Post v24 Enhancements to JRButils for Micro Focus products

Changes to multiple programs

  • Added the ability to create error and log files in UTF-8 format.
  • Added two new values for environment variable JRBDATETIME. A value of ISO displays date and times using local time in ISO format i.e. 20180524132145. A value of ISOZ displays dates and times using GMT time in ISO format e.g. 20180524012145Z.
  • Added the ability to accept date/times in ISO format, either in local, or GMT time if ‘Z’ is appended. Not all variations on the ISO format are accepted but the following are:
    • A date may be given in the form yyyymmdd or yyyy-mm-dd e.g. 2018-08-23.
    • A time may be given in the form hhmmss or hh:mm:ss e.g. 21:19:03.
    • The minutes and seconds may be omitted as per the traditional date/time formats.
    • A date and time may be concatenated together without a separator e.g. 2018-08-2321:19:03 or separated by ‘T’ e.g. 2018-08-23T21:19:03.
    • ‘Z’ may be appended to a date and time to indicate that the value is in GMT time rather than local time.
  • Made changes to the code for copying directory structures, used by programs such as netcopy and fsupdate, to avoid an apparent NSS/NCP bug where on rare occasions, not all subdirs in a directory were copied. The NCP request for retrieving entries (NCP 89 (20)) could return "no more entries" when the previous request correctly indicated not all entries had yet been returned. Copying via Windows File Manager worked correctly. Changing the fields requested (attributes, creation date, etc) to closely match those in NCP requests issued by the Client for OES Enterprise Server, appears to have bypassed the issue. An error is now reported when NCP 89 (20) returns zero entries, but the previous request indicated there were more entries.
  • Made changes to the code for copying directory structures, used by programs such as netcopy and fsupdate, to detect an unusual situation where the long name of a file is a valid DOS name (e.g. HUBERT~1.DOC), and another file has that actual DOS name. It is not known how this arises but NSS/NCP does not allow creation of a file with a long name that matches either another long name or a DOS name in the same directory. The file with the long name equalling a DOS name must be renamed before it can be copied to another NSS location. The programs now detect this situation and give an appropriate error message.
  • Changed the size of the buffer to the maximum allowed when retrieving group members. This was in response to an apparent eDirectory bug where not all members were returned for a complex nested group structure of 90 groups and 1900 members. As not all 1900 members fitted into a single buffer whatever the size, the buffer size should have been irrelevant. But the problem no longer occurred when using the maximum buffer size. The issue could not be reproduced here with a simple nested structure and more than 2000 members.
  • Corrected an issue with name expansion created several years back, for some forms of a relative eDirectory name when the object did not yet exist. This affected some programs such as grpadd when /c was used to create the group.
  • Updated all programs to accept input files containing unicode (big-endian or little-endian), or UTF-8 as indicated by a byte order marker (BOM). The unicode options may be useful when processing files created from a spreadsheet.

Changes to individual programs

Fsupdate

  • Modified /w to allow it to specify copying directory quotas and/or all volume quotas on a volume. Volume quotas may be copied from one Micro Focus volume to another, or from one Windows volume to another.

Getname

  • Fixed an issue when using /c to specify text to appear between attribute values, and getname automatically inserted %objectName as the first field, it was inserting a field width for %objectName when it should not have.
  • Modified so that when displaying values for selected attributes, and using /q to alter the format, /v may be also used to suppress the attribute names.
  • Fixed an issue where no values were displayed when using /a=* and /q.
  • Added /b=m to allow a line of output to be produced for every value of a selected attribute. The default is the first attribute, not counting the object name, but a number may follow m e.g. m3 would use the 3rd attribute. This provides a means of displaying values for a mult-valued attribute in a form where they can be saved, edited and returned to eDirectory via setname.

Getquota

  • Fixed an issue where it failed to verify a path given as an eDirectory volume object only without a colon appended.
  • Fixed an issue where it was failing to display quotas at a volume root under OES 2015 onwards.

Getrest

  • Fixed an issue where it could produce an application error on exit after retrieving values for GroupWise 2014 onwards.
  • Fixed an error where it did not filter correctly on date and times when using ‘gt’ and an incomplete time was given e.g. 23-Aug-2018:18:30.
  • Modified the heading when filtering on a date and time, so that the filter date is displayed in the output date format (the default or that specified via environment variable JRBDATETIME), instead of as specified on the command line, which may be something like “today-4”.

Groups

  • Fixed an issue when saving the output to a file, with “In columns at required widths” selected, only the first column was saved.

Grpdel

  • Fixed an issue where it could incorrectly report that a user was a member of a group via nested groups, when it was not directly a member of the group.

Grplist

  • Fixed an issue where names containing ‘&’ were not enclosed in double quotes, when using /z to list the members as a series of commands.
  • Modified to remove escaping backslashes in names when producing adgrpadd or adgrpdel commands.

Gwgroups

  • Added the ability to set various fields for group members as per gwusers, via parameters of the form vb=2. Setting fields which hold user specific values such as preferred email address is disallowed.
  • Added value descriptions for allowed address formats, and address format back into the in-built help. These had been lost when /u and /r were retired in favour of parameters gb= and gc=.
  • Retired /w for setting group visibility. This has been superceded by command line parameter lv=.
  • Added the ability to display gateway aliases under GroupWise 2014 onwards.

Gwusers

  • Fixed an issue introduced in v24, where it no longer displayed the totals line giving the domain, post office and user counts when displaying multiple domains or post offices.
  • Fixed an issue where an application error could occur when creating a user in 2014 onwards, and creating an association in the same command.
  • Added the ability to display gateway aliases under GroupWise 2014 onwards.

Jrbimprt

  • Modified to ignore the uniqueDomainID attribute when copying attributes from a template. This appears to be part of DSfW and can only be set by the system, which resulted in an “insufficient rights” error.
  • Fixed an issue where it failed to recognise that a user did not exist on GroupWise 18, due to a change in the default format of REST responses from the server.
  • Added option ‘w’ to control statement “Random password type” to produce random passwords compliant with Windows password complexity requirements in terms of characters included, and not including the entire CN, given name, surname, full name or display name, or any component of three or more letters in any of these attributes.
  • Added option ‘p’ to control statement “Random password type” to produce random passwords compliant with the applicable password policy. If the password uses “Novell syntax”, then the resultant password complies with the following:
    • Password length from the policy
    • Characters allowed
    • Minimum and maximum numbers for each character category if set
    • Illegal first and last characters
    • Maximum times a character can be repeated
    • Minimum unique characters
    • Maximum times a character can appear consecutively
    If the policy is set to use Windows password rules, then the password meets the Windows complexity requirements as per “Random password type=w”.
  • Added control statement “Process GroupWise users only” to supercede “Process GroupWise 2014 users only” now that GroupWise 18 is available. The latter statement will continue to work for both GroupWise versions.
  • Modified jrbimprt to run without the presence of the Client for OES Enterprise Server when using “Process GroupWise users only”.
  • Modified to allow disassociating users, publishing email addresses and synching changes without the presence of the Client for OES Enterprise Server. Creating an association requires the client to get the eDirectory guid.
  • Fixed an issue where specifying a full GroupWise name in the data file did not override a post office and domain given via control statements.
  • Fixed an issue when creating external users under GroupWise 2014 onwards, it was not working correctly when the post office and domain appeared as separate fields in the data file.
  • Added the ability to set gateway aliases for users and external users under GroupWise 2014 onwards.
  • Fixed an issue where it could under some circumstances fail to start reporting the Client for OES Enterprise Server was not installed and a “GroupWise Admin Service” control statement was required.

Makehome

  • Fixed an issue introduced a while back when resolving a change of API behaviour where it would incorrectly report that some paths were not in the allowed list.
  • Produced a new version of makehome for OES2018 which uses systemd instead of system V as per OES2015 and earlier, for the system startup and service manager. This required changes to makehome itself and to the installation procedure. Consequently two versions of the rpm for 64 bit OES Linux are now provided. They are:
    makehome-sv-1.0.34-1.x86_64.rpm for OES2015 and earlier
    makehome-sd-1.0.34-1.x86_64.rpm for OES2018
    The start/status/stop commands using /etc/init.d/makehome can still be used on OES2018 but systemctl should be used instead. After installing makehome on OES2018 ussue the following commands:

    systemctl daemon-reload
    systemctl enable makehome.service

    We have not had any success getting these to work via the install script. Useful commands are:

    systemctl start makehome.service
    systemctl status makehome.service
    systemctl stop makehome.service
    journalctl -u makehome

Netcopy

  • Updated to allow copying all volume quotas from one Windows volume to another via /w.

Openfile

  • Fixed an issue introduced when adding support for processing multiple servers, where it could attempt to validate a path on the wrong server when the path was given in UNC format.
  • Fixed an issue created at the same time as above, where it failed for a file name without a path e.g. “openfile whatever.exe /d”.

Pwdpols

  • Updated to support the password syntax “Use Microsoft Server 2008 Password Policy”.
  • Corrected an issue where it failed to assume that the first parameter was a policy when the name included the “password policies” container.

Quotas

  • Fixed an issue where it failed to verify a path given as an eDirectory volume object only without a colon appended.
  • Fixed an issue where it was failing to display quotas at a volume root under OES 2015 onwards.

Salvlist

  • Fixed an issue introduced into the GUI versions in v23 where the initial directory was not set to the current directory when running salvlist from a drive mapped to an OES Linux or Netware server.

Schema

  • Added the ability to filter on attribute name e.g. /n=pwd*, when displaying the attributes for an object class.
  • Added /s to filter on syntax ID e.g. using /s=7 would display only boolean attributes.
  • Modified to display the number of attributes listed.
  • Added /m to filter the attributes displayed based on various properties. These include:

    a The attribute is associated with an auxiliary class
    g The attribute has a string value
    h The attribute is flagged hidden
    i The attribute is flagged synch immediate
    m The attribute is multi-valued
    n The attribute is not replicated
    p The attribute is flagged [public] read
    r The attribute is read only
    s The attribute is single valued
    v The attribute is not removable from the base schema
    w The attribute is flagged write managed
    x The attribute is flagged server read only
    z The attribute has size limits

    The properties may be combined and negated in the filter e.g. it is possible to list all single valued attributes flagged synch immediate.
  • Fixed an issue when using /a where attribute details were displayed for a pseudo-attribute such as “Password management” but were not displayed when also using /o because it is not assigned to any object classes.
  • Generally tidied the processing of pseudo attributes such “Password Management“ and “[Entry Rights]“.

