Open Enterprise Server

OES 2015 NSS for AD

The big new feature in OES 2015 is NSS for AD.  With NSS for AD, AD users can be given file system access to an OES server.  Coupled with DSfW a functioning bi-directional trust will be possible.

Currently the limits with a bi-directional trust are with file system access from the AD side to the eDir/DSfW side.  The work around has been to add an AD user to a eDir/DSfW group and via the group the user will gain the needed ACLs to access a file system.  The problem has been file access via this method is limited to only DSfW servers.  This does not work with other OES servers.  Now with NSS for AD complete AD user access will be possible.

Watch this video for more information on NSS for AD in OES 2015

OES11SP2 is Available for Download

OES11sp2 is now available for download.

Sites and Subnets functionality is the biggest addition to DSfW.  It will allow the configuration of users to authenticate to a specific Domain Controller.  For this feature to work all Domain Controllers must be OES11sp2 servers.
Easy Wins configuration, Mac Client Support, Windows 8 Support,  Windows 2012 Support, and SASL NTMSSP Support are also big additions.
The SASL NTLMSSP Support will allow NTLM over LDAP bind request to be fullfilled.  Since more and more applications are supporting SASL NTLMSSP as the primary authentication mechanism for 2008 and 2012 servers this will allow more applications to work directly with DSfW.
The Novell Client has worked with well DSfW since OES2SP3, but that configuration was not supported.  It is now supported.
Download and test OES11sp2.  It is more robust and feature rich than previous… Continue reading

Delete an attribute on all users with a script

Here is the bases of a script to delete an attribute on a user.

I come across issues where an attribute was populated on several users that shouldn’t be there or you want to create new objectsids or just remove the existing objectsids and replace them with a back up.

Most DSfW installs are a name mapped install meaning the install is mapped to an existing container in the tree.  If this is the case the domain name most likely will not patch to context in the tree and most likely the objectclass wit not be domain.  An example of a domain with the name of mapped to a container with an objectclass of Organization (o=novell) and not domain (dc=novell).  Even it if is a dc most likely the fdn does not match the domain name.  Continuing with our example of that would… Continue reading