[wpkg-users] [Bug 118] New: Users, windows version and LDAP objects support

bugzilla-daemon at bugzilla.wpkg.org bugzilla-daemon at bugzilla.wpkg.org
Tue May 13 00:26:20 CEST 2008 

http://bugzilla.wpkg.org/show_bug.cgi?id=118

           Summary: Users, windows version and LDAP objects support
           Product: WPKG
           Version: 1.1.x-M
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: wpkg.js
        AssignedTo: mangoo at wpkg.org
        ReportedBy: vorlicek at wo.cz
         QAContact: wpkg-users at lists.wpkg.org


Created an attachment (id=118)
 --> (http://bugzilla.wpkg.org/attachment.cgi?id=118)
Patched wpkg.js v.1.1.0-M6

I tried implement new functionality to hosts.xml = make possible to:
- define profiles not only for single computers (by their hostname and IP), but
also for domain computer groups and organizational units
- distinguish host operating system
- define profiles also for users and their domain groups and organizational
units

I plan to run wpkg not only at startup, but also at logon and logoff.
At startup I will use it for it's default usage - installation/upgrade software
(eventually for changes at HKLM and shared folders).
At logon and logoff I will use it for changes at user profiles and HKCU (most
of them only once executed).
New functionality allow me define host nodes for it.

For determining which profiles are used during startup,logon and logoff I will
use three xml files of profiles (profiles-startup.xml, profiles-logon.xml,
profiles-logoff.xml).
I start wpkg.js by cmd script from GPO. I don't use WPKG Client.

So, what are new features?

At hosts.xml it's possible to use now this attributes:
name
system
ou
group
username
userou
usergroup

At command line it's possible to use this parameters:
/applymultiple
/noldap
/host:<hostname>
/ip:<ipaddresses>
/system:<hostsystem>
/user:<username>

This is example of host.xml file:
<wpkg>
<host ou="Classrooms" system="XP" profile-id="Classrooms"/>
<host ou="Classrooms" usergroup="Domain Users" profile-id="Domain Users on
Classrooms"/>
<host ou="Classrooms" usergroup="Teachers" profile-id="Teachers on
Classrooms"/>
<host ou="Classrooms" usergroup="Students" profile-id="Students on
Classrooms"/>
<host ou="Classrooms" username="Administrator" profile-id="Administrator on
Classrooms"/>
</wpkg>

Internally main changes of script are at function getHostNode, which I
completely
rewrote. And because now it gives array of nodes instead of one node, I had
to rename it to getHostsApplying (name getHostNodes was already used).
Minor changes are at functions getHostProfiles and getProfileList. Many new
functions were added.

-------------------------------------------------------------
Detailed description of new attributes and parameters:

name:
- exact host name or its regular expression pattern, IP address or IP address
range
- newly you can use multiple values (separated by semicolons)
examples:
<host name="Server02" profile-id="profile" />
<host name="PC.+" profile-id="profile" />
<host name="192.168.1.1" profile-id="profile" />
<host name="192.168.0-2.200-30" profile-id="profile" />
<host name="Server01;Server02;PC.+" profile-id="profile" />


system:
- operating system - supported are names of operating system, service packs and
numbers of version
- regular expression pattern supported
- multiple values supported (separated by semicolons)
examples:
<host system="xp;vista" profile-id="profile" />
<host system="5.1.2600" profile-id="profile" />
<host system="xp.+professional.+sp3" profile-id="profile" />
<host system="5.1;6.0" profile-id="profile" />
notice:
It depends on order - "xp.+sp2" will work, "sp2.+xp" will not.
Write "sp3" instead of  "service pack 3".


ou:
- domain organizational unit (or container) of computers
- apply to all computers of unit and all it's subunits
- can use just name of unit ("Classrooms") or full path to unit
("mydomain.com/Academy/Classrooms")
- make sense to use it only for computers joined to domain
- multiple values supported (separated by semicolons)
examples:
<host ou="mydomain.com/Research Departments/IT Research" profile-id="profile"
/>
<host ou="IT Research;Classrooms;Computers" profile-id="profile" />
notice:
At the situation, that you have 2 organizational units with same name, e.g.
/mydomaincom/Research Departments/IT Research/Servers,
/mydomaincom/Research Departments/Servers
and want to address only computers in the first of them, you cannot write
ou="Servers".
You must use some of this two options:
ou="mydomaincom/Research Departments/IT Research/Servers"
or more simply ou="IT Research/Servers".


group:
- domain group of computers
- apply to all computers of group
- make sense to use it only for computers joined to domain
- multiple values supported (separated by semicolons)
examples:
<host group="Laptops;Print Servers;Domain Computers" profile-id="profile" />


username:
- exact user name or its regular expression pattern
- applies to both domain and local user accounts with matched name
- is destined for 
- do not use it, if you want to run script during startup or shutdown (or use
username="System")
- multiple values supported (separated by semicolons)
examples:
<host username="Einstein;Newton" profile-id="profile" />
notice:
If you have domain and local user accounts with the same name (for example
domain\administrator and computer\administrator), then profile defined for this
name (username="administrator") will apply to both.


userou:
- domain organizational unit (or container) of users
- apply to all users of unit and all it's subunits
- make sense to use it only for users with domain account
- multiple values supported (separated by semicolons)
examples:
<host userou="mydomain.com/Science Research/Science staff" profile-id="profile"
/>
<host userou="Science staff;Department of Biology;Users" profile-id="profile"
/>


usergroup:
- domain group of users (local groups aren't supported)
- apply to all users of group
- make sense to use it only for users with domain account
- multiple values supported (separated by semicolons)
examples:
<host usergroup="Managers;Teachers;Students;Domain Users" profile-id="profile"
/>

-------------------------------------------------------------
It's possible to use COMBINATIONS OF ATTRIBUTES. For example:

<host ou="Classrooms" system="5.1.2600" profile-id="some_profile" />  
- for all computers from Classrooms organizational unit (and their subunits)
with Windows Xp operating system

<host name="pc[0-9]" group="TestComputers" system="Vista"
profile-id="some_profile" /> 
- for all computers with name satisfying regular expression pc[0-9], which are
from TestComputers group and have Windows Vista

<host ou="IT Research" usergroup="Teachers" profile-id="some_profile" /> 
- profile will be applied if wpkg.js runs on computer from IT Research
organizational unit, and under user whose account is from Teachers domain user
group

-------------------------------------------------------------
/applymultiple
- if it isn't switched on - only first matching host node is returned (default,
backward Compatible mode)
- if it is switched on - all host nodes with matching attributes are applied

warning:
There is one exception to backward compatibility in situation if
"/applymultiple" is not switched.
Imagine that you have hosts.xml with this nodes:
<host name="Server.+" profile-id="profile1" />
<host name="192.168.1.1" profile-id="profile2" />
<host name="Server01" profile-id="profile3" />
With original wpkg.js profile3 is applied, with my patched script profile1 si
applied.

It is because original script search firstly for exact name, secondly for IP
address and thirdly for regular expression matching.
My patched script just search for first matching profile.
So if you want get profile3 with my patched script, you must reorder nodes to:
<host name="Server01" profile-id="profile3" />
<host name="192.168.1.1" profile-id="profile2" />
<host name="Server.+" profile-id="profile1" />

If it will be necessary, it's possible (I think) to change script to bee full
compatible (its mean to search the same way as original script).


/noldap
- if you know, that script will run in environment without directory services
(e.g Active Directory or OpenLDAP), you can switch it on. 
The script will then run faster, because it will skip trying to get host's and
user's organizational units and domain groups by LDAP queries.

/host:<hostname>
/ip:<ipaddresses>
/system:<hostsystem>
/user:<username>
- are for testing purposes
-------------------------------------------------------------
What must be done yet:

- rewrite function getHostVariables() to use getHostsApplying() instead of
getHostNode().
I had to disable calling a function getHostVariables() adding comment (search
for "//getHostVariables(variables)"), because it use function getHostNode().
But getHostNode() I rewrote to getHostsApplying() and now gives array of nodes
instead of one node.
I couldn't rewrite getHostVariables() myself, because I don't understand what
exactly this function do.
Could anybody help me rewrite this function?


What is possible to do next:

- if needed it can be added possibility to define also local user groups.
Something like usergroup="administrators" (for domain goups) and
localusergroup="administrators" (for local groups). Or like
usergroup="local/administrators;domain/administrators". I don't need it myself.

- if needed it can be added possibility to distinguish local and domain user
accounts. Something like username="administrator" (for domain accounts) and
localusername="administrator" (for local accounts). Or like
username="local/administrator;domain/administrator". I don't need it myself.

- it's possible to change script to bee full compatible (search the same way as
original script) as I wrote under /applymultiple.

- would be better use system attribute at package definitons instead of host
definitions? (as wanted at
http://lists.wpkg.org/pipermail/wpkg-users/2008-May/003278.html) 

- some of new command line parameters (applymultiple,noldap) can be added to
config.xml, if needed.

- could by usefull to distinguish presence of directory services automatically
by script, not by /noldap switch


-------------------------------------------------------------
I testet patched script on Windows XP Professional SP2 computers joined to
Windows Server 2003 domain. It works for me well.
But I don't know, how it works on other operating systems (Windows 2000 or
Vista), at environment without domain or at multi-domain environment.

Script must be checked. I never wrote in javascript before, so there could
be errors in code!

I don't speek English well, so there may be mistakes in comments.

So.
Test it please. Use this patch or it's parts as you want.
You can of course do any changes you want. You can also rename above attributes
- they needn't be strict as I wrote.

Jindrich Vorlicek


-- 
Configure bugmail: http://bugzilla.wpkg.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the wpkg-users mailing list