Archived Content: This information is no longer maintained and is provided 'as is' for your convenience.
Novell NetWare 6
Novell NetWare NetStorage
Login Script Processing by NetStorage
This Document outlines information regarding the various options available for creating login scripts that will be read by NetStorage.
Login Script Processing by NetStorage
When a user authenticates to NetStorage, the login scripts associated with the NDS user object in the primary authentication domain are processed. These login scripts are the same ones created for the traditional Novell Client. However, since NetWare login scripts were designed to be processed by the Novell Client on the userÂ·s workstation, many of the defined statement types and script variables have no meaning a for the NetStorage middle tier implementation.
This paper describes the login script statement subset that is implemented by NetStorage.
Multiple Authentication Domains:
NetStorage allows for the configuration of multiple authentication domains or eDirectory trees. One of these authentication domains is configured as the primary domain. When the user submits his userid and password to login, NetStorage authenticates to the primary domain, and if successful, attempts to authenticate to all other domains.
**Note** Only the login scripts from the primary domain (eDirectory tree) are processed.
Multiple Login Scripts:
Multiple login scripts are processed, if present. Multiple scripts are processed as if they were concatenated into one longer script. Scripts may be obtained from container objects, profile objects, user objects, or any file designated by the INCLUDE statement.
The container login script is processed first. A search is made up the tree from the user object to find the lowest container object that has a login script. The search for a container login script ends when we find a container with a login script, or if there are no more parent containers, or if we reach a container for which the user does not have read access. A container login script is optional.
The number of levels that NetStorage will read upwards is controlled by the registry key XTIER\Configuration\mapdav, Container Search Height. The default is 1 level. The value can be most easily amended through the NetStorage management tool, nsadmin, parameters for NetWare Storage Provider.
The profile login script is processed second. If the user object points to a profile object, that profile object is checked to see if it has a login script. A profile login script is optional.
The login script of the user object is processed last. A user object login script is optional.
Login Script Statements:
NetStorage processes login scripts in order to find MAP statements. Each MAP statement will generate one path into the NetWare file system that the user will be able to access using NetStorage.
Login script processing will result in finding from zero to several NetWare file system paths. Zero paths would be the result if there were no scripts found, if the scripts (taking into account any conditional statements) did not contain any MAP statements, or if no MAP statement resulted in a file system path that the user had rights to access.
The login script statements recognized and processed by NetStorage are:
All other login script statements are treated as comments and ignored.
User Object Attributes:
The value of an eDirectory attribute of the current user object can be substituted anywhere within the login script. Precede the attribute name with a percent (%) and replace any spaces in the attribute name with an underscore (_). Some attributes that are useful in login scripts are:
Usually this is done as part of the MAP statement or the IF statement. For example:
IF %LANGUAGE = ENGLISH
The eDirectory syntax types supported by NetStorage for these attributes are path, string, and list. In the case of the list syntax, only the first string in the list is used.
The MAP statement is the main statement for NetStorage, as it defines a path into the NetWare file system that the user will be able to access using NetStorage.
The general form of the MAP statement is:
MAP [modifier] drive_letter path
The EXIT statement terminates all login script processing as if the end of the login script had been reached. All successful MAP statements processed prior to the EXIT statement are maintained and presented to the user. It does not matter whether the EXIT statement was encountered in a container script, user script, or included script file. Example:
IF ERROR_LEVEL <> 0 THEN EXIT
NetStorage does not use any MAP statement modifiers, and depending on the modifier, NetStorage will either ignore the modifier or ignore the entire MAP statement. The modifier is optional.
Any of the following modifiers will be ignored, and the MAP statement will be processed as if they were not present:
Any of the following modifiers will cause the entire MAP statement to be ignored (not processed):
The drive letter specifies which drive the path is to be associated with. (NetStorage is not a client redirector, but maintains the drive terminology for simplicity.) There are three formats for drive_letter.
1. A specific letter is followed by a colon and an equal sign:
2. A relative letter is asterisk, numeral, colon, equal sign. NetStorage assigns these relative to Â·FÂ·. So *1 is Â·GÂ·, *2 is Â·HÂ·, etc.
3. Any next available letter is denoted by Â·NÂ· or Â·NEXTÂ·:
Absolute mappings (#1 above) will override any previous mapping that was assigned to the same letter. Relative mappings (#2 and #3 above) will pick any available letter. It is better to assign absolute mappings first in a login script. Otherwise, an absolute mapping may override a previous relative mapping that happened to have been assigned the same letter.
