I helped a customer who needed to reset the four default ACL's on all 7000 of their users back to the defaults. This perl program creates an LDIF which accomplishes this task.
Here are the steps you need to follow:
On Linux, Perl is installed by default.
On Windows, you'll have to install Perl. I prefer the one from www.activestate.com.
1. Create input file with all the user DN's
ldapsearch -h shiloh -b "o=novell" "objectclass=inetorgperon" dn > users
2. Create the LDIF that adds the default ACL's
perl acl3.pl users acl.ldif
3. Import the acl.ldif file
ldapmodify -h shiloh -D "cn=admin,o=novell" -w novell -f acl.ldif
On Linux, ldapsearch and ldapmodify are installed by default.
On Windows, both of these commands are available in sys:Public\mgmt\ConsoleOne\1.2\bin.
If some of the default ACL's are present, add the -c switch to the ldapmodify command. It will continue processing the ldif even if duplicate values are found.
Changes in 5.0:
Previously, the DN's had to be separated by exactly one line. In 5.0, this restriction has been removed. The DN's can be separated by any number of lines. In addition, they don't need to be separated at all.
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.