Creating groups of groups
Novell Cool Solutions: Question & Answer
Q:
Can I use a dynamic group to make a group of groups? We have several groups that all start with DEV_, and we would like to have anyone who is a member, map a specific drive. My thought was to set file rights on the Dynamic group, create a query that returns the all groups that start with DEV_, and map that way, with a simple if-then.
This doesn't seem to work. I get no errors in my login script, but I also don't get mappings. I realize that we could simply create a big if then statement in the login script, but I thought that using a dynamic group would be a better fit.
A:
This won't work as you intend.
1. NWFS isn't aware of dynamic groups today.
2. Creating LDAP search filters that use an extensible match (which would
be the match for groups beginning with a value) require an exact value
match, because the DN has to be fully matchable. Wildcards do not now
function in this environment (and probably won't in the future because
of the complexity of the search).
Essentially, the process would need to perform multiple searches.
1. Find all groups within the tree that match "dev_*".
2. Resolve those to EIDs.
3. For each of the EIDs, perform a search against the scope of the
search to find all matches.
So, if there was a dev_a.novell, dev_b.novell, and dev_c.novell, we first would have to find all of these groups using a CN search for dev_*, and then perform 3 searches to find all matches for the specific groups. In the order of scalability, it's not a huge growth factor, but it's enough complexity that the wildcard search wasn't implemented.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com