Additional values seen for group membership on user objects after upgrade to eDirectory 8.8 SP2

  • 3903279
  • 03-Mar-2008
  • 27-Apr-2012

Environment

Novell NetWare 6.5 Support Pack 7
Novell eDirectory 8.8.2 for NetWare 6.5

Situation

- Additional values seen for group membership on user objects after upgrade to eDirectory 8.8 SP2

- Dsbrowse does not show the extra group memberships.

- iMonitor, iManager and Console One show additional unwanted group membership values.

- Zenworks Policies/NAL failing during client login process

- Some existing groups had a group membership attribute populated with values pointing to user objects or other groups.

ConsoleOne or iManager will not allow user objects to be added as values for the group membership attribute.
This condition is, however, possible if the group memberships have been generated through an ldif file/ICE import or an incorrectly configured IDM Driver.

Resolution

This issue can be resolved by removing the undesired group membership attribute values from the affected group objects.

Additional Information

eDirectory 8.8 SP2 supports grouping of groups so therefore provides a more structured form of grouping. This feature is called Nested Groups. Currently, nesting is allowed for static groups.