!!! Overview
NDS Groups have some peculiar items that make adding a user to a group more difficult than it appears. See [More Information On NDS Groups|MoreInformationOnNDSGroups] for the details.
The [{$pagename}] will fix most of these "peculiar items" on a single or all groups.
%%error
[Use Entirely at Your Own Risk|Standard Disclaimer]
[CISUS.COM] nor anyone else is responsible if you use this tool or any information on this site and causes damages to anyone or anything! [You are required to read Our Standard Disclaimer|Standard Disclaimer]
%%
!! Usage
The -L option will list groups and members but NOT perform any operations.
The Group Fix Tool performs the following:
* Reads the Group's "member" attribute values
* Adds any values from Group's "member" attribute to the "equivalentToMe" value if they are missing.
* Checks each user entry in the Group's "member" attribute value and adds the group's DN to the "GroupMembership" and "securityEquals" attributes of the user entry.
What the tool does NOT do:
* Never adds a user entry to a Group's "member" attribute.
* Never removes any values from entry to a Group's "equivalentToMe" attribute.
* Never removes any values from entry to a User's "GroupMembership" attribute.
* Never removes any values from entry to a User's "securityEquals" attribute.
!Group Fix Tool Usage
{{{
Usage: java -jar GroupFix.jar [ -dLvA ] [ -e <keystore> ] [ -h <host> ] [ -p <port> ] [ -Z <encrypted connection> ] -D <the DN of the object used for authentication> [ -w <bind password> ] [ -G <groupDN> ]
-d enable API debug output - Default=false
-e Path to a Java Keystore. A valid certificate in the keystore enables
an encrypted TLS connection. See also the -Z option. - Default=""
-L Print Groups and Group Members in LDIF format (no operations performed) - Default=false
-h host name or IP address. A port can be specified with the
host name as hostname:port, i.e. myhost:389. See also
the -p option - Default="localhost"
-p host IP port number. See also the -h option - Default=389
-v enable verbose output - Default=false
-Z sets the type of encrypted connection. A Keystore must be specified
with the -e option to enable an encrypted connection.
SSL - Establishes an encrypted connection using
SSL. The default port is 636
TLS - Establishes an encrypted connection using
TLS. The default port is 389 - Default="TLS"
-D cn=admin,ou=administration,dc=willeke,dc=com - Required Argument
-w the password for the DN of the object used for authentication - Default=""
-G the baseDN where groups are or the FDN of a single group - Default="dc=willeke,dc=com"
-A True if we should fix ALL groups or false if to fix a single group - Default=false
}}}
So running:
{{{
java -jar GroupFix.jar -dvA -h 192.168.1.4 -p 389 -D cn=admin,ou=administration,dc=willeke,dc=com -w secret -G ou=groups,dc=willek,dc=com
}}}
Would be (d)ebug output, (v)erbose output (A)ll groups on (h)ost 192.158.1.4 on (p)ort 389 binding as (-D) cn=admin,ou=administration,dc=willeke,dc=com with a password of (-w) secret and fixing all (G)roups that are in the container "ou=groups,dc=willek,dc=com"
![Standard Disclaimer|Standard Disclaimer]
![Copyright And Intellectual Property Information|Copyright And Intellectual Property Page]
! Download GroupFix.jar
You can freely [download the GroupFix GroupFixTool/GroupFix.jar].
Just do not try to make money with it.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]