ALERT! The community will be read-only starting on April 19, 8am Pacific as the migration begins. Read more for important details.
ALERT! The community will be read-only starting on April 19, 8am Pacific as the migration begins.Read more for important details.

Building Group Memberships in eDirectory

Absent Member.
Absent Member.
0 0 2,705
0 Likes

Problem



You have been tasked with creating an eDirectory group with membership identical to, or very similar to, a group that already exists. The members of the existing group, and your soon to be new group, numbers in the dozens or even hundreds of members. You certainly would rather not manually add each member to this new group.



You are aware of the issues with rights that using ConsoleOne 1.3.6f to accomplish this can entail. (See the example and TID reference below.) You do not have time to pursue LDIF or a 3rd-party utility solution, and/or management will not support you in doing so, even if the utility is free.



Solution



(STANDARD DISCLAIMER) Check eDir health on the replicas of the partition(s) holding the groups involved. Then, use iManager 2.6 or later, making sure it has the basic plugins installed, to complete the following steps.



First, you need to create the new group to which you need to add all those users. Please create this group using iManager.



1. From "Roles and Tasks", select the main category "Groups", then select "Create Group".

2. Follow whatever procedures and guidelines your business has defined to fill out all information, and save it.



3. While still in Roles and Tasks, click Groups.



4. Select the subcategory "Modify Members of Groups". Note: For future reference, be very careful what you do under this task.



5. Browse or Search to the existing Group. This is the one that already has all the users, plus or minus a few, that you want the new group to have as members.



6. Click on the group, then click OK.



7. Under the General tab, click Group Memberships.



8. Change the dropdown box from Ignore to Add.



9. Either click the blue magnifying glass icon (Object Selector - Browser/Search icon) or type in the fully qualified name of the NEW, empty group you created earlier.



10. Click OK. The group should be added to the window under the Group Membership text box on the previous page.



11. Verify the above, and verify that a Count of 1 is displayed underneath.



12. Click OK again.



13. If prompted, affirm this action.



14. Confirm that the action is being performed. You should now see a status bar counting down the number of user objects, as they are being added to your new group.



15. When the status window closes, wait a minute or two, then delete and/or add the necessary user objects from the newly created group to have the desired membership.



16. Finally, wait just a bit, then check a random sampling of these users for proper membership. If your eDirectory is healthy, you are now done.



Environment



  • NetWare 6.x, including OES.

  • Only iManager 2.6 and later, including iManager running on a SLES server, has been tested.
  • Installations of iManager 2.5 have been reliably and widely reported to work, as well, if appropriate plug-ins are also installed.

  • Cautionary notes below apply to ConsoleOne 1.3.6f-g.


Example of Possible Problems Using ConsoleOne



If you are using ConsoleOne 1.3.6f, selecting a group and adding members to it will NOT properly set the "Security Equal To" attribute. Thus, if this group is meant to give rights to directories, it will fail in assigning these rights to group members. Reference TID 3091197.



As a side note, ConsoleOne 1.3.6h does not have this issue, and you can also, with mixed results, patch 1.3.6f with a jar file - again, refer to the TID.



Instead, regardless, why not always use iManager? It works flawlessly if you set it up properly.

Tags (1)
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.