We recently upgraded almost all of our eDirectory environments to
8.8.6.4 64 bit on Redhat Enterprise Linux 64 bit. We finally made the
jump from eDirectory 8.7.3.10 directly to this version.

All of our trees are purely LDAP trees and i wanted to remove some of
the default templates ACLS that are create when a new user is created to
save space in the directory and tune the tree a bit. We also want to add
a default ACL so that any group created will have read rights to itself
by default.

After reading a TID on default ACL templates i attemped to export
inetorgperson per the TID and the default template information was
missing from the schema entry.

This scared me as we just did an upgrade and i immediately went and
created a new user to see if the default ACLS did get created...<whew>
they did. So the settings are in the directory but are not exported in
the LDIF. I went over and tested the same query with an eDirectory
8.7.3.10 server and the results were as expected from the TID.

Can anyone provide some insight to the delima here

Below are the results from a eDirectory 8.8.6.4 server and i did test
this on every tree and server we have with the exact same results if
they were upgraded to the current version of 8.8.6.4 64 bit on Redhat
Enterprise Linux 5 64 bit

-bash-3.2$ /opt/novell/eDirectory/bin/ldapsearch -h 127.0.0.1 -p 636 -e
/opt/eDirectory/certs/XXXXX.der -s base -b cn=schema
objectclasses=inetorgperson
version: 1

#
# filter: objectclasses=inetorgperson
# requesting: ALL
#

# schema
dn: cn=schema
objectClasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' SUP
organization
alPerson STRUCTURAL MAY ( groupMembership $ ndsHomeDirectory $
loginAllowedTi
meMap $ loginDisabled $ loginExpirationTime $ loginGraceLimit $
loginGraceRem
aining $ loginIntruderAddress $ loginIntruderAttempts $
loginIntruderResetTim
e $ loginMaximumSimultaneous $ loginScript $ loginTime $
networkAddressRestri
ction $ networkAddress $ passwordsUsed $ passwordAllowChange $
passwordExpira
tionInterval $ passwordExpirationTime $ passwordMinimumLength $
passwordRequi
red $ passwordUniqueRequired $ printJobConfiguration $ privateKey $
Profile $
publicKey $ securityEquals $ accountBalance $ allowUnlimitedCredit $
minimum
AccountBalance $ messageServer $ Language $ ndsUID $ lockedByIntruder
$ serve
rHolds $ lastLoginTime $ typeCreatorMap $ higherPrivileges $
printerControl $
securityFlags $ profileMembership $ Timezone $ audio $
businessCategory $ ca
rLicense $ departmentNumber $ employeeNumber $ employeeType $
givenName $ hom
ePhone $ homePostalAddress $ initials $ jpegPhoto $ labeledUri $ mail
$ manag
er $ mobile $ pager $ ldapPhoto $ preferredLanguage $ roomNumber $
secretary
$ uid $ userCertificate $ userSMIMECertificate $ x500UniqueIdentifier
$ displ
ayName $ userPKCS12 $ sASServiceDN $ sASSecretStore $
sASSecretStoreKey $ sAS
SecretStoreData $ sASPKIStoreKeys $ nDSPKIUserCertificateInfo $
nDSPKIKeystor
e $ rADIUSActiveConnections $ rADIUSAttributeLists $
rADIUSConcurrentLimit $
rADIUSConnectionHistory $ rADIUSDefaultProfile $ rADIUSDialAccessGroup
$ rADI
USEnableDialAccess $ rADIUSPassword $ rADIUSServiceList $
sssProxyStoreKey $
sssProxyStoreSecrets $ sssServerPolicyOverrideDN $
iPrintiCMPrinterFlags $ iP
rintiCMPrinterList $ iPrintiCMClientFlags $ iPrintiCMClientProxyURI $
iPrinti
CMClientTrayURI $ nDPSControlFlags $ nDPSDefaultPrinter $
nDPSDefaultPublicPr
inter $ nDPSPrinterInstallList $ nDPSPublicPrinterInstallList $
nDPSPrinterIn
stallTimestamp $ nDPSReplaceAllClientPrinters $ userPassword $
nisUserGroupDo
main $ o $ nRDRegistryData $ nRDRegistryIndex $ nrmGroupMonitorData )
)

# search result
# search: 2
# result: 0 Success

# numResponses: 2
# numEntries: 1


--
Dieseloreo
------------------------------------------------------------------------
Dieseloreo's Profile: http://forums.novell.com/member.php?userid=36110
View this thread: http://forums.novell.com/showthread.php?t=449619