Settings and Application show incorrectly in Local Cache

  • 7005813
  • 21-Apr-2010
  • 26-Apr-2012

Environment

Novell SecureLogin
NSL 6.1sp1
NSL settings configured on both Organization and eDirectory Group objects
"Stop walking here" set on group object
 

Situation

Sometimes NSL applications and settings do not show correctly on the workstation. 

Occasionally users will be able to do things that have been disabled (such as add applications).

"Manage logins" does not show all of the expected applications, and shows unexpected preferences.

Hitting "Refresh cache" will change the settings shown on the workstation, either restoring the expected apps and preferences if they were missing, or removing them if they were present.

Resolution

Remove the "stop walking here" setting from the group object. 

"Stop walking here" is designed as a setting for organization and organizational units.  It was not intended for use with groups.  Setting it on group objects may produce inconsistent results. 

Additional Information

Packet traces showed that in the "success" instances NSL queried the user object and then queried the group object for sso-entries and sso-security prefs.  In the failing instances NSL queried only the user object for sso-entries and sso-security prefs, but did not query the group object.  Interestingly, viewing preferences in SLManager showed that "stop walking here" was set to "yes" (on the user object) and that this setting was inherited from the group.  Because of the "stop walking here" setting NSL did not query past the user itself.