kkbass1 Absent Member.
Absent Member.
1970 views

Novell product one time audit

I need to run a one time audit (licensing/rights/users/etc) against an eDirectory/OES-Linux/GroupWise system. Since this is just a one time run doing it with Sentinal seems like it might be a bit of overkill (and they are not interested in ongoing). What do you recommend (free or built into the current products) for pulling that information these days?

LMS Assistant @ http://www.novell.com/licensing/lms/tools.html doesn't seem to exist anymore. I remember using that quite a bit for licensing audits, but not seeing it now.

On Netware I remember running trustee.nlm & a few other nlms to pull rights/trustee reports, but don't remember what to run on OES-Linux. I especially need to track down issues where users/groups have far more rights than they should.

For Groupwise 12 & earlier I recall how to pull reports such as user total, mailbox usage, etc using C1, however not familiar with doing any of that in 2014. Would be nice to pull a report for datasync/mobility to see which users are using it & devices associated too.

They have zenworks zcm11.2, but a spotcheck for the client & looking at the server for agent installs show it deployed no where.

I am guessing there are better/easier ways to run such a 1 time audit these days?

Thanks!

-- http://abeNd.org - Novell News for IT Professionals
Labels (2)
0 Likes
4 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Novell product one time audit

On 09/04/2015 01:46 PM, kkbass wrote:
>
> I need to run a one time audit (licensing/rights/users/etc) against an
> eDirectory/OES-Linux/GroupWise system. Since this is just a one time run
> doing it with Sentinal seems like it might be a bit of overkill (and
> they are not interested in ongoing). What do you recommend (free or
> built into the current products) for pulling that information these
> days?


Sentinel isn't the right tool, as it captures event-based data. You'd
need to grant all rights, create all users (or setup the Identity Tracking
driver as part of IDM), etc. so that Sentinel could pick up those events.
Yes, overkill. Counting users, and seeing their rights, can be easily
done via LDAP, though what you make of the results may be in question. It
could help to better-understand the end goal.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
kkbass1 Absent Member.
Absent Member.

Re: Novell product one time audit

> It could help to better-understand the end goal.
Rights - need to get a list of rights/trustees for all the NSS volumes (trustee.nlm & such were great back in the netware days, I don't know what is used these days)
Users - need to get an output of all users in the tree & last login

> Counting users, and seeing their rights, can be easily done via LDAP
This would be a nice start from the sounds of it, is there a tid/cool solution/etc on it?

-- http://abeNd.org - Novell News for IT Professionals
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Novell product one time audit

On 09/08/2015 05:56 PM, kkbass wrote:
>
> Rights - need to get a list of rights/trustees for all the NSS volumes
> (trustee.nlm & such were great back in the netware days, I don't know
> what is used these days)
> Users - need to get an output of all users in the tree & last login


I'm not an expert on NSS, so there may be a way with the command line
(ncpcon?) to export ACLs stored in the filesystem. Alternatively, there
is, at the root of every NSS (or maybe NCP) volume, a ._NETWARE directory
as I recall, and in there is a trustee.xml (or similar) file. Checking
that may have good information, but again, just guessing.

>> Counting users, and seeing their rights, can be easily done via LDAP

> This would be a nice start from the sounds of it, is there a tid/cool
> solution/etc on it?


All users and their last login times could be grabbed via LDAP very
easily. While the output will be in LDIF format, this should be what you
want if run from any server in the tree, substituting your own admin
user's DN (in LDAP format) and entering that user's password when prompted:


ldapsearch -x -D cn=admin,o=novell -W 'objectClass=user' loginTime


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
HvdHeuvel Absent Member.
Absent Member.

Re: Novell product one time audit

On Tue, 08 Sep 2015 23:56:02 +0000, kkbass wrote:

>> It could help to better-understand the end goal.

> Rights - need to get a list of rights/trustees for all the NSS volumes
> (trustee.nlm & such were great back in the netware days, I don't know
> what is used these days)
> Users - need to get an output of all users in the tree & last login
>
>> Counting users, and seeing their rights, can be easily done via LDAP

> This would be a nice start from the sounds of it, is there a tid/cool
> solution/etc on it?
>
>
> --


To collect NSS the file system rights, you have some great cli tools to
you disposal. Just remember they do the NSS file system, not posix.


<snip/>
Usage: rights [OPTIONS]
rights [ROPTIONS] trustee USERNAME
rights [FOPTIONS] delete USERNAME
rights [ROPTIONS] irf
rights [FOPTIONS] effective [USERNAME]
rights [FOPTIONS] inherited USERNAME
rights [FOPTIONS] show

The action to be taken is indicated by the first argument
trustee : Add or modify a trustee on a file/directory
delete : Remove a trustee from a file/directory
irf : Set the inherited rights filter on a directory
effective : Display a user's effective rights
inherited : Display the inheritance for a user to a file
show : Display the trustees and inherited rights filter
</snip>

Thanks
Hans


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.