a n d r e a s . s c h u t z

*** UNDER CONSTRUCTION ***

Lately I have been designing different technologies for the school here on Gotland. We are, after a bunch of years, finally stitching the administrative and the educational part of Gotlands kommun together.

The project is named MERIT, and it is a fairly large IT-project for Gotlands kommun. Running over more than three years and spending more than 8M SKr it is somewhat of a monster. But it gives a new and at least for me, very welcome attitude to what IT can be used to achieve.

Aiming quite high we will try to use “bleeding edge” technology for our solutions. This include:

* MS Vista
* Zenworks 10
* Groupwise 7.5
* OES2 on SLES 10
* 802.1x
* NIM 3.5
and some other newly released stuff.

The last week I have spent some time trying to get MAC’s Leopard to play together with eDirectory 8.8 on Linux. The sad part of this is that I found nothing or very little information from the manufacturers to aid you in this. A search on google didnt render much, but finally I found theese links. Ofcourse, if anyone have better, newer or more user friendly information or workflows than theese rather ancient ones, feel free to drop a comment.

Novell cool solutions.
Novell forum.
Macenterprise.org

Hey Mac and Novell, wake up!
My search on the net gave me some old tips and tricks that had to be modernized and somewhat altered. Here I will try to give you an up to date workflow on my achievements.

The steps that have to be done roughly breaks down to:
* Expand eDirectorys schema to hold the objectclasses and attributes that Leopard needs to function.
* Import the template you need to make the attribute mapping on the Leopard client, and set it up for LDAP.
* Populate theese attributes with data that means anything to Leopard.

Lets make it a little more verbose.

Expand eDirectorys schema
This can be done in different ways, but i will describe the way I choosed. From the Macenterprise link above you can download their newest package (2004-10 … !) with info and tools. This is the best thing I have found, and it contains a pdf with information, some not so very functional ldif files and some outdated installationpackages for the MAC client. Anyhow, as I said, this is the best I have found. I downloaded and extracted it, well almost.
I am running Linux and ARK did not extract the files in a correct way. But I was able to extract the pdf and read more about how someone (the document does not say, but it sure look NOVELL-ish) in 2004 says that it should be done.
The document is very good and gives clear information of all steps. And like the document states, I extracted the ldif file applev2.ldf for UNIX since I am on a Linux machine. Then the document tells you to use a wizard in Novells ConsoleOne to update the schema with the applev2.ldf file.
That did not work for me. Every time I tried to do as perscribed, ConsoleOne shut down and died on me. Since ConsoleOne can be configured with hundreds of “snapins” and they do effect each other in an almost never ending puzzle of combinations, I decided to try other and more modern applications.
I decided on iManager. That is after all that I know the “latest and greatest” of Novells management applications. So I ran the iManager 2.7 with the 2.7 20070923 plug.-in called ImportConvertExport or simply ICE. The function is added under the “Schema – Extend schema” task under the “Roles and Tasks” tab. That looked promizing until the end when I got an error code stating error 236.
Well… Now what? In the end of the wizard-like “Extend schema” task, iManager displays the “real” ICE console command that it will run if you press “finish” on the last page. For me it looked like this:

ice -lice.log -C -a -SLDIF -f/path/to/my/applev2.ldf -DLDAP -s192.168.0.100 -p389 -dcn=admin,o=organization

I dont really know why, but I think my experience with wizards has been a little, lets say tainted, during the years as an administrator. So I decided to run this command direct from a console window just for fun! 😉

So I copied the applev2.ldf file from my SLED workstation to my SLES server and run the connamd as ROOT. Well now at least something got done. I was asked to enter the password for admin and then presented with the same errors as above.