I posted this on the eDir forum as well but felt that you guys would
have a different slant on the matter.

I have a fairly typical eDir 8.8 tree based on the Departmental model.
Each user has an object in their departmental container.
Some users require access to resources in a second department.

I would like to allocate these resources to the container and, somehow,
let the user object pick up these resources from their parent container
and the secondary one.

For example :
Container ou=Dept1 has the following assigned resources

Container ou=Dept2 has the following assigned resources

User cn=User1,ou=Dept1 is in Department Dept1 so inherits all the
resources defined for that container.

When cn=User1,ou=Dept1 requires the resources of Dept2 as well, how do
I give these to them ?

I do not want to use groups. I want to use inheritance or something
similar if possible. For example, making cn=User1,ou=Dept1 security
equivalent to Dept2 gives that user access to the file system that Dept2
has access to.

To illustrate the problem, if an alias to cn=User1,ou=Dept1 is created
in Dept2, the alias will pick up all the applications in the ou=Dept2
branch of the tree, whereas the cn=User1,ou=Dept1 will pick up the
applications in the ou=Dept1 branch of the tree. This, of course, is
working as designed. How do I make it so that it can produce a list of
applications that is the total of both branches ?

The solution to this would be implemented in IDM. That, I think, is the
easy bit !

Many Thanks for your thoughts.

chall's Profile: http://forums.novell.com/member.php?userid=34675
View this thread: http://forums.novell.com/showthread.php?t=413522