We have a hierarchical eDir tree that we use to manage our pc logins.
Each container contains many of the same groups. I would like to use
one group membership (say something like SUPERVISOR) that is located in
each container along with the Entitlement driver to populate Active
Directory.

If I create the entitlement membership filter to say:

Object Class is equal User
and
Group Membership is equal CN=SUPERVISORS,OU=UTAH,O=COM

The entitlement works and the user is populated into Active Directory.
What Iíd like to do is something like:

Object Class is equal User
and
Group Membership is equal CN=SUPERVISORS,*

So that I wouldnít need to setup a membership for each individual
group. Obviously this set of criteria doesnít work (I tried I
havenít hand a lot of luck finding a solution to this problem.

I could setup multiple Criteria Groups add each groupís fully qualified
name to the membership filter. We have something like 130-ish locations
and I can see it being a problem to maintain the information long
term.

Does anyone know if there is a way to create this sort of a membership
without having to resort to adding each group to the driver? Would it
make more sense to use something like a single group at the root of the
tree to entitle access to Active Directory and then use a Loopback or
Null driver to add users to this group based of their individual
membership?


--
acojon
------------------------------------------------------------------------
acojon's Profile: http://forums.novell.com/member.php?userid=19804
View this thread: http://forums.novell.com/showthread.php?t=338004