Users and groups in Novell eDirectory
Novell eDirectory defines the objectclassesUser and Group as part of its base schema. Instances of the objectclasses are created when an eDirectory administrator defines a user or a group.
Both of these objectclasses are defined by eDirectory as leaf nodes. eDirectory adds an attribute X-NDS_NOT_CONTAINER '1' to each of these objectclass definitions that specifies they are not container objects. Objects that are not specified as container objects cannot be defined beneath instances of these objectclasses.
Security Verify Access requires the ability to append its own objects beneath pre-existing eDirectory users and groups to import them and make them usable by ISAM. When ISAM adds its own objectclass definitions to the eDirectory schema, it also redefines the eDirectory User and Group objectclasses to allow instances of these classes to be container objects. Novell eDirectory allows this change to its schema definition. The following Novell eDirectory administrator actions cause the ISAM modification to the User objectclass to be undone. The Group objectclass is not affected.
- Running the eDirectory database repair tool, ndsrepair by using the rebuild schema option.
- Running Basic Repair from the iManager console and running local database repair using the rebuild operational schema option.
- Apply a patch update to Novell eDirectory.
- Upgrade Novell eDirectory to a more recent version.
If it is necessary to perform any of these operations after Security Verify Access is configured into the eDirectory server, run the following Security Verify Access utility immediately to ensure the definition of the User objectclass is restored.
ivrgy_tool -h host -p port -D dn -w password schemawhere:
- host
- LDAP server (Novell eDirectory) host name, which is required.
- port
- LDAP server (Novell eDirectory) port number.
- dn
- LDAP server (Novell eDirectory) bind distinguished name.
- password
- LDAP server (Novell eDirectory) bind password.
- schema
- Name of the Novell eDirectory schema file.
The ivrgy_tool.exe is in the sbin subdirectory. For example:
- On Windows systems: d:\Program Files\Tivoli\Policy Director\sbin
- On AIX, Linux®, or Solaris systems: /opt/PolicyDirector/sbin
We must run this utility from the sbin directory because ISAM does not add the sbin directory to the system PATH. For information about this utility, see the Reference topics in the IBM Knowledge Center.
Parent topic: Novell eDirectory installation