Environment
Novell Client 2 SP3 for Windows
Situation
A login script for the OU may contain a statement such as:
IF MEMBER OF "GroupOne" THEN
MAP ROOT Z:=Server1\Vol2:\APPS\AppOne
END
Even though user "William" is a member of group "GroupOne", drive Z: is not mapped when the login script is executed.
When viewing the attributes of the user object (after completing an LDIF export using the Import Conversion Export Utility), inspection of the ACL properties reveal a missing #[Root]#groupMembership from the affected user. User "Susan" has the "#[Root]#groupMembership" attribute listed.
C:\test\William.ldif (10 hits)
Line 300: ACL: 6#entry#cn=William,ou=CORP,o=ABC#loginScript
Line 301: ACL: 6#entry#cn=William,ou=CORP,o=ABC#printJobConfiguration
Line 302: ACL: 3#entry#cn=William,ou=CORP,o=ABC#fullName
Line 303: ACL: 3#entry#cn=William,ou=CORP,o=ABC#appAssociations
Line 304: ACL: 3#subtree#cn=William,ou=CORP,o=ABC#iPrintiCMPrinterFlag
Line 306: ACL: 3#subtree#cn=William,ou=CORP,o=ABC#iPrintiCMPrinterList
Line 307: ACL: 3#subtree#cn=William,ou=CORP,o=ABC#iPrintiCMClientFlags
Line 308: ACL: 3#subtree#cn=William,ou=CORP,o=ABC#iPrintiCMClientProxy
Line 310: ACL: 3#subtree#cn=William,ou=CORP,o=ABC#iPrintiCMClientTrayU
Line 312: ACL: 3#subtree#cn=William,ou=CORP,o=ABC#iPrintiCMTrustedSite
C:\test\Susan.ldif (6 hits)
Line 277: ACL: 2#subtree#cn=Susan,ou=CORP,o=ABC#[All Attributes Rights]
Line 278: ACL: 6#entry#cn=Susan,ou=CORP,o=ABC#loginScript
Line 279: ACL: 2#entry#[Public]#messageServer
Line 280: ACL: 2#entry#[Root]#groupMembership
Line 281: ACL: 6#entry#cn=Susan,ou=CORP,o=ABC#printJobConfiguration
Line 282: ACL: 2#entry#[Root]#networkAddress
IF MEMBER OF "GroupOne" THEN
MAP ROOT Z:=Server1\Vol2:\APPS\AppOne
END
Even though user "William" is a member of group "GroupOne", drive Z: is not mapped when the login script is executed.
When viewing the attributes of the user object (after completing an LDIF export using the Import Conversion Export Utility), inspection of the ACL properties reveal a missing #[Root]#groupMembership from the affected user. User "Susan" has the "#[Root]#groupMembership" attribute listed.
C:\test\William.ldif (10 hits)
Line 300: ACL: 6#entry#cn=William,ou=CORP,o=ABC#loginScript
Line 301: ACL: 6#entry#cn=William,ou=CORP,o=ABC#printJobConfiguration
Line 302: ACL: 3#entry#cn=William,ou=CORP,o=ABC#fullName
Line 303: ACL: 3#entry#cn=William,ou=CORP,o=ABC#appAssociations
Line 304: ACL: 3#subtree#cn=William,ou=CORP,o=ABC#iPrintiCMPrinterFlag
Line 306: ACL: 3#subtree#cn=William,ou=CORP,o=ABC#iPrintiCMPrinterList
Line 307: ACL: 3#subtree#cn=William,ou=CORP,o=ABC#iPrintiCMClientFlags
Line 308: ACL: 3#subtree#cn=William,ou=CORP,o=ABC#iPrintiCMClientProxy
Line 310: ACL: 3#subtree#cn=William,ou=CORP,o=ABC#iPrintiCMClientTrayU
Line 312: ACL: 3#subtree#cn=William,ou=CORP,o=ABC#iPrintiCMTrustedSite
C:\test\Susan.ldif (6 hits)
Line 277: ACL: 2#subtree#cn=Susan,ou=CORP,o=ABC#[All Attributes Rights]
Line 278: ACL: 6#entry#cn=Susan,ou=CORP,o=ABC#loginScript
Line 279: ACL: 2#entry#[Public]#messageServer
Line 280: ACL: 2#entry#[Root]#groupMembership
Line 281: ACL: 6#entry#cn=Susan,ou=CORP,o=ABC#printJobConfiguration
Line 282: ACL: 2#entry#[Root]#networkAddress
Resolution
Add the missing #[Root]#groupMembership attribute.