Setacl

  • Modified so that it should now correctly verify pseudo attributes added as schema extensions e.g. DirXML-AccessRun, without them being hard coded.

Sethome2

  • Fixed a cosmetic issue where it did not display the path correctly when adding rights to a newly created home directory, and the path contained extended characters.

Setname

  • Added the ability via /n to set multiple values for attributes holding object names. Previously, /n could be used only with attributes holding text values.
  • Updated so that /v=r works correctly with /n.
  • Added the ability to easily set values for multiple attributes in a single command using parameters in the form “givenName=Jan lastName=Smith title=Ms”.
  • Fixed a long-standing oversight where it was not accepting a value of “none” for date/time values.
  • Added /v=t which produces an identical result to /v=r, but achieves it differently. Both replace existing values for an attribute. /v=r issues a single request to the server to clear all existing values and to add the new value. /v=t performs these operations in separate requests. Both methods are equally valid, the first is more efficient. Setname originally issued two requests, but was modified after feedback had been received that this approach caused issues with the IDM connector. Recent feedback has indicated the opposite, so either approach can now be used.
  • Fixed an issue where it did not delete values, despite reporting that it had done so, when using an input file, with a name and multiple values per line, as indicated by /f and /n.

Setpword

  • Added /g=w to produce random passwords compliant with Windows password complexity requirements in terms of characters included, and not including the CN, given name, surname, full name, display name, or any component of 3 or more characters in the values.
  • Added /g=p to produce random passwords compliant with the relevant password policy. This is equivalant to “Random password type=p” for jrbimprt. More information is given above.
  • Combined /c (retain the current password expiration date), /$ (update the password expiration date) and /t (expire universal password when changed by an admin) into options under /c to free up /t for a new use.
  • Added a new /t allowing a password policy to be named. This may be used with /g=p to have the password comply with a policy where one has not been assigned, or to comply with a different policy to that assigned.

Setrest

  • Fixed an issue introduced last year where it would not allow setting a value for grace logins remaining larger than the current value. It was comparing the new value with the current, instead of the value for grace logins allowed.
  • Fixed an issue where it could produce an application error on exit after setting values for GroupWise 2014 onwards.

Trstlist

  • Fixed an issue where an error resulted when specifying a semicolon as a value for /w.
  • Fixed an issue with displaying trustees for [Root].
  • Changed /u which forced output of DOS paths to /w=k.
  • Added the ability to retrieve and display trustees from the ._NETWARE\.trustee_database.xml file at the root of each volume.
  • Added the ability via /u to compare trustees in the above XML file with those stored in the individual file and directory entries. Using /u=x will read all trustees in the XML file and ensure there is a corresponding trustee retrievable via NCP. Using /u=n will retrieve trustees for the specified files and directories, and for each, ensure there is a corresponding entry in the XML file.
  • Fixed an issue when using /r with Linux versions of trstlist, where it did not correctly display a trustee for [Public]. This is a pseudo-eDirectory object and as such, it does not have a guid. But it is assigned a guid for this purpose which trstlist now recognises and translates to [Public].
  • Added the IRF as a separate output column, so it can be displayed with file or directory trustees, without having to use /t which produces a separate line to show the IRF.
  • Fixed an issue in the GUI versions where it was not possible to display trustees for files only without it also including trustees for the starting directory.
  • Modified the GUI versions so that fields for primary and secondary sorting are selected from a drop down list instead of radio buttons.

Usergrps

  • Updated to work with template objects as well as users and groups.
  • Added /o allowing the object class (user, group or template) to be specified. This is only necessary when using wildcards in the object name for non-user objects.

Whodidit

  • Combined /h, /i and /r which are all path formattng options into a number of options under /h.
  • Added a new /r to expand DFS paths. Previously a DFS junction was displayed as a file and values for files and directories in the DFS path could not be displayed.
  • Added /r=d to allow displaying of actual paths in a DFS link, rather than treating them as part of the directory being processed.
  • Modified so that the path formatting options now under /h are applied to DOS paths when displayed via /o=@.
  • Changed the default width of the creation, modification and archive dates from 22 to 24 for Linux versions to accommodate the wider date format when using JRBDATETIME=LOCALE.
  • Added two letter codes for all of the output fields, to avoid having to use letters such as ‘(’ and ‘{’. Either the single or two letter codes may be used. A consequence of the change is that a sequence of single letter codes, if used, must be comma separated e.g. /o=a,b,c. This does provide a work-around to the obscure issue of (e.g.) /o=@o being treated as a template when the intention was to display the full DOS path and owner.