Cool Solutions

Mass Updates to Individual Trustee Assignments


November 14, 2007 8:19 am





A Forum reader recently asked:

“Apparently a long time ago we granted users the ability to modify their own telephone numbers and other attributes that belonged to them. Now I want to get rid of that (we’re going to use UserApp, and the [This] object will work better).

Is there a way to change the individual trustee assignments without going through them one by one? I know we did it in the past, I just cannot remember how …”

And here’s the response from Aaron Burgemeister …


That should be fairly simple. Each ACL will look very distinct in its

dn: cn=admin,dc=user,dc=system
acl: 6#entry#cn=admin,dc=user,dc=system#telephonenumber

This is just an example, and I guessed at the attribute name – but this is the basic idea. The first numeral (maybe not 6 in real life … I didn’t check) is the right and should be the same for all your users for Modify or Write, or whatever right you have granted. The second part is ‘entry’ or ‘subtree’ and will probably be ‘entry’ for you. The third field is (tada) your DN again. The last is the attribute itself, whatever that is (check from one of your real users).

So with a simple search/replace (regex really), you should be able to do what you need by just exporting the DNs for all users in your tree. You’ll end up with something like this:

dn: cn=user0,o=context
dn: cn=user1,o=context
dn: cn=user2,o=context

Now just replace everything after the DN with:

changetype: modify
delete: acl
acl: 6#entry#theStuffAfterTheDN#telephonenumber

The regex is needed to get ‘theStuffAfterTheDN’ to be cn=user0,o=context
or cn=user1,o=context, etc.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Loading ... Loading ...

Categories: Uncategorized

Disclaimer: This content is not supported by Novell. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.