• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 790
  • Last Modified:

Nested groups over two directories are not working

In our environment, we have two directories (names1.nsf and names2.nsf) and one directory assistance (da.nsf).
Now in the second directory (names2.nsf) we've a  group (azerty)  who has as member another group (qwerty, one from the first  directory names1.nsf).
The database authorization isn't working for members from the group qwerty (the group from names1.nsf).
Does anyone has a workaround for this problem.
I know that it's a known limitation.
Notes "When authorizing database access, a server can search a group that is nested in a group listed in a database ACL, and search a group nested in the nested group, and so on, as long as all the groups are located in the same directory."
0
clomb
Asked:
clomb
2 Solutions
 
mbonaciCommented:
AFAIK, there's no way around it.

Can I ask, why do you have two NABs?
0
 
qwaleteeCommented:
Simply list both groups independently in the ACL.Alternatively, create a script so azerty is mirrored in the other directory.

"azerty..."  I guess you are French.
0
 
clombAuthor Commented:
mbonaci,
We want two NAB for separating the groups.
One NAB is for all the persons and for the department (groups), the other is for creating groups that we'll use for our notes app or for our websphere portal.
Also the security is not the same for the two NAB's, the persons who may create new docs are not the same in both NAB's.
Plus extra advantages..............

qwaletee,
List both independently is not a solution, most of the time the two groups are the same.
In the ACL we only use groups, there fore we create for each app several groups.
The responsible can then update the groups and give the people extra rights.
Create a script is one of the possible solutions but we thought may be there is a solution with changing settings so that it isn't necessary to write a script.
PS I'm dutch
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
mbonaciCommented:
Separating the groups in two NABs just because they are going to be used for different purposes is IMHO not a real reason for two NABs.
I would instead use some kind of prefix for group names, depending on their purpose/place of usage.

As far as security is concerned, I'd rather use Extended ACL then two NABs:

http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/topic/com.ibm.help.domino.admin85.doc/H_EXTENDED_ACLS_OVER.html

Which other advantages? Any crucial ones?
0
 
larsberntropCommented:
how is the directory assistence setup?
0
 
clombAuthor Commented:
sorry for the late answer. But for avoiding problems, we've put everything (groups and persons) in one addressbook.

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now