Re: default ACL Templates in Schema
Miguel
> Miguel wrote:
>
>> In ConsoleOne the user objects appear on the left side along with the
>> containers but if I click on one container they are also shown on the
>> left side as usual.
>
> Check the container's object class definitions first, by either
> exporting the container (it and not its childen) via LDAP and look at
> its objectclass or lookup using dsbrowse.
Hi Peter,
Using Dsbrowse-going to Schema Browse-Class Definitions, if I select the
'container' object and try to view its attributes there is nothing shown
on the screen, the list is empty.
I tried to create a container object and the result is the same as
creating a new user object: default rights are not applied.
What can I do to restore the default assignments?
Thanks in advance.
Miguel
we began experimenting an issue with the edir schema as far as I could
discover.
If we create a new user or context the default ACL rights,the User object
itself, [Public] and [Root],are not applied. I've confirmed this with
DSbrowse on the server holding the master root partition, going deep into
schema and the user object shows no default rights.
A DSrepair shows no schema errors and dstrace shows schema is
synchronized...
I've run a Rebuild Operational Schema with no success.
In ConsoleOne the user objects appear on the left side along with the
containers but if I click on one container they are also shown on the
left side as usual.
it.
Thanks.
Peter Kuo
> In ConsoleOne the user objects appear on the left side along with the
> containers but if I click on one container they are also shown on the
> left side as usual.
Check the container's object class definitions first, by either exporting
the container (it and not its childen) via LDAP and look at its
objectclass or lookup using dsbrowse.
--
Peter
eDirectory Rules!
http://www.DreamLAN.com
Peter Kuo
the class definitions or not - look for [Root Template] entries, mostly.
To add them, basically need to do a reverse of what this TID described:
Miguel
Sorry , I forgot to mention:
We have NW65sp7 with edir 8.8sp2 and a few remote servers with NW6.0sp4
and edir 8.7.3. All of our master replicas are on edir 8.8sp2
Peter Kuo
> I have some remote nw6.0 sp4 servers with edir 8.6.2, would a rebuild
> op schema help me out? Do i need a replica of [root] on this server?
Schema is server-specific so I am not entirely sure if this is going to
help. (And [Root] or any other replica doesn't matter since Schema has its
own "partition". It used to be that schema changes are made to the server
holding Master of [Root] but these days they go to any R/W of [Root] and
then sync's out but in the case about rebuilding op schema, I can't be
sure if its local or not.) As a matter of fact, it /may/ (only may, and
not will) cause schema inconsistency instead.
Again, if you can add another server (with edir 8.6.2) to your test setup,
you can try it out first.
Peter Kuo
ldapgadget -m list
to get a list of what's available; for the Schema Tools, use
ldapgadget -m schema-tool
Oh, just occurred to me - sorry, you need to grab the "Gadgets" link.
Peter Kuo
unfortunately, thus making it difficult for me to do a comparison. If you
can, grab the ldapGadgets (http://www.dreamlan.com/downloads.html) and in
there is a freeware license of Schema Tools. Use it to either generate a
HTML report using your exported LDIF (of the one record), or report on all
classes and syntax. The output is much easier to read.
And, I'd suggest you set up a standalone test server and check its schema
the same way and compare the two inetOrgperson classes.
The nice thing of having this test server is that you can test your ldif
on it before applying to your live tree.