Nested group membership query returns old inherited group memberships

  • 3224506
  • 18-Jan-2008
  • 26-Apr-2012

Environment

Products:
Novell eDirectory 8.8 Support Pack 2
Novell Identity Manager 3.5.1

Configuration:
Nested groups

Situation

A user is member of a child group.
The child group is member of a parent group, so the user is automatically a member of the parent group.
When the user is removed from the child group, it should be automatically removed from the parent group, but a query for the group memberships of the parent group in an Identity Manager policy rule still returns the user.

Resolution

This has been reported to Engineering.

Status

Reported to Engineering

Additional Information

Steps to duplicate:
1. Create a normal group "group1"
2. Created a nested group "nested1" which contains nested group"nested11" which
in turn contains nested group "nested111"
3. Create a user "user1"
4. Make user1 a member of group1 and nested111
5. Check the group membership of user1 in iManager or ConsoleOne: user1 is member of
all 4 groups
6. Check the group membership of user1 in iMonitor: user1 is member of all 4 groups
7. Remove user1 from the group members of nested111
8. Check the group membership of user1 in iManager or ConsoleOne: user1 is only member of group1
9. Check the group membership of user1 in iMonitor: user1 is member of group1
and also still member of nested1 and nested11 (flag ="Present")
10. After a while, the nested1 and nested11 on user1 are cleaned up

Feedback service temporarily unavailable. For content questions or problems, please contact Support.