Unix-Windows user name problem

[wraheem]

I am writing a script that takes the output of UNIX script I wrote that gives the username and number of connections he/she has to the server. It then takes those names and in Windows uses a little Win32:OLE magic to determine thier department based on the users description in Active Directory.

The problem is this: our usernames in UNIX are only 8 charecthers long whereas in Windows there are as long as the user's name is. ie
Real name: George Washington
Unix name: gwashing
Windows name: gwashington

My script works fine for someone who's name is <= 8 letters, but more than that and I get an error.

I was thinking of doing a _DATA_ entry at the bottom of the script like:

_DATA_
gwashing = gwashington

so that whenever one of these names pop up (there are about 15) the script will replace the name with the correct windows name (but I have no idea where to start on that one).

The other thing I was thinking was to do something like:

if ($name == gwashing)
{ $name = gwashington}

But that would make the script run forever and that's just bad coding anyway.

It's the end of the day and I'm fried from just getting what I got so far.

I'll probably dream up something in my sleep but in the meantime if someone has a better suggestion, I'll gladly take it.

Thanks for your help,

wraheem

 

[MikeLacey]

putting a lookup table in a file, at the end of your script or in a separate file, is a good approach.

It might be better to put it into a separate file - there's less chance of someone damaging your script when changing a user-name then.

Mike

You cannot really appreciate Dilbert unless you've read it in the
original Klingon.

Want great answers to your Tek-Tips questions? Have a look at faq219-2884

 

[dmazzini]

I can recommend to have an .dat file with the following structure:

user|group|realname|email
dmazzini|CM|Daniel Mazzini|ext-daniel.mazzini@nokia.com
rabuda|RNW|Ron Abuda|Ron ext-ron.abuda@xxx.com

Just open a read .dat file and create a perl structure. Thus you dont need to touch the perl code every time.

Here an example:

#!/opt/nokianms/bin/perl
$guy= $ENV{USERNAME};
chomp $guy;


while (<DATA>) {
chomp;
my ($user,$group,$realname,$email)=split(/\|/);
$ALLOWEDUSERS{$user}= $group;
@data =($group,$realname,$email);
push (@{$ALLOWEDUSERS{$user}},@data);

}

check_existence_user();

#-------------------------------------------------------
# Subroutine Checking Existence of the user
#-------------------------------------------------------
sub check_existence_user {

if ( exists( $ALLOWEDUSERS{ $guy } ) ) {
$youcan=1;
}
else {
$youcan=0;
}

get_user_info();
}


#-------------------------------------------------------
# Subroutine get_user_info
#-------------------------------------------------------

sub get_user_info {
@USERINFO = @{$ALLOWEDUSERS{$guy}};
$group= $USERINFO[0];
$realname= $USERINFO[1];
$email= $USERINFO[2];

if ( $youcan ==1 ) {
print "\nWelcome $realname to the application.\n Your files will be sent to your email:$email \n\n";

}
else {
print "\nI am sorry $realname but you are not allowed to run this application.\nPlease Contact dmazzini (ext-Daniel.Mazzini\@nokia.com)\n\n";
exit;
}


}





__DATA__
user|group|realname|email
dmazzini|CM|Daniel Mazzini|ext-daniel.mazzini@nokia.com
rabuda|RNW|Ron Abuda|Ron ext-ron.abuda@xxx.com





dmazzini
GSM System and Telecomm Consultant

 

[wraheem]

Thanks, your suggestions really give me a new good starting point.

 

[MOrac]

If this is really a problem, why don't you use the AD names as your Unix login names via LDAP authentication? This would enable your users to have a single login name and password on both systems.

 

[wraheem]

It has gotten far to kludgy...unfortunately we (meaning they) don't care much about the UNIX box and I'm the only administrator.

By kludgy I mean if ajohnson & ajohnson01 needs UNIX accounts then
1. theres the whole 8 chararecther thing so there will be a ajohnson & ajohnso1.

2. Say there's a ajohnson03 but he doesn't need UNIX access. Then an ajohnson04 does. Guess what ajohnson04 UNIX name is? ajohnso2! This happens because (before I got here) the programmers where given control of creating accounts so as to make them work with this software.

3. In about a year they will be ditching this software for something windose based...good for them, bad for me. The only good thing is that our UNIX box is a RS/6000 running AIX and we use Lotus Notes (on Windows servers) so there may be some future.

I wanted to sync the logins when I first got here...no go.

 

[MOrac]

Perhaps you have enough access to add a field to the AD database with the Unix login names in, then? An LDAP lookup on the AD tree could both solve your original problem and retrieve the department information in a single call...?

 

[Rieekan]

One thing to consider for a long term thing. Once you have two users with the same name, your unix and possibly Windows usernames are going to change. For instance, a father and son both work at your company named George Washington, the son named after his father. They both cannot have the usernames of gwashing in Unix or gwashington in Windows. But as their names are the same and there isn't necessarily a Jr., II, etc. on the end of the son's name in your system, you'll have a difficult time of determining which George is which.

Just food for thought of course,

- Rieekan

 

[wraheem]

MOrac,

I'm more of a "Mr. Unix" guy than windows, but I have been learning quite a bit about LDAP/WMI/vbs, etc, so that I can try to stay afloat, especially with UNIX being pushed to the side here.

But help me understand...you can create a field and add it to the LDAP like you would any other DB? I was under the impression that it was static and unchanging.

Or was you suggesting using an unused field to store the Unix username?

Thanks to all for your help and patience.

 

[MOrac]

Sorry for the delay ... busy weekend. LDAP is a low-function database - you can add any fields you like if you have the access rights to do so. Even the AD tree of M$ will let you do this if you have the admin rights for it. However, there's also nothing wrong with using one of M$'s many fields that isn't being used in your set-up, if it makes life easier.