Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
bpedrant Absent Member.
Absent Member.
1259 views

Possible Database Issue and Policy inheritance issue

Hello all,

I have a single ZCM11.2.2 server. Local Sybase default install.

We have many users who are part of an eDirectory group to give them Win7 Admin rights.
It works for most of them, but several do not inherit our Admin DLU policy. This is verified from the server.
2 users in the same group, will show inconsistent results.

More interesting, if I browse to the "broken" user, I see the usual "Object type", "Login name", etc.
But, the "Administrator User Groups" is blank.

For a "Normal" user, the "Administrator User Groups" is never blank.


I have had an SR open since 10/15/12 (I don't want to point fingers, but we are getting desperate: SR#10797781611), but have not heard back on any steps I can try.
The tech hinted that it might be database corruption, and is "waiting for back-line engineers" to help.

Is there anything I can do to test/fix this issue?
My "/var/opt/novell/log/zenworks/loader-messages.log" does not show any scary messages besides "[Settings Module] [Unable to refresh the System Settings on the device.]"


Thanks,
Brian
Labels (2)
0 Likes
2 Replies
Micro Focus Expert
Micro Focus Expert

Re: Possible Database Issue and Policy inheritance issue

I pinged your Engineer.
Some things to check out if you have not done so....

Check the user to make sure the Group Listing shows.
Check the Group to make sure the User Shows.

While the SHOULD match, sometimes they may not and this could be the
source of some issues.

On 11/6/2012 4:06 PM, bpedrant wrote:
>
> Hello all,
>
> I have a single ZCM11.2.2 server. Local Sybase default install.
>
> We have many users who are part of an eDirectory group to give them
> Win7 Admin rights.
> It works for most of them, but several do not inherit our Admin DLU
> policy. This is verified from the server.
> 2 users in the same group, will show inconsistent results.
>
> More interesting, if I browse to the "broken" user, I see the usual
> "Object type", "Login name", etc.
> But, the "Administrator User Groups" is blank.
>
> For a "Normal" user, the "Administrator User Groups" is never blank.
>
>
> I have had an SR open since 10/15/12 (I don't want to point fingers,
> but we are getting desperate: SR#10797781611), but have not heard back
> on any steps I can try.
> The tech hinted that it might be database corruption, and is "waiting
> for back-line engineers" to help.
>
> Is there anything I can do to test/fix this issue?
> My "/var/opt/novell/log/zenworks/loader-messages.log" does not show any
> scary messages besides "[Settings Module] [Unable to refresh the System
> Settings on the device.]"
>
>
> Thanks,
> Brian
>
>



--
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner

Novell does not officially monitor these forums.

Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
bpedrant Absent Member.
Absent Member.

Re: Possible Database Issue and Policy inheritance issue

My engineer got back to me yesterday, asked me to use a 3rd party LDAP tool to check the user ZCM was using.
You know, the step I should have taken 3 weeks ago. 🙂

Lo and behold, that was the issue!
The ZCM browse user could see group membership for `almost` all of my users.
I changed the rights at the Tree level, to give it readonly access to the entire directory, and all works now.

But, the docs say to simply give it "readonly" to the directory, but what is really needed?
I am not all that comfortable to giving this proxy user full access to the directory.

Thanks,
Brian
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.