Users and groups in Novell eDirectory

Novell eDirectory defines the objectclassesUser and Group as part of its base schema. Instances of the objectclasses are created when an eDirectory administrator defines a user or a group.

Both of these objectclasses are defined by eDirectory as leaf nodes. eDirectory adds an attribute X-NDS_NOT_CONTAINER '1' to each of these objectclass definitions that specifies they are not container objects. Objects that are not specified as container objects cannot be defined beneath instances of these objectclasses.

Security Verify Access requires the ability to append its own objects beneath pre-existing eDirectory users and groups to import them and make them usable by ISAM. When ISAM adds its own objectclass definitions to the eDirectory schema, it also redefines the eDirectory User and Group objectclasses to allow instances of these classes to be container objects. Novell eDirectory allows this change to its schema definition. The following Novell eDirectory administrator actions cause the ISAM modification to the User objectclass to be undone. The Group objectclass is not affected.

If it is necessary to perform any of these operations after Security Verify Access is configured into the eDirectory server, run the following Security Verify Access utility immediately to ensure the definition of the User objectclass is restored.

ivrgy_tool -h host -p port -D dn -w password schema

where:

The ivrgy_tool.exe is in the sbin subdirectory. For example:

We must run this utility from the sbin directory because ISAM does not add the sbin directory to the system PATH. For information about this utility, see the Reference topics in the IBM Knowledge Center.

Parent topic: Novell eDirectory installation