I am having an issue with global queries on objects to populate
picklists or check for duplicate attributes like cn. All queries run
fine with a user that has viewing rights on the whole tree, but fails
for every other type of user.

Here's an example:

Say Bob is trying to request a new account and enters a CN. In the
form, a global query set to query the whole tree for the CN he entered
double checks to make sure an account doesn't already exist. If one
does, he's alerted to enter a different name, else the request proceeds
to the next step.

My question is what do I need to do to allow all users to have search
rights over CN without creating a security risk? I have search enabled
in my DAL on the CN attribute for User, but I have a feeling this is an
eDirectory setting instead. Can someone explain what I need to do for
this query to work for all users?

mlee22's Profile: http://forums.novell.com/member.php?userid=25018
View this thread: http://forums.novell.com/showthread.php?t=370769