Announcement

Collapse
No announcement yet.

Hyena Interface with NetIQ DRA

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Hyena Interface with NetIQ DRA

    We are losing LDAP access to AD due to the implementation of NetIQ's Directory and Resource Administration (DRA). We are being told that LDAP write ability will be removed and that we will have to utilize the DRA ADSI Provider for our access. We were given this example script for converting from LDAP to the DRA ADSI Provider:
    ***************************************
    You have to install the DRA ADSI provider which is one of the clients you can choose when installing the client. It is not installed by default on the client

    * Native ADSI
    Set objUser = GetObject("LDAP://cn=sean,cn=users,dc=corp,dc=local")
    strSam = objuser.get("SamAccountName")
    wscript.echo "LoginName: " & strsam

    * DRA ADSI
    Set objUser = GetObject("OnePoint://cn=sean,cn=users,dc=corp,dc=local")
    strSam = objuser.get("SamAccountName")
    wscript.echo "LoginName: " & strsam

    You can also specify the specific DRA server by specifying the path as
    Set objUser =
    GetObject("OnePoint://DRAservername/cn=sean,cn=users,dc=corp,dc=local")

    We have installed the ADSI Provider, but so far we cannot get Hyena to interface with DRA. Does anyone know if this is possible? Does Hyena only support LDAP? Does anyone have experience with this type of configuration?

    Thank you in advance!
    Tags: None
  • #2
    Re: Hyena Interface with NetIQ DRA

    Hyena contains a lot of internal references to LDAP, but most of these could be fairly easily replaced with a different provider, assuming it was the same on all domains being managed. But Microsoft's LDAP implementation has a lot of quirks, and these were worked around over the years, so going to another provider might have a lot of unintended consequences on these changes. I'm not saying that any bad will happen, just errors and such that are due to the workarounds.

    Have you tried going into Hyena's Object Manager and changing the path to be what you provided in the examples ? Let me know exactly where the first error or problem happens at and we can see if there is an easy fix.

    Hyena never uses native ldap function calls, but rather uses Microsoft's ADSI providers, but always either assuming an LDAP path or building one where we have to, again assuming an LDAP path.
    Kevin Stanush
    SystemTools Software Inc.

    Comment

    • #3
      Re: Hyena Interface with NetIQ DRA

      Thank you for your response.

      Yes, we have tried to modify the path through Object Manager using the path we were provided. We have tried a lot of different deviations of that path also, without success.

      The domain shows up in our object list, and can be expanded one level to show the Containers/OUs and All Users objects, but those objects cannot be expanded. The primary error we get is the following: "Unable to access Active Directory path OnePoint://DRAServerName. The parameter is incorrect."

      Thanks.

      Comment

      • #4
        Re: Hyena Interface with NetIQ DRA

        It would appear that this error is being returned by the Microsoft ADsOpenObject function. This is either caused by the Microsoft function not supporting your provider, or the format of the path that Hyena uses to access the root of the domain.

        Since all of Hyena's objects under a domain are considered to be 'top level' objects, the format that Hyena uses to access them is:

        Provider://domain_controller

        The domain_controller can either be a Netbios or DNS name depending on the settings.

        I guess the central question is what format your provider would want the path to be in if you were access the root of the domain. Your examples above access a specific object, but there has to be a way to get at the top level of the domain; Hyena uses the name of a DC, as it needs to always know which domain controller its dealing with.

        One test you can try is to enter a container/OU object into Object manager, ie:

        Provider://CN=Users,DC=yourdomain,DC=com
        -or-
        Provider://dc_name/CN=Users,etc.

        I was unable to test this obviously, but it might show us more errors to troubleshoot.
        Kevin Stanush
        SystemTools Software Inc.

        Comment

        • #5
          Re: Hyena Interface with NetIQ DRA

          Thanks again for your response.

          If we try the Provider://CN=Users,DC=yourdomain,DC=com format, we get the following error: "Unable to access Active Directory path onepoint://DRAServer. E_ADS_BAD_PATHNAME."

          Is there a way to ensure my provider is functioning properly?

          Comment

          • #6
            Re: Hyena Interface with NetIQ DRA

            Try it with:

            Provider://dc_name/CN=Users,DC=mydomain,DC=com

            Another thing is to try a directory browsing tool like adsvw.exe from MIcrosoft; you should be able to search their site for this tool. Try using it without checking the 'UseOpenObject' checkbox to see if you get an error.

            [This message has been edited by kstanush (edited 02-29-2008).]
            Kevin Stanush
            SystemTools Software Inc.

            Comment

            Previous template Next
            Working...
            X