Novell Home

Building Group Memberships in eDirectory

Novell Cool Solutions: Tip
By Jack Shreve

Digg This - Slashdot This

Posted: 21 Nov 2007
 

Problem

You have been tasked with creating an eDirectory group with membership identical to, or very similar to, a group that already exists. The members of the existing group, and your soon to be new group, numbers in the dozens or even hundreds of members. You certainly would rather not manually add each member to this new group.

You are aware of the issues with rights that using ConsoleOne 1.3.6f to accomplish this can entail. (See the example and TID reference below.) You do not have time to pursue LDIF or a 3rd-party utility solution, and/or management will not support you in doing so, even if the utility is free.

Solution

(STANDARD DISCLAIMER) Check eDir health on the replicas of the partition(s) holding the groups involved. Then, use iManager 2.6 or later, making sure it has the basic plugins installed, to complete the following steps.

First, you need to create the new group to which you need to add all those users. Please create this group using iManager.

1. From "Roles and Tasks", select the main category "Groups", then select "Create Group".

2. Follow whatever procedures and guidelines your business has defined to fill out all information, and save it.

3. While still in Roles and Tasks, click Groups.

4. Select the subcategory "Modify Members of Groups". Note: For future reference, be very careful what you do under this task.

5. Browse or Search to the existing Group. This is the one that already has all the users, plus or minus a few, that you want the new group to have as members.

6. Click on the group, then click OK.

7. Under the General tab, click Group Memberships.

8. Change the dropdown box from Ignore to Add.

9. Either click the blue magnifying glass icon (Object Selector - Browser/Search icon) or type in the fully qualified name of the NEW, empty group you created earlier.

10. Click OK. The group should be added to the window under the Group Membership text box on the previous page.

11. Verify the above, and verify that a Count of 1 is displayed underneath.

12. Click OK again.

13. If prompted, affirm this action.

14. Confirm that the action is being performed. You should now see a status bar counting down the number of user objects, as they are being added to your new group.

15. When the status window closes, wait a minute or two, then delete and/or add the necessary user objects from the newly created group to have the desired membership.

16. Finally, wait just a bit, then check a random sampling of these users for proper membership. If your eDirectory is healthy, you are now done.

Environment

  • NetWare 6.x, including OES.
  • Only iManager 2.6 and later, including iManager running on a SLES server, has been tested.
  • Installations of iManager 2.5 have been reliably and widely reported to work, as well, if appropriate plug-ins are also installed.
  • Cautionary notes below apply to ConsoleOne 1.3.6f-g.

Example of Possible Problems Using ConsoleOne

If you are using ConsoleOne 1.3.6f, selecting a group and adding members to it will NOT properly set the "Security Equal To" attribute. Thus, if this group is meant to give rights to directories, it will fail in assigning these rights to group members. Reference TID 3091197.

As a side note, ConsoleOne 1.3.6h does not have this issue, and you can also, with mixed results, patch 1.3.6f with a jar file - again, refer to the TID.

Instead, regardless, why not always use iManager? It works flawlessly if you set it up properly.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell