Overview#The Linux and UNIX Settings driver automates the process of setting and configuring Linux and UNIX attributes in the Identity Vault.
The Linux and UNIX Settings driver automates the management of Linux and UNIX operational attributes, such as login shell, UID, GID, and home directory, in the Identity Vault.
This enables you to provision systems using other drivers, such as the Linux and UNIX driver or the Fan-Out driver. This also enables you to use account redirection via LDAP, Name Service Switch, or PAM modules.
Using with Linux User Management (LUM) and Novell® Samba #You can also use the driver to automate enabling users for Linux User Management (LUM) and Novell® Samba. LUM simplifies user management in a networked environment with many Linux workstations and servers by storing all necessary properties in the Identity Vault rather than locally on each machine. Novell Samba provides Windows* access (CIFS and HTTP-WebDAV) to files stored on the OES server.
Without the Linux and UNIX Settings driver, you must use iManager to set up each user individually. The driver uses Identity Manager events and performs the same functions as the LUM and Novell Samba iManager plug-ins, but without the manual activity. For the detailed steps taken by the driver to set up users, see Section C.1, LUM Automation and Section C.2, Samba Automation.
You must modify the Linux Workstation objects, selecting the LUM-enabled groups for the workstations to be members of, in order for users to be able to log in to OES or Novell Samba.
- uid (represented as uniqueID in the Identity Vault)
NxSettings Style Sheet Details#When not using LUM configuration object, you can retrieve ranges from the NxSettings Style Sheet. The initial NxSettings style sheet is similar to the following example:
<?xml version="1.0" encoding="UTF-8"?> <nxSettings> <settings name="DefaultSet"> <setting name="uid" type="range"> <ranges last-used="0"> <range end="1000" start="400"/> </ranges> </setting> <setting name="gid" type="range"> <ranges last-used="0"> <range end="1000" start="400"/> </ranges> </setting> </settings> </nxSettings>
You can change the start and end attributes of a range tag and the last-used attribute for the ranges tag. (Because the attributes are stored in alphabetical order, the end attribute of a range element is listed before the start attribute.)
You can add ranges by adding more range tags as shown in the following example:
<ranges last-used="0"> <range end="1000" start="400"/> <range end="2000" start="1001"/> <range end="5000" start="3000"/> </ranges>Ranges do not need to be contiguous. If there are gaps, the driver skips over them. If the value of the last-used attribute falls outside of all ranges, then the next number is assigned from the range with the next start value. In the preceding example, the next number assigned is 400. The value assigned after 2000 is 3000.
You can also add more settings and setting tags to the style sheet for your own purposes. The "name" ranges must be unique.
Create Indexes#To avoid assigning duplicate UID and GID numbers, the driver searches the respective subtrees specified during installation, or later by GCVs. For good performance, you must create indexes for uidNumber and gidNumber.
Retrieving Values with a Policy#You can retrieve values with a policy by calling methods from the driver shim. The following example demonstrates retrieving values with XPath expressions:
<do-set-local-variable name="DriverDN"> <arg-string> <token-text xml:space="preserve">\MYD1\mydriver\drivers\NxSettings</token-text> </arg-string> </do-set-local-variable> <do-set-local-variable name="driverShimInstance"> <arg-object> <token-xpath expression="NxSettingsInstance:getInstance($DriverDN)"/> </arg-object> </do-set-local-variable> <do-set-local-variable name="uid"> <arg-string> <token-xpath expression='driverShim:getNextRangeValue($driverShimInstance,"DefaultSet", "uid")'/> </arg-string> </do-set-local-variable>This works as follows:
- . Local variable “DriverDN” is set to the DN of the driver. This value is used to retrieve the correct instance of the driver shim from the Java* virtual machine.
- . The static getInstance method is called on the driver shim to retrieve a handle to the shim object.
- . The getNextRangeValue method is called on the driver shim with the following arguments:
|driverShimInstance||The handle to the shim|
|setName||The name of the settings set to retrieve the range value from (defined by the value of the settings tag name attribute)|
|SettingName||The name of the setting containing the range information to be used to assign an ID|