This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
EDirectory and Groups
EDirectory and Groups

Version management

Difference between version and

At line 1 added 37 lines
[{SET alias='Groups Edirectory'}]
!!!NDS Groups
NDS Groups have some interesting aspects that developers and administrators need to keep in mind when performing their duties.
!!Group Management With Novell Tools
When using Novell's tools (iManager, ConsoleOne and NWAdmin) the tools perform some background operations that developers and administrators need to know about.
!When Adding a User to a Group
Regardless of which method or tool is used the following attributes should be set on the Group entry:
* member - A FDN of the user entry.
* equivalentToMe - A FDN of the user entry. The equivalentToMe value is used to allow rights with the NDS Tree to be evaluated to determine who has equivalent rights to the group. In pure LDAP environment, where rights are not required within the Tree, this is optional.
Regardless of which method or tool is used the following attributes should be set on the User entry:
* GroupMembership - A FDN of the Group entry.
* securityEquals - A FDN of the Group entry. The securityEquals value is used to allow rights with the NDS Tree to be evaluated to determine this entries equivalent rights to the group. In pure LDAP environment, where rights are not required within the Tree, this is optional.
When __NOT using Novell's tools__, often only the member attribute of the group entry are set.
In addition, there are times in various versions that Novell's tools bugs in the tools fail to set the attributes.
!!Referential Integrity of [Distinguished Name Syntax|http://developer.novell.com/documentation/ndslib/index.html?page=/documentation/ndslib/schm_enu/data/sdk5582.html#sdk5582]
NDS maintains referential integrity on any values that are of the [Distinguished Name syntax|http://developer.novell.com/documentation/ndslib/index.html?page=/documentation/ndslib/schm_enu/data/sdk5582.html#sdk5582].
The good news if that if the member attribute is contains a user entry FDN and the user entry is removed, the member attribute value for the removed user entry will be removed.
Generically, here are the rules to keep in mind on NDS referential Integrity:
* Any attribute that is a distinguished name (DN) must reference an existing entry. This means you cannot populate a DN syntax attribute unless the referenced entry already exist.\\
* If a referenced entry is moved from one location in the directory tree to another, NDS will automatically fix up the DN to reference the entry in its new location.\\
* If a referenced entry is deleted in the directory tree, NDS will automatically remove the DN value of the referenced entry.
!![NDS Group Fix Tool|GroupFixTool]
If your groups are out of whack, this tool may help.
!![NDS Groups with IDM]
Do not work too hard see syncing [NDS Groups with IDM]
[Groups Edirectory]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop