Found more than one user with name '$username'", "Warning")
    return
}
else
{
    $userInfo = $searchResults[0]
}

# Find group
$searchResults = SearchObjectInEDirectory "(&(objectClass=group)(name=$groupName))" $eDirectoryServer $adminDN $adminPassword
if ($searchResults -eq $NULL)
{
    $Context.LogMessage("Group '$groupName' not found", "Warning")
    return
}
elseif ($searchResults.Count -gt 1)
{
    $Context.LogMessage("Found more than one group with name '$groupName'", "Warning")
    return
}
else
{
    $groupInfo = $searchResults[0]
}

# Add user to group
$userDN = $userInfo.Path.Replace("LDAP://$eDirectoryServer/", "")
$groupDN = $groupInfo.Path.Replace("LDAP://$eDirectoryServer/", "")
try
{
    # Update user
    $userDirectoryEntry = New-Object System.DirectoryServices.DirectoryEntry($userInfo.Path, $adminDN, $adminPassword, [System.DirectoryServices.AuthenticationTypes]::ServerBind)
    $userDirectoryEntry.Properties["securityEquals"].Add($groupDN)
    $userDirectoryEntry.Properties["groupMembership"].Add($groupDN)
    $userDirectoryEntry.CommitChanges()

    # Update group
    $groupDirectoryEntry = New-Object System.DirectoryServices.DirectoryEntry($groupInfo.Path, $adminDN, $adminPassword, [System.DirectoryServices.AuthenticationTypes]::ServerBind)
    $groupDirectoryEntry.Properties["equivalentToMe"].Add($userDN)
    $groupDirectoryEntry.Properties["member"].Add($userDN)
    $groupDirectoryEntry.CommitChanges()
}
catch
{
    $Context.LogMessage("An error occurred when adding user to eDirectory group. Error: " + $_.Exception.Message, "Warning")
}
finally
{
    $userDirectoryEntry.Dispose()
}

Comments ( 0 )
No results found.
Leave a comment