Path: This format of the MAP command is also valid for using an alias of a volume object. IF Statement: Member Of: Comparison: Variables: ELSE Statement: INCLUDE Statement: INCLUDE may also specify a container whose login script should be executed, e.g. "INCLUDE .novell"
The path portion of the MAP statement designates a directory in the NetWare file system that the user will be able to access using NetStorage. The user will have access to subdirectories below this directory, but will not be able to go above the directory specified. This directory can be the root directory of a volume.
For NetStorage the path must identify the server, volume, and directory path from the root of the volume. The server and volume can be identified either by their physical names, using the eDirectory distinguished name of the volume, alias object or ipaddress.
Examples of MAP statements with physical names:
When the eDirectory name of the volume's volume object is used, it must include the full context. A leading period (Â·.Â·) identifies this distinguished name form. If the tree name is supplied with the context, it must end with a period. The server is identifiable with this form because it can be found from the volume object in eDirectory.
Examples of MAP statements with eDirectory names:
With Novell Client it was possible to not identify the server, because it was assumed that the server was the one being logged in to. It is not possible to make any such assumption with NetStorage. The following example would be invalid with NetStorage:
NetStorage makes sure that the file system path is accessible by the user before making it available. If the file system path doesnÂ·t exist, or the user doesnÂ·t have any rights to it, then NetStorage will not display it to the user.
The general form of the IF statement is:
IF conditional [THEN statement]
[statement(s) if true]
[statement(s) if false]
The conditional (described below) is evaluated to be either true or false. If the conditional is followed on the same line by an optional THEN clause, the THEN statement is processed if the conditional is true, and the ELSE and END statements are not present.
The following forms are equivalent:
IF <conditional> THEN <statement>
**Note** NetStorage allows IF statements to be nested up to 16 deep.
There are two forms of the conditional supported by NetStorage. The first Â·member ofÂ· form is used to test if the current user is (or is not) a member of a
specific user group:
IF MEMBER OF "group" THEN
IF NOT MEMBER OF "group" THEN
The group name must always be enclosed within double quotes. The group name may specify the full context of the group object. If it does not, then the group object is assumed to be in the same context as the current user object. Examples:
IF MEMBER OF "MANAGERS"
IF NOT MEMBER OF "ADMINS.UTAH.WESTERN"
The second form of the conditional is the Â·comparisonÂ· form:
IF operand1 operator operand2
The operands are both evaluated as strings, and should be enclosed within double quotes to avoid ambiguity. The operator determines how the two strings are compared:
= if the two strings are equal (exactly the same)
<> if the two strings are not equal
< if the operand1 string is less than the operand2 string
<= if the operand1 string is less than or equal to the operand2 string
> if the operand1 string is greater than the operand2 string
>= if the operand1 string is greater than or equal to the operand2 string
Usually one of the operands is variable and one is a constant.
There are three types of variables supported by NetStorage: User object attributes, <WEBACCESS>, and ERROR_LEVEL.
When an attribute of the current user object is used in a comparison, the string value of that attribute is compared. For example, to test if the current userÂ·s default language is not English, use:
IF %LANGUAGE <> ENGLISH
The <WEBACCESS> variable enables you to process the login script differently when it is read by NetStorage and by the traditional Novell Client. NetStorage implicitly defines <WEBACCESS> to have a value of 1. For the traditional Novell Client, its value would typically be undefined. Therefore, a statement such as:
IF <WEBACCESS> = "1"
would be true for NetStorage, and false for the traditional Novell Client.
ERROR_LEVEL is a special variable that can be used to tell if there have been any errors encountered in the login script processing. For example:
IF ERROR_LEVEL <> 0
would test whether there had been at least one login script processing error. NetStorage does not register an error for a statement that is unrecognized or unsupported and therefore totally ignored.
The ELSE statement is used with an IF construct to end the block of statements which will be processed when the IF condition is true, and to start the block of statements which will be processed when the IF condition is false. The ELSE statement is optional, because an IF construct may not have any processing when the IF condition is false. Example:
<one or more statements processed when condition is true>
<one or more statements processed when condition is false>
IF constructs with a THEN clause are not allowed to have an ELSE statement (or an END statement).
The END statement terminates an IF construct. There may or may not have been a preceding ELSE statement. Example:
<one or more statements processed when condition is true>
IF constructs with a THEN clause are not allowed to have an END statement (or an ELSE statement).
The INCLUDE statement gives the name of an ANSI text file which is to be processed as login script statements and inserted at this point in the overall login script. The file name must contain the entire file system name (server, volume, directory path) of the file. Example:
NetStorage allows INCLUDE statements to be nested up to 3 deep.
This format of the MAP command is also valid for using an alias of a volume object.
INCLUDE may also specify a container whose login script should be executed, e.g. "INCLUDE .novell"