SLES-10-OES2-SP2-x86_64
DirXML version is 3.6.10.36503
eDirectory for Linux v8.8 SP5 [DS]
Remote Loader on Windows 2003 Domain Controller

We have successfully tested the pre-configured MAD driver to
synchronize "newly" created user accounts and passwords from eDir to AD.
To date, these new user accounts have been created in a test OU in eDir
and the Active Directory User Container in AD has been explicitly
specified as a particular OU in AD.

Now we would like to expand this so that "existing" eDir user accounts,
spread across dozens of eDir OUs, will be automatically created in AD
but don't know how to handle the placement of the new AD accounts given
that we don't want to mirror the existing eDir hierarchy nor want the AD
accounts to be placed in a single OU (flat)?

In eDir the existing user accounts fall into this sort of hierarchy:
cn=userid,ou=Iowa,ou=district_7,o=ACME
cn=userid,ou=Barron,ou=district_10,o=ACME
cn=userid,ou=Clark,ou=district_6,o=ACME
...

in AD we want the existing accounts to be created in this structure:
cn=userid,ou=Iowa,ou=Counties,ou=Doors,ou=Accounts ,DC=ACMEDOORS,DC=COM
cn=userid,ou=Barron,ou=Counties,ou=Doors,ou=Accoun ts,DC=ACMEDOORS,DC=COM
cn=userid,ou=Clark,ou=Counties,ou=Doors,ou=Account s,DC=ACMEDOORS,DC=COM
...

Can anyone please suggest a placement policy rule or mapping table to
do this? I tried to create a mapping table and rule (see below) based
on some examples in these forums but must have something wrong as
attempts to migrate existing eDir user accounts result in
LDAP_NAMING_VIOLATION errors (see attached migrateNoStartup2.log).

Mapping table:
<?xml version="1.0" encoding="UTF-8"?><mapping-table>
<col-def name="OU"/>
<col-def name="location"/>
<row>
<col>iowa</col>
<col>ou=iowa,ou=counties,ou=doors,ou=accounts,dc=a cmedoors,dc=com</col>
</row>
<row>
<col>barron</col>
<col>ou=barron,ou=counties,ou=doors,ou=accounts,dc =acmedoors,dc=com</col>
</row>
<row>
<col>clark</col>
<col>ou=clark,ou=counties,ou=doors,ou=accounts,dc= acmedoors,dc=com</col>
</row>
</mapping-table>

Rule from placement policy calling mapping table:
<rule>
<description>User Placement by Mapping Table</description>
<conditions>
<and>
<if-class-name op="equal">User</if-class-name>
<if-src-dn op="in-subtree">ACME</if-src-dn>
</and>
</conditions>
<actions>
<do-set-op-dest-dn>
<arg-dn>
<token-map dest="location" src="OU"
table="\[root]\ACME\DrvrSet0\testmad0\map-tbl-place-users-AD">
<token-op-attr name="OU"/>
</token-map>
</arg-dn>
</do-set-op-dest-dn>
</actions>
</rule>
</policy>

Thanks


+----------------------------------------------------------------------+
|Filename: migrateNoStartup2.log |
|Download: http://forums.novell.com/attachment....achmentid=4394 |
+----------------------------------------------------------------------+

--
pklukow
------------------------------------------------------------------------
pklukow's Profile: http://forums.novell.com/member.php?userid=22865
View this thread: http://forums.novell.com/showthread.php?t=410709