Could someone tell me how to get all roles from a user object?

Query for -nrfAssignedRoles-, does not give me the same amount of roles
as displayed in the Novell User Application. For example:

User has the following roles in Novell User Application:


Code:
--------------------

Compliance Administrator RBPM Service Manager 4A9D6QQ User Assigned to Role Completed
Provisioning Administrator RBPM Service Manager 4A9D6QQ User Assigned to Role Completed
Provisioning Manager RBPM Service Manager 4A9D6QQ User Assigned to Role Completed
RBPM Application Administrator RBPM Service Manager 4A9D6QQ User Assigned to Role Completed
Regular Employee Service Account Group Assigned to Role Completed
Resource Administrator Resource Administrators Group Assigned to Role Completed
Resource Manager Resource Administrators Group Assigned to Role Completed
Role Administrator RBPM Service Manager 4A9D6QQ User Assigned to Role Completed
Role Manager RBPM Service Manager 4A9D6QQ User Assigned to Role Completed
Security Administrator RBPM Service Manager 4A9D6QQ User Assigned to Role Completed

--------------------


Using an LDAP browser (Apache Directory Studio), viewing the same user
as above, it has the following attributes related to the roles:


Code:
--------------------

nrfAssignedRoles: cn=complianceAdmin,cn=System,cn=Level20,cn=RoleDef s,cn=Rol
eConfig,cn=AppConfig,cn=UserApplication,cn=IDVAULT ,ou=Identity Management,o
=System#0#<assignment><start_tm>20110408115448Z</start_tm><req>uid=4A9D6QQ,
ou=Services,ou=Identities,ou=Resources,o=ING</req><req_desc>Compliance admi
nistrator assignment request.</req_desc></assignment>

nrfAssignedRoles: cn=provAdmin,cn=System,cn=Level20,cn=RoleDefs,cn=R oleConfi
g,cn=AppConfig,cn=UserApplication,cn=IDVAULT,ou=Id entity Management,o=Syste
m#0#<assignment><start_tm>20110408115448Z</start_tm><req>uid=4A9D6QQ,ou=Ser
vices,ou=Identities,ou=Resources,o=ING</req><req_desc>Provisioning administ
rator assignment request.</req_desc></assignment>

nrfAssignedRoles: cn=provManager,cn=System,cn=Level20,cn=RoleDefs,cn =RoleCon
fig,cn=AppConfig,cn=UserApplication,cn=IDVAULT,ou= Identity Management,o=Sys
tem#0#<assignment><start_tm>20110408115448Z</start_tm><req>uid=4A9D6QQ,ou=S
ervices,ou=Identities,ou=Resources,o=ING</req><req_desc>Provisioning manage
r assignment request.</req_desc></assignment>

nrfAssignedRoles: cn=rbpmAdmin,cn=System,cn=Level20,cn=RoleDefs,cn=R oleConfi
g,cn=AppConfig,cn=UserApplication,cn=IDVAULT,ou=Id entity Management,o=Syste
m#0#<assignment><start_tm>20110408115447Z</start_tm><req>uid=4A9D6QQ,ou=Ser
vices,ou=Identities,ou=Resources,o=ING</req><req_desc>RBPM configuration ad
ministrator assignment request.</req_desc></assignment>

nrfAssignedRoles: cn=roleAdmin,cn=System,cn=Level20,cn=RoleDefs,cn=R oleConfi
g,cn=AppConfig,cn=UserApplication,cn=IDVAULT,ou=Id entity Management,o=Syste
m#0#<assignment><start_tm>20110408115448Z</start_tm><req>uid=4A9D6QQ,ou=Ser
vices,ou=Identities,ou=Resources,o=ING</req><req_desc>Role administrator as
signment request.</req_desc></assignment>

nrfAssignedRoles: cn=roleManager,cn=System,cn=Level20,cn=RoleDefs,cn =RoleCon
fig,cn=AppConfig,cn=UserApplication,cn=IDVAULT,ou= Identity Management,o=Sys
tem#0#<assignment><start_tm>20110408115447Z</start_tm><req>uid=4A9D6QQ,ou=S
ervices,ou=Identities,ou=Resources,o=ING</req><req_desc>Role manager assign
ment request.</req_desc></assignment>

nrfAssignedRoles: cn=secAdmin,cn=System,cn=Level20,cn=RoleDefs,cn=Ro leConfig
,cn=AppConfig,cn=UserApplication,cn=IDVAULT,ou=Ide ntity Management,o=System
#0#<assignment><start_tm>20110408115447Z</start_tm><req>uid=4A9D6QQ,ou=Serv
ices,ou=Identities,ou=Resources,o=ING</req><req_desc>RBPM Security administ
rator assignment request.</req_desc></assignment>

