Database Search
TechHome
- Add Workstation to Workstation Group
- Adding or Removing Groups
- Attributes for User NDS Object
- Change Home Directory Attribute
- Changing Novell Account Management Passwords
- Check Login Expiration Time
- Check Netware User Status
- Create a List of Workstations
- Disable a User Account in Novell
- Error 120 nwSvrShutdown
- FFFFFD63 Error and nwVfyPassword
- Getting Trustees in a Directory Tree
- Issue NetWare Console Commands
- Mac Address with NetwareX extender
- NDS Copy Passwords
- NDS Disk Space Ownership
- NDS Servers Configurations
- NDS Volumes Usage
- Netware Force Password Change Next Logon
- Netware NDS Volumes Usage program
- NetWare User Creation Problem
- NetwareX 1437 AddExtender dll load failed
- NetwareX NDS Users Inactive For XX Days program
- Netwarex Support for NW6 NDS 8 eDirectory
- nwAddUserToGroup Fails
- nwGetFileInfo to Get List of Inherited Trustees
- NwGetSrvParam problems
- nwListObjects and 273 Error
- nwModifyObject Ill Formatted Attribute Value Error
- nwSearchFilter Error 239
- nwSearchFilter Error 298
- nwSearchFilter Issue
- nwServerList Problem
- nwSetPassword Error 233
- nwSetPassword Issue
- Problem with nwGetObjInfo on Alias
- Retrieve the Alias in the User Container
- Run with Elevated Privileges in NDS
Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
nwAddUserToGroup Fails
Question:
I have a working script using the NetwareX extender that creates new user objects in NDS 7. I am trying to modify that script to add the user to a group, but I can't figure out the syntax. The object spec for the user is
"\\TreeName\.CN=Userid.OU=Users.O=MyOrg"
The default group I would like to add all users to is named "Share" and it is one level up from the .Users.MyOrg context at the MyOrg level. I have tried every syntax I could think of, but all I get is a 308 error. I could not find any examples in the knowledge base and the example in the book doesn't really show the syntax. I have admin privileges, so it's not a rights issue. Can you give me an example?
Answer:
Result = nwAddUserToGroup("\\TreeName\.CN=Share.O=MyOrg","\\TreeName\.CN=Userid.OU=Users.O=MyOrg")
However, error 308 indicates that there was an error that occurred while modifying the object. Post the contents of WWWBACH.INI
[in the Windows directory] after the error has occurred so that I can see the additional diagnostic information that is located
in there. That will give a clue as to what operation failed. Group membership changes involve 4 attribute value modifications,
with 2 happening on the user and 2 happening on the group. One of those 4 modifications is failing for some reason, I think,
and that's where your error 308 comes from.
User Reply:
I'm not sure why the ADSI error messages are in there. At this point in the code I have not gone through the create AD user object yet.[NetWare Extender] LastError=FFFFFD9B "NWDSModifyObject() : WWNWX_ModifyNDSObject()"
Answer:
OK, this is *weird*.ERR_SYNTAX_VIOLATION -613 0xFFFFFD9BFor some reason, the attempt to modify the object is resulting in a syntax violation. Normally, this happens when you attempt to add an attribute value to an object but the object's schema definition doesn't include that attribute. However, all of the attributes used by group membership are supposed to be part of the eDirectory base schema definition for user and group objects.
Are you certain that you are actually dealing with regular user & group objects in this case, and not some other type of object that perhaps does not include the necessary attributes?
Adding a user to a group involves the following changes:
On the user object, the group's name is added as a value in the list of values for the "Group Membership" and "Security Equals" attributes.
On the group object, the user's name is added as a value in the list of values for the "Member" and "Equivalent To Me" attributes.
I would recommend that you run a DSREPAIR on your eDir tree and verify that the tree is healthy before any further investigation of this problem is performed. If the problem persists after doing that, then it will be time to look more closely and figure out exactly which attribute modification call is failing. Also, while the problem is still occurring, it would be helpful to know if it is only happening with a specific group, a specific user or with all users & groups in your tree.
User Reply:
The group and user are in NDS 7, not eDir. I use the same code to create a user in the NDS 7 tree and in eDir, and it works ok. It only fails in adding the user to the group in NDS 7. Yes, I'm sure it's a group. Everyone gets added to this group by default.Do I need to use the Netware Extender 4X functions instead of NetwareX?
Answer:
No, you shouldn't need the n4*() functions to do this; the NetWareX extender should be handling all those versions of NDS and eDir.What's the full NetWare version & SP level and NDS version / patch level? Other than NDS7, I don't know enough about your config to be able to set up a proper test case to see if I can find out what's going wrong. I've got every version & SP of NetWare available to work with, I just need to know what you're using so I can make my test environment match your environment as closely as possible.
User Reply:
Our primary login server is Netware 5.0 SP06, NDS versions 7.55a.I extracted out a the segment of code that tries to update the group and modified to attempt to add the group to an existing test userid. I still get the 308 error message. (I changed the names to protect the innocent)
AddExtender('WWNWX34I.DLL') ; NetwareX
ErrorMode(@OFF)
sTree = "MyTree"
sUserid = "Testuser"
sObjectSpec = StrCat("\\",sTree,"\.CN=",sUserid,".OU=MyOU.O=MyOrg")
If sTree == "MyTree" Then
sGroupSpec = StrCat("\\",sTree,"\CN=Share.O=Myorg")
Result = nwAddUserToGroup(sGroupSpec,sObjectSpec)
IERR = LastError()
If IERR <> 0 then
TempMsg = StrCat("Error adding Share Group",@CRLF,sObjectSpec," IERR = ",IERR)
Message("Add Group Error",TempMsg)
Exit
Endif
Endif
Answer:
Yikes! IIRC, NetWare v5.0 isn't even supported any longer by Novell, but I'll have to verify that.I'll ran on a test server here to see if I can duplicate the problem. My test server is NetWare v5.0 SP6, NDS version is v7.51.
I ran my standard test suite that I use for NetWareX extender development and it perform group membership add & delete operations w/o any problems.
One thing I noticed in your code that might be a problem is the following line:
sGroupSpec = StrCat("\\",sTree,"\CN=Share.O=Myorg")
Please note that you're missing the leading dot "." in the object name portion of the UNC spec.
Try changing it to be the following:
sGroupSpec = StrCat("\\",sTree,"\.CN=Share.O=Myorg")
The lack of the leading dot "." causes the group name to be interpreted as a RDN value rather than as a DN value, and that,
in turn, could be causing nwAddUserToGroup() to be attempting to add the user's object DN name [which you are specifying
properly with a leading dot "."] to the values of attributes on an object that is not actually a group object.
User Reply:
Please accept my apologies and profuse embarrassment. I hate it when that happens. I checked that syntax a dozen times, but that's what it was. I put that little dot in there and the code works like a champ.Answer:
What is really odd here is that you should have been getting an NDS -601 error indicating that no such object exists. That would have happened if you'd really messed up the object name badly enough. However, the RDN value you were entering was somehow resolving to the name of a non-group object and that in turn lead to a non-intuitive error message being returned.I suppose we could but in some additional code to test the object classes of users & groups in order to prevent this sort of problem from happening again, but then that would preclude using nwAddUserToGroup() with any derivative object types that are based on the user & group objects and which might be acceptable for managing with this function.
Article ID: W16542
File Created: 2005:02:18:12:21:22
Last Updated: 2005:02:18:12:21:22