Solved

Nested groups over two directories are not working

Posted on 2011-02-16
6
785 Views
Last Modified: 2013-12-18
In our environment, we have two directories (names1.nsf and names2.nsf) and one directory assistance (da.nsf).
Now in the second directory (names2.nsf) we've a  group (azerty)  who has as member another group (qwerty, one from the first  directory names1.nsf).
The database authorization isn't working for members from the group qwerty (the group from names1.nsf).
Does anyone has a workaround for this problem.
I know that it's a known limitation.
Notes "When authorizing database access, a server can search a group that is nested in a group listed in a database ACL, and search a group nested in the nested group, and so on, as long as all the groups are located in the same directory."
0
Comment
Question by:clomb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 22

Assisted Solution

by:mbonaci
mbonaci earned 250 total points
ID: 34906096
AFAIK, there's no way around it.

Can I ask, why do you have two NABs?
0
 
LVL 31

Accepted Solution

by:
qwaletee earned 250 total points
ID: 34912229
Simply list both groups independently in the ACL.Alternatively, create a script so azerty is mirrored in the other directory.

"azerty..."  I guess you are French.
0
 

Author Comment

by:clomb
ID: 34913699
mbonaci,
We want two NAB for separating the groups.
One NAB is for all the persons and for the department (groups), the other is for creating groups that we'll use for our notes app or for our websphere portal.
Also the security is not the same for the two NAB's, the persons who may create new docs are not the same in both NAB's.
Plus extra advantages..............

qwaletee,
List both independently is not a solution, most of the time the two groups are the same.
In the ACL we only use groups, there fore we create for each app several groups.
The responsible can then update the groups and give the people extra rights.
Create a script is one of the possible solutions but we thought may be there is a solution with changing settings so that it isn't necessary to write a script.
PS I'm dutch
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 22

Expert Comment

by:mbonaci
ID: 34914073
Separating the groups in two NABs just because they are going to be used for different purposes is IMHO not a real reason for two NABs.
I would instead use some kind of prefix for group names, depending on their purpose/place of usage.

As far as security is concerned, I'd rather use Extended ACL then two NABs:

http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/topic/com.ibm.help.domino.admin85.doc/H_EXTENDED_ACLS_OVER.html

Which other advantages? Any crucial ones?
0
 
LVL 11

Expert Comment

by:larsberntrop
ID: 34916077
how is the directory assistence setup?
0
 

Author Comment

by:clomb
ID: 35082918
sorry for the late answer. But for avoiding problems, we've put everything (groups and persons) in one addressbook.

0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is an old article, please see an updated version of this article, located here: http://www.experts-exchange.com/articles/23619/Notes-8-5x-Windows-7-Notes-info-and-tips.html
I thought it will be a good idea to make a post as it will help in case someone else faces these issues. I trust this gives an idea how each entry in Notes.ini can mean a lot for the Domino Server to be functioning properly. This article discusses t…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question