ACL Reset Version 5.0

I helped a customer who needed to reset the four default ACL's on all 7000 of their users back to the defaults. This perl program creates an LDIF which accomplishes this task.

Here are the steps you need to follow:

On Linux, Perl is installed by default.
On Windows, you'll have to install Perl. I prefer the one from

1. Create input file with all the user DN's
ldapsearch -h shiloh -b "o=novell" "objectclass=inetorgperon" dn > users
2. Create the LDIF that adds the default ACL's
perl users acl.ldif
3. Import the acl.ldif file
ldapmodify -h shiloh -D "cn=admin,o=novell" -w novell -f acl.ldif

On Linux, ldapsearch and ldapmodify are installed by default.
On Windows, both of these commands are available in sys:Public\mgmt\ConsoleOne\1.2\bin.

If some of the default ACL's are present, add the -c switch to the ldapmodify command. It will continue processing the ldif even if duplicate values are found.

Changes in 5.0:

Previously, the DN's had to be separated by exactly one line. In 5.0, this restriction has been removed. The DN's can be separated by any number of lines. In addition, they don't need to be separated at all.


Comment List
Related Discussions