nrfDynamicGroupMembership: cn=Resource Administrators,ou=User Application,ou=Identity Vault,ou=Services,o=ING

nrfDynamicGroupMembership: cn=Service Account,ou=Framework,ou=Resources,o=ING

nrfGroupRoles: cn=Regular Employee,cn=Level30,cn=RoleDefs,cn=RoleConfig,cn=A
ppConfig,cn=UserApplication,cn=IDVAULT,ou=Identity Management,o=System#0#<a
ssignment><start_tm>20110728081808Z</start_tm><cause><group>cn=Service Acco
unt,ou=Framework,ou=Resources,o=ING</group></cause></assignment>

nrfGroupRoles: cn=resourceAdmin,cn=System,cn=Level20,cn=RoleDefs, cn=RoleConf
ig,cn=AppConfig,cn=UserApplication,cn=IDVAULT,ou=I dentity Management,o=Syst
em#0#<assignment><start_tm>20110502084857Z</start_tm><cause><group>cn=Resou
rce Administrators,ou=User Application,ou=Identity Vault,ou=Services,o=ING<
/group></cause></assignment>

nrfGroupRoles: cn=resourceManager,cn=System,cn=Level20,cn=RoleDef s,cn=RoleCo
nfig,cn=AppConfig,cn=UserApplication,cn=IDVAULT,ou =Identity Management,o=Sy
stem#0#<assignment><start_tm>20110502084857Z</start_tm><cause><group>cn=Res
ource Administrators,ou=User Application,ou=Identity Vault,ou=Services,o=IN
G</group></cause></assignment>

nrfMemberOf: cn=complianceAdmin,cn=System,cn=Level20,cn=RoleDef s,cn=RoleConf
ig,cn=AppConfig,cn=UserApplication,cn=IDVAULT,ou=I dentity Management,o=System

nrfMemberOf: cn=provAdmin,cn=System,cn=Level20,cn=RoleDefs,cn=R oleConfig,cn=
AppConfig,cn=UserApplication,cn=IDVAULT,ou=Identit y Management,o=System

nrfMemberOf: cn=provManager,cn=System,cn=Level20,cn=RoleDefs,cn =RoleConfig,c
n=AppConfig,cn=UserApplication,cn=IDVAULT,ou=Ident ity Management,o=System

nrfMemberOf: cn=rbpmAdmin,cn=System,cn=Level20,cn=RoleDefs,cn=R oleConfig,cn=
AppConfig,cn=UserApplication,cn=IDVAULT,ou=Identit y Management,o=System

nrfMemberOf: cn=Regular Employee,cn=Level30,cn=RoleDefs,cn=RoleConfig,cn=A pp
Config,cn=UserApplication,cn=IDVAULT,ou=Identity Management,o=System

nrfMemberOf: cn=resourceAdmin,cn=System,cn=Level20,cn=RoleDefs, cn=RoleConfig
,cn=AppConfig,cn=UserApplication,cn=IDVAULT,ou=Ide ntity Management,o=System

nrfMemberOf: cn=resourceManager,cn=System,cn=Level20,cn=RoleDef s,cn=RoleConf
ig,cn=AppConfig,cn=UserApplication,cn=IDVAULT,ou=I dentity Management,o=Syst
em

nrfMemberOf: cn=roleAdmin,cn=System,cn=Level20,cn=RoleDefs,cn=R oleConfig,cn=
AppConfig,cn=UserApplication,cn=IDVAULT,ou=Identit y Management,o=System

nrfMemberOf: cn=roleManager,cn=System,cn=Level20,cn=RoleDefs,cn =RoleConfig,c
n=AppConfig,cn=UserApplication,cn=IDVAULT,ou=Ident ity Management,o=System

nrfMemberOf: cn=secAdmin,cn=System,cn=Level20,cn=RoleDefs,cn=Ro leConfig,cn=A
ppConfig,cn=UserApplication,cn=IDVAULT,ou=Identity Management,o=System


--------------------


As you can see, we are using -dynamicGroups -and normal Role
assignments to assign a role to a user.

Now my question is: How do I get all Roles, knowing the above, so that
I can revoke/remove them?

Need more information, please ask!


--
ttimmers
------------------------------------------------------------------------
ttimmers's Profile: http://forums.novell.com/member.php?userid=26810
View this thread: http://forums.novell.com/showthread.php?t=442783