Environment
Products:
Novell eDirectory 8.8 Support Pack 2
Novell Identity Manager 3.5.1
Configuration:
Nested groups
Novell eDirectory 8.8 Support Pack 2
Novell Identity Manager 3.5.1
Configuration:
Nested groups
Situation
A user is member of a child group.
The child group is member of a parent group, so the user is automatically a member of the parent group.
When the user is removed from the child group, it should be automatically removed from the parent group, but a query for the group memberships of the parent group in an Identity Manager policy rule still returns the user.
The child group is member of a parent group, so the user is automatically a member of the parent group.
When the user is removed from the child group, it should be automatically removed from the parent group, but a query for the group memberships of the parent group in an Identity Manager policy rule still returns the user.
Resolution
This has been reported to Engineering.
Status
Reported to EngineeringAdditional Information
Steps to duplicate:
1. Create a normal group "group1"
2. Created a nested group "nested1" which contains nested group"nested11" which
in turn contains nested group "nested111"
3. Create a user "user1"
4. Make user1 a member of group1 and nested111
5. Check the group membership of user1 in iManager or ConsoleOne: user1 is member of
all 4 groups
6. Check the group membership of user1 in iMonitor: user1 is member of all 4 groups
7. Remove user1 from the group members of nested111
8. Check the group membership of user1 in iManager or ConsoleOne: user1 is only member of group1
9. Check the group membership of user1 in iMonitor: user1 is member of group1
and also still member of nested1 and nested11 (flag ="Present")
10. After a while, the nested1 and nested11 on user1 are cleaned up
1. Create a normal group "group1"
2. Created a nested group "nested1" which contains nested group"nested11" which
in turn contains nested group "nested111"
3. Create a user "user1"
4. Make user1 a member of group1 and nested111
5. Check the group membership of user1 in iManager or ConsoleOne: user1 is member of
all 4 groups
6. Check the group membership of user1 in iMonitor: user1 is member of all 4 groups
7. Remove user1 from the group members of nested111
8. Check the group membership of user1 in iManager or ConsoleOne: user1 is only member of group1
9. Check the group membership of user1 in iMonitor: user1 is member of group1
and also still member of nested1 and nested11 (flag ="Present")
10. After a while, the nested1 and nested11 on user1 are cleaned up